Simpler Navigation for Servers and Operating Systems
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
Operating System - OpenVMS
cancel
Showing results for 
Search instead for 
Did you mean: 

SSH Server goes South

Clark Powell
Frequent Advisor

SSH Server goes South

HP TCP/IP Services for OpenVMS Alpha Version V5.6 - ECO 5 on an AlphaServer ES40 running OpenVMS V8.3

One day, out of the blue, the SSH server on one of the nodes quits working. Logins rejected immediately. The run log only has this message:

%DCL-E-NOCMDPROC, error opening captive command procedure - access denied

Protections on those files that get run, TCPIP$SSH_DEVICE:LOGIN.COM & TCPIP$SYSTEM:TCPIP$SSH_RUN.COM, are
(RWED,RWED,RE,RE)

If we remove the restricted from the account that runs SSH, we can log in and the log indicates that LOGIN.COM does get run first and then TCPIP$SYSTEM:TCPIP$SSH_RUN.COM. Both files are executed without error so they are readable by the SSH account but there is something that makes OpenVMS reject the LOGIN.COM when the account is restricted.

I almost forgot to mention, the other node in the cluster has no problem with SSH. Both nodes use the same SSH account but have separate system disks with separate SSH files. We can find no differences in the files especially in protection.

any ideas?

thanks
Clark Powell
2 REPLIES
Shriniketan Bhagwat
Trusted Contributor

Re: SSH Server goes South

Hi,

The similar topic was discussed in the below thread.

http://h30499.www3.hp.com/t5/System-Management/dcl-e-nocmdproc-error/m-p/5002618#M34143


Also refer the online help for the error message DCL-E-NOCMDPROC.

NOCMDPROC, error opening captive command procedure - access denied

Facility: CLI, Command Language Interpreter (DCL)

Explanation: When you attempted to log in, you failed because you have a
captive account and DCL received an error during the login.
For example, DCL could not find your LOGIN.COM file. You
may also have incorrect protection on the system's SYLOGIN
file (SYS$MANAGER:SYLOGIN.COM or /SYSTEM/EXEC logical). The
system's SYLOGIN file must be protected with at least WORLD:E
access to the file and the directory that contains it.

User Action: See your system manager.


Regards,
Ketan

Highlighted
Clark Powell
Frequent Advisor

Re: SSH Server goes South

One might overlook the SYLOGIN.COM file if there are no other indications of a protection error and there wasn't but, in this case, it seems that the SYLOGIN.COM with no world access was the problem.

thanks
Clark Powell