HPE Community
Operating System - OpenVMS
1753543 Members
5417 Online
108795 Solutions
New Discussion юеВ

Re: SSH on VMS 7.3-2

 
SOLVED
Go to solution
Duncan Morris
Honored Contributor

тАО12-11-2008 07:21 AM

тАО12-11-2008 07:21 AM

Re: SSH on VMS 7.3-2

Robert,

a possible cause of this issue is that the SYSTEM account is not associated with the SYSTEM identifier in SYSUAF.

Observe key generation when account and identifier match:

DEVT02> ssh_keygen "-P" fred
Generating 2048-bit dsa key pair
5 oOo..oOo.oOo
Key generated.
2048-bit dsa, morrisd@devt02.cpwplc.net, Thu Dec 11 2008 15:15:21
Private key saved to fred
Public key saved to fred.pub

Then modify my identifier in SYSUAF/RIGHTSLIST

DEVT02> mc authorize
UAF> ren/id morrisd fffred
%UAF-I-RDBMDFYMSG, identifier MORRISD modified
UAF> Exit

and retry key generation...

DEVT02> ssh_keygen "-P" fred

Error: Could not get user's password structure.
%TCPIP-E-SSH_ERROR, non-specific error condition
DEVT02>

Check your SYSUAF entry for SYSTEM!!!

Duncan

0 Kudos
Reply
robert70
Valued Contributor

тАО12-11-2008 07:31 AM

тАО12-11-2008 07:31 AM

Re: SSH on VMS 7.3-2

Duncan,

doing a show system on uaf :-

Username: SYSTEM Owner: SYSTEM MANAGER
Account: SYSTEM UIC: [1,4] ([1,4])
CLI: DCL Tables: DCLTABLES
Default: SYS$SYSROOT:[SYSMGR]
LGICMD: LOGIN.COM


is this as should be?

0 Kudos
Reply
Duncan Morris
Honored Contributor

тАО12-11-2008 07:40 AM

тАО12-11-2008 07:40 AM

Solution

Re: SSH on VMS 7.3-2

No - there is no identifier for SYSTEM, so you are seeing [1,4]

Here is a sample with an idenitifier

UAF> sh system

Username: SYSTEM Owner: SYSTEM MANAGER
Account: SYSTEM UIC: [1,4] ([ISE,SYSTEM])

Check if the identifier SYSTEM exists

UAF> show/id system
Name Value Attributes
SYSTEM [000001,000004]
UAF>

If not, then

UAF> ADD/ID/USER=SYSTEM

and AUTHORIZE will create the identifier for the account.

If it does exist but with another UIC, then you need to question why some other account has this identifier!
Reply
robert70
Valued Contributor

тАО12-11-2008 07:55 AM

тАО12-11-2008 07:55 AM

Re: SSH on VMS 7.3-2

that was the problem Duncan !!!!
added the rights 1,4 to system via uaf
able to create public key and connect now
many thanks

0 Kudos
Reply
Arne Korpas
Advisor

тАО02-14-2011 06:07 AM

тАО02-14-2011 06:07 AM

Re: SSH on VMS 7.3-2

Hi Duncan,
that was strange, I was running from a copy of the system account and got the accvio errors. When I run from the system account the keys are generated as expected, and I can run ssh2 -v localhost. But there is some kind of problem with the keys, look at this,
(unable to open...)

iGsmdb ├В┬╗ ssh2 -v localhost

debug(14-FEB-2011 14:57:58.37): Ssh2/SSH2.C:1896: CRTL version(SYS$SHARE:DECC$S
HR.EXE ident) is ELF
debug(14-FEB-2011 14:57:58.38): SshAppCommon/SSHAPPCOMMON.C:313: Allocating global SshRegex context.
debug(14-FEB-2011 14:57:58.38): SshConfig/SSHCONFIG.C:3461: Metaconfig parsing stopped at line 4.
debug(14-FEB-2011 14:57:58.38): SshConfig/SSHCONFIG.C:887: Setting variable 'VerboseMode' to 'FALSE'.
debug(14-FEB-2011 14:57:58.39):

