HPE Community
Operating System - OpenVMS
1752577 Members
4110 Online
108788 Solutions
New Discussion

SSH key generation multiple usernames

 
Tom Wetty
Advisor

‎01-13-2017 10:41 AM

‎01-13-2017 10:41 AM

SSH key generation multiple usernames

Hi I am looking for a "how to" document for SSH and SFTP on OpenVMS.   I tried the standard TCPIP documents but there appears to be some unique variables by UAF username that is not explained in any of the documentation.

I was able to generate a key using my personal account but when I used the generic testing account on the same server I received an error message from KEYGEN.

The error message that was generated was ; and I have been unsuccessfull in finding out what the message even means. 

$ssh_keygen
sapdev$dkb0:[sys0.syscommon.][sysexe]tcpip$ssh_ssh-keygen2.exe: FATAL: ssh_user
file_open: using non-current uid but not initialized (uid=35848192, path=/dkb1/u
ser/wmspqa/ssh2/random_seed.)

Any pointers would be appreciated.  Regards, Tom

 

OpenVMS V8.4 I have no idea how to see any ECO versions on the system.

HP TCP/IP Services for OpenVMS Industry Standard 64 Version V5.7 - ECO 3
on an HP rx2660 (1.59GHz/12.0MB) running OpenVMS V8.4

# File name: SSH2_CONFIG.
# Product: HP TCP/IP Services for OpenVMS
# Version: V5.7-ECO3
#
# © Copyright 1976, 2009 Hewlett-Packard Development Company, L.P.
#

#
# ssh 3.2 client configuration information
#

0 Kudos
Reply
4 REPLIES 4
David R. Lennon
Valued Contributor

‎01-13-2017 01:00 PM

‎01-13-2017 01:00 PM

Re: SSH key generation multiple usernames

Hi,

   Did you find this on your google searching?:

http://www3.sympatico.ca/n.rieck/docs/openvms_notes_ssh2.html

In the past, I've found that to be a great overview and reference.

Also, are you sure the directory file exists with proper protections for the user's SYS$LOGIN directory as defined in the SYSUAF? It seems to me like the error might be complaining abou creating the SSH2 subdirectory in: /dkb1/user/wmspqa/

Regards,

Dave

0 Kudos
Reply
Steven Schweda
Honored Contributor

‎01-13-2017 03:12 PM

‎01-13-2017 03:12 PM

Re: SSH key generation multiple usernames

> $ssh_keygen
> sapdev$dkb0:[sys0.syscommon.][sysexe]tcpip$ssh_ssh-keygen2.exe: FATAL: ssh_user
> file_open: using non-current uid but not initialized (uid=35848192, path=/dkb1/u
> ser/wmspqa/ssh2/random_seed.)

   I know nothing, but I'd guess that there's an owner/permissions
problem with the user's home directory itself an/or the "ssh2" sub-dir.
"FATAL: ssh_user file_open:" is suspicious.  Whether that "uid=35848192"
means anything to anyone is another question.  Perhaps in octal you'd
recognize something.

   My Web search for:
      "using non-current uid but not initialized"
found, among other things:

      https://community.hpe.com/t5/x/x/td-p/4265638

   If it's still not obvious, then you might post some useful info, like
who's who (UIC), who owns what (DIRE /SECU), and so on.

0 Kudos
Reply
abrsvc
Respected Contributor

‎01-15-2017 05:38 AM

‎01-15-2017 05:38 AM

Re: SSH key generation multiple usernames

While my experiencewith SSH is limited, I agree with Steven, the problem here is one of Uic matching.

The account UIC must match the UIC of the directories and files.  Otherwise there is a potential security hole which is what SSH is set up to avoid.

Verify that the owner of the directory and filesis the correct UIC of the account being used.  Update this with more specifics if they are indeed the same.  Post a log of your attempts including SHOW commands to view the account being used and the directory/file specifics.

Dan

0 Kudos
Reply
black_cat
Advisor

‎01-20-2017 01:03 AM

‎01-20-2017 01:03 AM

Re: SSH key generation multiple usernames

I just like to make you aware that if you're planning to use SSH and/or SFTP that you should be using Version V5.7-ECO5G (build date of the images: 26-NOV-2015) rather than Version: V5.7-ECO3. There was an update to the ciphers and the key exchange algorithm. Contact your friendly HP Support.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.