1827728 Members
2690 Online
109968 Solutions
New Discussion

Re: SSH on VMS 7.3-2

 
SOLVED
Go to solution
robert70
Valued Contributor

SSH on VMS 7.3-2

I have started up SSH on VMS 7.3-2
Trying to connect with a telnet/ssh
where on the Alpha side can I find the public and private key information to enable me to connect?
thanks
14 REPLIES 14
marsh_1
Honored Contributor

Re: SSH on VMS 7.3-2

there are two files that should be in an ssh2 sub directory for your username , an identification file and an authorization file

identification file contains details of your private key

e.g

idkey priv_key_name

authorization file contains public key details

e.g

key public

use the tcpip$ssh_keygen.exe to create a private/public key pair.
certainly putty generated public keys can be used without issue and should be in the same ssh2 sub directory.
all 3 methods hostbased/public key and password can be enabled/disabled in the ssh conf files for client and server in the tcpip$ssh directory.

also obviously see the tcpip guide to ssh on the hp site

good luck

Steven Schweda
Honored Contributor

Re: SSH on VMS 7.3-2

> Trying to connect with a telnet/ssh

From what? To what? Do you already have
keys somewhere? (Where?)

> also obviously see the tcpip guide to ssh
> on the hp site

Yup. Need directions?
Hoff
Honored Contributor

Re: SSH on VMS 7.3-2

Some reading:

http://64.223.189.234/node/1118

But do start with the HP manual for ssh. ssh starts out a little weird, and the HP OpenVMS port layers another helping or two of weirdness into the baseline ssh weird.
marsh_1
Honored Contributor

Re: SSH on VMS 7.3-2

steven,

the link to the hp vms manuals is on the forum web page you don't need directions to get where you're already at :-)
Hoff
Honored Contributor

Re: SSH on VMS 7.3-2

While the following was clearly intended as a joke:

>the link to the hp vms manuals is on the forum web page you don't need directions to get where you're already at :-)

I can assure you that such is *not* a universal finding.

Further, the sheer scale and relative lack of indexing of the existing resources (manuals, help, the HP web site, the stuff in or disappeared from the support databases) is an increasing problem for inexperienced users. (I *know* where this stuff is and I've read much of it over the years and I've written some of it, and it can sometimes take me a while to find a reference.)

robert70
Valued Contributor

Re: SSH on VMS 7.3-2

my keys dont get made when i select enable and start service on node (ssh)
any help?




SSH configuration options:

1 - Enable service on this node

2 - Enable & Start service on this node

[E] - Exit SSH configuration

Enter configuration option: 2
* Create a new default server host key? [YES]:
Creating private key file: TCPIP$SSH_DEVICE:[TCPIP$SSH.SSH2]HOSTKEY
Creating public key file: TCPIP$SSH_DEVICE:[TCPIP$SSH.SSH2]HOSTKEY.PUB
%NONAME-F-NOMSG, Message number 0764CFBC
%TCPIP-I-INFO, image SYS$SYSTEM:TCPIP$SSH_SSHD2.EXE installed
%TCPIP-I-INFO, image SYS$SYSTEM:TCPIP$SSH_SFTP-SERVER2.EXE installed
%TCPIP-I-INFO, logical names created
%TCPIP-I-INFO, service enabled
%TCPIP-S-STARTDONE, TCPIP$SSH startup completed

robert70
Valued Contributor

Re: SSH on VMS 7.3-2

the service is enabled but never started and there are no PUB keys in the directory?
Steven Schweda
Honored Contributor

Re: SSH on VMS 7.3-2

alp $ sysmsg %x0764CFBC
(SYS$COMMON:[SYSMSG]TCPIP$MSG.EXE;1:)
%TCPIP-F-SSH_FATAL, non-specific fatal error condition

Not very informative, I'd say.

> [...] there are no PUB keys in the
> directory?

