HPE Community
Operating System - HP-UX
1753786 Members
7667 Online
108799 Solutions
New Discussion

Re: Error while using ssh

 
PanzerFaust
Collector

‎02-17-2018 09:16 AM

‎02-17-2018 09:16 AM

Error while using ssh

I was recently asked to install on a hpux 11.11 (model - 9000/800 / L2000-44)

I installed the package¹ that I obtained in this link² after the installation I did the test connecting from another machine to my HPux server that I had installed ssh.

I could not then I accessed the server again and tried to make a local connection see the

# ssh localhost
/usr/lib/dld.sl: Can not open shared library: /usr/lib/libkrb5.sl
/usr/lib/dld.sl: No such file or directory
Abort (coredump)

I found it strange I came to see if the lib that he was complaining libkrb5.sl
exists and I have not found.

Even I tried to make a stop start and see the error
# /sbin/init.d/secsh stop
#

# /sbin/init.d/secsh start
/usr/lib/dld.sl: Can not open shared library: /usr/lib/libkrb5.sl
/usr/lib/dld.sl: No such file or directory
/sbin/init.d/secsh[83]: 27785 Abort (coredump)
EXIT CODE: 134
can you help me?


¹ HP-UX 11i v1 (T1471AA_A.06.20.010_HP-UX_B.11.11_32_64.depot)
² https://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumber=T1471AA

"Tell me I can not and I'll show you that I can ..."
"Diga-me Eu não posso e eu vou te mostrar que eu posso ..."

0 Kudos
Reply
5 REPLIES 5
Steven Schweda
Honored Contributor

‎02-17-2018 03:53 PM

‎02-17-2018 03:53 PM

Re: Error while using ssh

> /usr/lib/dld.sl: Can not open shared library: /usr/lib/libkrb5.sl
> /usr/lib/dld.sl: No such file or directory

   Hmmm.  Around here, on my old (seldom-used) c3700, I have an older
Secure Shell kit installed:

dy# uname -a
HP-UX dy B.11.11 U 9000/785 2012616114 unlimited-user license

dy# ssh -V
OpenSSH_5.3p1+sftpfilecontrol-v1.3-hpn13v5, OpenSSL 0.9.8l 5 Nov 2009
HP-UX Secure Shell-A.05.30.007, HP-UX Secure Shell version

   But I have that shared library:

dy# ls -l /usr/lib/libkrb5.sl
lrwxr-xr-x   1 root       sys             27 Jul 18  2007
 /usr/lib/libkrb5.sl -> /opt/krb5core/lib/libkrb5.1

dy# ls -lL /usr/lib/libkrb5.sl
-r-xr-xr-x   1 bin        bin        1110016 May 14  2010
 /usr/lib/libkrb5.sl

   I know nothing, but that sounds to me like something
Kerberos-related, and I'd expect that to be part of the OS.  I seem to
have Kerberos stuff in /opt:

dy# ls -ld /opt/krb5*
drwxr-xr-x   3 root       sys             96 Jul 18  2007 /opt/krb5client
dr-xr-xr-x   8 bin        bin           8192 Jul 18  2007 /opt/krb5core

   Possibly interesting:

      https://community.hpe.com/t5/x/x/m-p/5182785

I found that by accident.  A better Web search might find more.

0 Kudos
Reply
Bill Hassell
Honored Contributor

‎02-18-2018 01:56 PM

‎02-18-2018 01:56 PM

Re: Error while using ssh

Did you use swinstall to install the package?
If so, can you post all the error messages you saw?



Bill Hassell, sysadmin
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎02-18-2018 03:56 PM - edited ‎02-18-2018 03:57 PM

‎02-18-2018 03:56 PM - edited ‎02-18-2018 03:57 PM

Re: Error while using ssh

HP (now HPE) has struggled with OpenSSL and Kerberos dependencies for many years. The SSH depot should have had package dependencies included in the install scripts a long time ago. But now that HP-UX 11.11 is no longer supported (for several years), you'll just have to find the Kerberos and SSL conections manually. The libkrb5.sl file is in the Kerberos depot. And OpenSSL is likely required too. Here are the last versions: 

HP-UX 11i v1 - C.1.3.5.11(KRB5CLIENT_C.1.3.5.11_HP-UX_B.11.11_32_64.depot) 
OpenSSL_A.00.09.08zf.001_HP-UX_B.11.11_32_64.depot 

Both are located at software.hp.com

 Be sure to use the commandline for swinstall.



Bill Hassell, sysadmin
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎02-18-2018 04:10 PM - edited ‎02-18-2018 04:15 PM

‎02-18-2018 04:10 PM - edited ‎02-18-2018 04:15 PM

Re: Error while using ssh

Here's a note about HP-UX 11.11.
It has been obsolete for almost 10 years, and no factory support for more than 3 years.

HP-UX version 11.11HP-UX version 11.11 
Here is the full support doc: https://h20195.www2.hpe.com/v2/getpdf.aspx/4aa4-7673enw.pdf



Bill Hassell, sysadmin
0 Kudos
Reply
H.Merijn Brand (procura
Honored Contributor

‎02-19-2018 02:54 AM - edited ‎02-19-2018 03:00 AM

‎02-19-2018 02:54 AM - edited ‎02-19-2018 03:00 AM

Re: Error while using ssh

The HP version of ssh for HP-UX is old (2007) and insecure (OpenSSL-0.9.7) and indeed depends on Kerberos. I would not dare to call that secure anymore.

