HPE Community
Operating System - OpenVMS
1752550 Members
4908 Online
108788 Solutions
New Discussion юеВ

SSH problem

 
SOLVED
Go to solution
Willem Grooters
Honored Contributor

тАО04-01-2004 07:29 AM

тАО04-01-2004 07:29 AM

SSH problem

Dear friends,

On behalf of a collegue (who may now get to know this forum exists):

Environment is VMS 7.3-1, TCPIP 5.4
Installed SSH, no porblem doing ssh system@node

After this, the system has been rebooted several times, buiklt a cluster with a shared system disk, and on the second node, enabled SSH as well.

But now, it doesn't work anymore. He gets a message : Warning, Authentication failed. Using the -v option, there is more info, but that doesn't tell a story either.

Willem
Willem Grooters
OpenVMS Developer & System Manager
0 Kudos
Reply
5 REPLIES 5
Martin P.J. Zinser
Honored Contributor

тАО04-01-2004 08:23 AM

тАО04-01-2004 08:23 AM

Re: SSH problem

Hello Willem,

in tcpip$ssh_home:[ssh2] ssh keeps a key for the local host. Is it possible there has been a mixup between the keys and he might need to generate a new key (ssh_keygen). I do not have my 5.4 system handy right now to verify this.

Greetings, Martin
0 Kudos
Reply
Willem Grooters
Honored Contributor

тАО04-01-2004 08:09 PM

тАО04-01-2004 08:09 PM

Re: SSH problem

Martin,

Keygen did indeed create a new key but still the messages keep appearing.
Also, as my collegue specified (I cannot confirm the correctness) : "stop/disable" and "enable/start" don't work either.

Is there more (configuration) info you need - ask what you need. Since he's on customer's premises, it may take a day to get it (and I'll miss the cake next Monday....)

Willem Grooters
OpenVMS Developer & System Manager
0 Kudos
Reply
Bob Kortlandt
Occasional Advisor

тАО04-15-2004 07:40 PM

тАО04-15-2004 07:40 PM

Re: SSH problem

Hi, As soon as Willem told me about this forum, I joined it.
Problem is reduced now to the following:
TCPIP$SSH account in installed with RESTICTED flag.
SSH connection is denied.
In the log there is some blabber about captive account not allowed to do something. When I remove the flag, it works fine.
Any ideas anyone?
0 Kudos
Reply
Jan van den Ende
Honored Contributor

тАО04-15-2004 10:14 PM

тАО04-15-2004 10:14 PM

Solution

Re: SSH problem

Welkom in dit forum Bob !!!

May you bring us lots of wisdom, then we will try to be of some help to you :-)

Well, you already found out the circumstances that make the difference between functioning and non-functioning, so I guess most of the hard work has been done.

I think I smell some availability of a system you can play around with, and that's what you will need.

In SYS$SYLOGIN of your remote system, try and catch your oncoming process. (to avoid frustrating other logins, select for it and then: )
Switch on ANY tracing you got.
Set verify
Turn on accounting.
Look at accountng for any process(es?) in the time-interval of interest and their final status(ses)
Do you generate subprocesses if not captive?
(just a guess). If so, and you don't if captive, turn on bit 6 of SYSGEN SECURITY_POLICY.

If that's no help:
SET WATCH file/class= all (CMKRNL needed)
This will most probably tell you WHAT image causes failure, and after accessing WHAT file.
Turn on Image Accounting for that image
Any info? Post it, and we will take it from there.

fwiw,

jpe

Don't rust yours pelled jacker to fine doll missed aches.
Reply
Bob Kortlandt
Occasional Advisor

тАО04-16-2004 01:00 AM

тАО04-16-2004 01:00 AM

Re: SSH problem

Hi Jan, and others,

I managed to ban every user from the system,
and SET AUDIT/ALARM/ENABLE=ACCESS=ALL

and found out that the (non-default) sylogin.com dit not have W:RE.
After correcting this, everything works fine!

Jan, Thanks for the SET WATCH tip, which triggered me to do above.

Bob :-)

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.