SshConfig/SSHCONFIG.C:3369: Unable to open ssh2/ssh2_config

debug(14-FEB-2011 14:57:58.39): Connecting to localhost, port 22... (SOCKS no
t used)debug(14-FEB-2011 14:57:58.39): Ssh2/SSH2.C:2881: Entering event loop.
debug(14-FEB-2011 14:57:58.39): Ssh2Client/SSHCLIENT.C:1609: Creating transport protocol.
debug(14-FEB-2011 14:57:58.40): SshAuthMethodClient/SSHAUTHMETHODC.C:104: Added "publickey" to usable methods.
debug(14-FEB-2011 14:57:58.40): SshAuthMethodClient/SSHAUTHMETHODC.C:104: Added
"keyboard-interactive" to usable methods.
debug(14-FEB-2011 14:57:58.40): SshAuthMethodClient/SSHAUTHMETHODC.C:104: Added "password" to usable methods.
debug(14-FEB-2011 14:57:58.40): Ssh2Client/SSHCLIENT.C:1650: Creating userauth protocol.
debug(14-FEB-2011 14:57:58.40): client supports 3 auth methods: 'publickey,keybo
ard-interactive,password'
debug(14-FEB-2011 14:57:58.40): SshUnixTcp/SSHUNIXTCP.C:1750: using local hostname igsmdb.sun.telia.se
debug(14-FEB-2011 14:57:58.40): Ssh2Common/SSHCOMMON.C:541: local ip = 127.0.0.1, local port = 49200
debug(14-FEB-2011 14:57:58.40): Ssh2Common/SSHCOMMON.C:543: remote ip = 127.0.0.1, remote port = 22
debug(14-FEB-2011 14:57:58.40): SshConnection/SSHCONN.C:2578: Wrapping...
debug(14-FEB-2011 14:57:58.40): SshReadLine/SSHREADLINE.C:3662: Initializing ReadLine...
debug(14-FEB-2011 14:57:58.45): Ssh2Common/SSHCOMMON.C:180: DISCONNECT received:
Connection closed by remote host.
debug(14-FEB-2011 14:57:58.45): SshReadLine/SSHREADLINE.C:3728: Uninitializing ReadLine...
warning: Authentication failed.
debug(14-FEB-2011 14:57:58.45): Ssh2/SSH2.C:327: locally_generated = TRUE
Disconnected; connection lost (Connection closed by remote host.).

debug(14-FEB-2011 14:57:58.45): Ssh2Client/SSHCLIENT.C:1685: Destroying client.
debug(14-FEB-2011 14:57:58.45): SshConfig/SSHCONFIG.C:2867: Freeing pki.(host_p
ki != NULL, user_pki = NULL)
debug(14-FEB-2011 14:57:58.45): SshConnection/SSHCONN.C:2630: Destroying SshConn object.
debug(14-FEB-2011 14:57:58.45): Ssh2Client/SSHCLIENT.C:1753: Destroying client completed.
debug(14-FEB-2011 14:57:58.45): SshAuthMethodClient/SSHAUTHMETHODC.C:109: Destroying authentication method array.
debug(14-FEB-2011 14:57:58.45): SshAppCommon/SSHAPPCOMMON.C:326: Freeing global SshRegex context.
debug(14-FEB-2011 14:57:58.45): SshConfig/SSHCONFIG.C:2867: Freeing pki. (host_pki = NULL, user_pki = NULL)

The file is readable, and the system account have bypass so it shouldn't be a prot problem. My system disk is at ODS-5, do you know if that could cause anything ?

iGsmdb ├В┬╗ dir/sec/own ssh2_config

Directory SYS$SYSDEVICE:[TCPIP$SSH.SSH2]

SSH2_CONFIG.;1 [TCPIP$AUX,TCPIP$SSH] (RWED,RWED,RE,R)


BR /Arne

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.