You're SYSTEM when you do this stuff? Do the
directory protections and owner look
reasonable? I haven't made any host keys in
a while, but around here:

ALP $ dire /owne /prot /size TCPIP$SSH_DEVICE:[TCPIP$SSH.SSH2]host*

Directory SYS$SYSDEVICE:[TCPIP$SSH.SSH2]

HOSTKEY.;1 2 [TCPIP$AUX,TCPIP$SSH] (RWD,RWD,,)
HOSTKEY.PUB;1 2 [TCPIP$AUX,TCPIP$SSH] (RWD,RWD,R,R)
HOSTKEYS.DIR;1 1 [TCPIP$AUX,TCPIP$SSH] (RWE,RWE,RE,E)

Total of 3 files, 5 blocks.


You might try moving/removing the whole mess,
and starting fresh. Otherwise, I'd probably
start dissecting TCPIP$CONFIG.COM to see
what it's trying to do when it goes bad.
robert70
Valued Contributor

Re: SSH on VMS 7.3-2

i am running this under SYSTEM yes.
the directory is TCPIP$SSH_DEVICE:[TCPIP$SSH.SSH2]but as i say the HOSTKEY.PUB is not created because of that error message.

Duncan Morris
Honored Contributor

Re: SSH on VMS 7.3-2

Robert,

a possible cause of this issue is that the SYSTEM account is not associated with the SYSTEM identifier in SYSUAF.

Observe key generation when account and identifier match:

DEVT02> ssh_keygen "-P" fred
Generating 2048-bit dsa key pair
5 oOo..oOo.oOo
Key generated.
2048-bit dsa, morrisd@devt02.cpwplc.net, Thu Dec 11 2008 15:15:21
Private key saved to fred
Public key saved to fred.pub

Then modify my identifier in SYSUAF/RIGHTSLIST

DEVT02> mc authorize
UAF> ren/id morrisd fffred
%UAF-I-RDBMDFYMSG, identifier MORRISD modified
UAF> Exit

and retry key generation...

DEVT02> ssh_keygen "-P" fred

Error: Could not get user's password structure.
%TCPIP-E-SSH_ERROR, non-specific error condition
DEVT02>

Check your SYSUAF entry for SYSTEM!!!

Duncan

robert70
Valued Contributor

Re: SSH on VMS 7.3-2

Duncan,

doing a show system on uaf :-

Username: SYSTEM Owner: SYSTEM MANAGER
Account: SYSTEM UIC: [1,4] ([1,4])
CLI: DCL Tables: DCLTABLES
Default: SYS$SYSROOT:[SYSMGR]
LGICMD: LOGIN.COM


is this as should be?

Duncan Morris
Honored Contributor
Solution

Re: SSH on VMS 7.3-2

No - there is no identifier for SYSTEM, so you are seeing [1,4]

Here is a sample with an idenitifier

UAF> sh system

Username: SYSTEM Owner: SYSTEM MANAGER
Account: SYSTEM UIC: [1,4] ([ISE,SYSTEM])

Check if the identifier SYSTEM exists

UAF> show/id system
Name Value Attributes
SYSTEM [000001,000004]
UAF>

If not, then

UAF> ADD/ID/USER=SYSTEM

and AUTHORIZE will create the identifier for the account.

If it does exist but with another UIC, then you need to question why some other account has this identifier!
robert70
Valued Contributor

Re: SSH on VMS 7.3-2

that was the problem Duncan !!!!
added the rights 1,4 to system via uaf
able to create public key and connect now
many thanks

Arne Korpas
Advisor

Re: SSH on VMS 7.3-2

Hi Duncan,
that was strange, I was running from a copy of the system account and got the accvio errors. When I run from the system account the keys are generated as expected, and I can run ssh2 -v localhost. But there is some kind of problem with the keys, look at this,
(unable to open...)

iGsmdb » ssh2 -v localhost

debug(14-FEB-2011 14:57:58.37): Ssh2/SSH2.C:1896: CRTL version(SYS$SHARE:DECC$S
HR.EXE ident) is ELF
debug(14-FEB-2011 14:57:58.38): SshAppCommon/SSHAPPCOMMON.C:313: Allocating global SshRegex context.
debug(14-FEB-2011 14:57:58.38): SshConfig/SSHCONFIG.C:3461: Metaconfig parsing stopped at line 4.
debug(14-FEB-2011 14:57:58.38): SshConfig/SSHCONFIG.C:887: Setting variable 'VerboseMode' to 'FALSE'.
debug(14-FEB-2011 14:57:58.39):

