HPE Community
Operating System - OpenVMS
1829134 Members
2652 Online
109986 Solutions
New Discussion

Re: SSH Server goes South

 
Clark Powell
Frequent Advisor

‎05-24-2011 03:24 PM

‎05-24-2011 03:24 PM

SSH Server goes South

HP TCP/IP Services for OpenVMS Alpha Version V5.6 - ECO 5 on an AlphaServer ES40 running OpenVMS V8.3

One day, out of the blue, the SSH server on one of the nodes quits working. Logins rejected immediately. The run log only has this message:

%DCL-E-NOCMDPROC, error opening captive command procedure - access denied

Protections on those files that get run, TCPIP$SSH_DEVICE:LOGIN.COM & TCPIP$SYSTEM:TCPIP$SSH_RUN.COM, are
(RWED,RWED,RE,RE)

If we remove the restricted from the account that runs SSH, we can log in and the log indicates that LOGIN.COM does get run first and then TCPIP$SYSTEM:TCPIP$SSH_RUN.COM. Both files are executed without error so they are readable by the SSH account but there is something that makes OpenVMS reject the LOGIN.COM when the account is restricted.

I almost forgot to mention, the other node in the cluster has no problem with SSH. Both nodes use the same SSH account but have separate system disks with separate SSH files. We can find no differences in the files especially in protection.

any ideas?

thanks
Clark Powell
0 Kudos
2 REPLIES 2
Shriniketan Bhagwat
Trusted Contributor

‎05-24-2011 07:37 PM - last edited on ‎08-08-2011 01:49 PM by

‎05-24-2011 07:37 PM - last edited on ‎08-08-2011 01:49 PM by

Re: SSH Server goes South

Hi,

The similar topic was discussed in the below thread.

http://h30499.www3.hp.com/t5/System-Management/dcl-e-nocmdproc-error/m-p/5002618#M34143


Also refer the online help for the error message DCL-E-NOCMDPROC.

NOCMDPROC, error opening captive command procedure - access denied

Facility: CLI, Command Language Interpreter (DCL)

Explanation: When you attempted to log in, you failed because you have a
captive account and DCL received an error during the login.
For example, DCL could not find your LOGIN.COM file. You
may also have incorrect protection on the system's SYLOGIN
file (SYS$MANAGER:SYLOGIN.COM or /SYSTEM/EXEC logical). The
system's SYLOGIN file must be protected with at least WORLD:E
access to the file and the directory that contains it.

User Action: See your system manager.


Regards,
Ketan

0 Kudos
Clark Powell
Frequent Advisor

‎05-25-2011 09:13 AM

‎05-25-2011 09:13 AM

Re: SSH Server goes South

One might overlook the SYLOGIN.COM file if there are no other indications of a protection error and there wasn't but, in this case, it seems that the SYLOGIN.COM with no world access was the problem.

thanks
Clark Powell
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.