$ /opt/ssh/bin/ssh -V
OpenSSH_5.0p1+sftpfilecontrol-v1.2-hpn13v1, OpenSSL 0.9.7m 23 Feb 2007
HP-UX Secure Shell-A.05.00.021, HP-UX Secure Shell version
$ swlist -R 2>/dev/null | grep -i -e secure -e ssh
# OpenSSL                                                       A.00.09.07m.032 Secure Network Communications Protocol
# OpenSSL.openssl                                               A.00.09.07m.032 Secure Network Communications Protocol
# OpenSSL.fips_1_1_2                                            FIPS-OPENSSL-1.1.2.032 Secure Network Communications Protocol
# T1471AA                                                       A.05.00.021    HP-UX Secure Shell
# T1471AA.Secure_Shell                                          A.05.00.021    HP-UX Secure Shell
  T1471AA.Secure_Shell.SECURE_SHELL                             A.05.00.021    Secure Shell

If you track back what is actually required (ldd /opt/ssh/bin/ssh), you will find:

Lib                                  Real path                            Size      Date                Refs
------------------------------------ ------------------------------------ --------- ------------------- ----
/opt/ssh/bin/ssh                     /opt/ssh/PA-RISC2.0/bin/ssh            1478656 2008-06-02 04:02:20   17
/usr/lib/libc.2                      /usr/lib/libc.2                        1839104 2009-07-03 14:01:31    2
/usr/lib/libdld.2                    /usr/lib/libdld.2                        24576 2009-05-14 13:03:00    2
/usr/lib/libpthread.1                /usr/lib/libpthread.1                   159744 2008-07-18 13:19:55    0
/usr/lib/libkrb5.sl                  /opt/krb5core/lib/libkrb5.1            1110016 2009-04-22 07:33:32    2
/usr/lib/libcom_err.sl               /opt/krb5core/lib/libcom_err.1           20480 2007-04-02 10:43:21    0
/usr/lib/libk5crypto.sl              /opt/krb5core/lib/libk5crypto.1         163840 2007-04-02 10:43:21    0
/usr/lib/libgssapi_krb5.sl           /opt/krb5core/lib/gss/libgssapi_krb5    253952 2007-04-02 13:38:27    5
/usr/lib/libsec.2                    /usr/lib/libsec.2                       155648 2007-02-14 22:54:53    1
/usr/lib/libm.2                      /usr/lib/libm.2                         282624 2001-06-04 17:23:48    0
/usr/lib/libxnet.2                   /usr/lib/libxnet.2                       28672 2000-11-14 09:00:00    1
/usr/lib/libxti.2                    /opt/star-ncf-prod/ep_patch/usr/lib/    135168 2008-01-11 01:28:18    0
/usr/lib/libnsl.1                    /usr/lib/libnsl.1                       753664 2009-03-24 05:22:57    1

And see that it depends on krb5 stuff

If you fetch my recent ports for HP-UX 11.11 (64bit) you will find OpenSSL-1.0.2n and OpenSSH-7.6p1 and these do *not* depend on Kerberos:

Lib                                  Real path                            Size      Date                Refs
------------------------------------ ------------------------------------ --------- ------------------- ----
/usr/local/bin/ssh                   /usr/local/bin/ssh-7.6p1                962608 2017-12-29 15:36:58    9
/pro/local/lib/libz.sl               /pro/local/lib/libz-1.2.8.sl            160904 2014-02-24 16:41:08    0
/usr/lib/pa20_64/libxnet.2           /usr/lib/pa20_64/libxnet.2               29632 2000-11-14 09:00:00    1
/usr/lib/pa20_64/libxti.2            /opt/star-ncf-prod/ep_patch/usr/lib/    141248 2008-01-11 01:29:40    0
/usr/lib/pa20_64/libsec.2            /usr/lib/pa20_64/libsec.2               162424 2007-02-14 22:54:53    1
/usr/lib/pa20_64/libm.2              /usr/lib/pa20_64/libm.2                 274664 2001-06-04 17:23:43    0
/usr/local/ssl/lib/libssl.sl         /usr/local/ssl/lib/libssl-1.0.2n.sl     692352 2017-12-29 15:19:04    0
/usr/local/ssl/lib/libcrypto.sl      /usr/local/ssl/lib/libcrypto-1.0.2n.   3423456 2017-12-29 15:19:12    0
/usr/lib/pa20_64/libc.2              /usr/lib/pa20_64/libc.2                1891896 2009-07-03 14:01:31    1
/usr/lib/pa20_64/libdl.1             /usr/lib/pa20_64/libdl.1                 73240 2009-05-14 13:03:00    0

$ /usr/local/bin/ssh -V
OpenSSH_7.6p1, OpenSSL 1.0.2n  7 Dec 2017

I see in there that I made the mistake to have it depend on /pro/local/lib/libz.sl, which I will fix in a next version. To have it work, get a recent Zlib-1.2.8 and create a symlink (as root).

# mkdir -p /pro/local/lib
# ln -s /usr/local/lib/libz.sl /pro/local/lib/

or

# ln -s /usr/lib/pa20_64/libz.sl /pro/local/lib/

 

 

Enjoy, Have FUN! H.Merijn
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.