SshConfig/SSHCONFIG.C:3369: Unable to open ssh2/ssh2_config

debug(14-FEB-2011 14:57:58.39): Connecting to localhost, port 22... (SOCKS no
t used)debug(14-FEB-2011 14:57:58.39): Ssh2/SSH2.C:2881: Entering event loop.
debug(14-FEB-2011 14:57:58.39): Ssh2Client/SSHCLIENT.C:1609: Creating transport protocol.
debug(14-FEB-2011 14:57:58.40): SshAuthMethodClient/SSHAUTHMETHODC.C:104: Added "publickey" to usable methods.
debug(14-FEB-2011 14:57:58.40): SshAuthMethodClient/SSHAUTHMETHODC.C:104: Added
"keyboard-interactive" to usable methods.
debug(14-FEB-2011 14:57:58.40): SshAuthMethodClient/SSHAUTHMETHODC.C:104: Added "password" to usable methods.
debug(14-FEB-2011 14:57:58.40): Ssh2Client/SSHCLIENT.C:1650: Creating userauth protocol.
debug(14-FEB-2011 14:57:58.40): client supports 3 auth methods: 'publickey,keybo
ard-interactive,password'
debug(14-FEB-2011 14:57:58.40): SshUnixTcp/SSHUNIXTCP.C:1750: using local hostname igsmdb.sun.telia.se
debug(14-FEB-2011 14:57:58.40): Ssh2Common/SSHCOMMON.C:541: local ip = 127.0.0.1, local port = 49200
debug(14-FEB-2011 14:57:58.40): Ssh2Common/SSHCOMMON.C:543: remote ip = 127.0.0.1, remote port = 22
debug(14-FEB-2011 14:57:58.40): SshConnection/SSHCONN.C:2578: Wrapping...
debug(14-FEB-2011 14:57:58.40): SshReadLine/SSHREADLINE.C:3662: Initializing ReadLine...
debug(14-FEB-2011 14:57:58.45): Ssh2Common/SSHCOMMON.C:180: DISCONNECT received:
Connection closed by remote host.
debug(14-FEB-2011 14:57:58.45): SshReadLine/SSHREADLINE.C:3728: Uninitializing ReadLine...
warning: Authentication failed.
debug(14-FEB-2011 14:57:58.45): Ssh2/SSH2.C:327: locally_generated = TRUE
Disconnected; connection lost (Connection closed by remote host.).

debug(14-FEB-2011 14:57:58.45): Ssh2Client/SSHCLIENT.C:1685: Destroying client.
debug(14-FEB-2011 14:57:58.45): SshConfig/SSHCONFIG.C:2867: Freeing pki.(host_p
ki != NULL, user_pki = NULL)
debug(14-FEB-2011 14:57:58.45): SshConnection/SSHCONN.C:2630: Destroying SshConn object.
debug(14-FEB-2011 14:57:58.45): Ssh2Client/SSHCLIENT.C:1753: Destroying client completed.
debug(14-FEB-2011 14:57:58.45): SshAuthMethodClient/SSHAUTHMETHODC.C:109: Destroying authentication method array.
debug(14-FEB-2011 14:57:58.45): SshAppCommon/SSHAPPCOMMON.C:326: Freeing global SshRegex context.
debug(14-FEB-2011 14:57:58.45): SshConfig/SSHCONFIG.C:2867: Freeing pki. (host_pki = NULL, user_pki = NULL)

The file is readable, and the system account have bypass so it shouldn't be a prot problem. My system disk is at ODS-5, do you know if that could cause anything ?

iGsmdb » dir/sec/own ssh2_config

Directory SYS$SYSDEVICE:[TCPIP$SSH.SSH2]

SSH2_CONFIG.;1 [TCPIP$AUX,TCPIP$SSH] (RWED,RWED,RE,R)


BR /Arne