cancel
Showing results for 
Search instead for 
Did you mean: 

Cannot ssh my server

3r
Advisor

Cannot ssh my server

HP-UX B.11.31 U ia64 0647988385 unlimited-user license

Platform info:
Model: "ia64 hp Integrity BL870c i2"

OS info:
Release: HP-UX B.11.31
Version: U (unlimited-user license)
Machine: ia64
ID Number: 0647988385
vmunix _release_version:
@(#) $Revision: vmunix: B.11.31_LR FLAVOR=perf

 

# cat /etc/rc.config.d/sshd
# SSHD_START: Set to 1 to start SSH daemon
# SSHD_ARGS: Command line arguments to pass to sshd
#
SSHD_START=1
SSHD_ARGS=
SSHD_UMASK=022 #The acceptable values of this variable are found by doing man umask
# /sbin/init.d/secsh stop
#
# sh -x /sbin/init.d/secsh start
+ PATH=/usr/sbin:/usr/bin:/sbin
+ export PATH
+ WHAT=HP-UX Secure Shell
+ WHAT_PATH=/opt/ssh/sbin/sshd
+ + awk {print $2}
+ grep -i ^pidfile /opt/ssh/etc/sshd_config
WHAT_PID=
+ [ = ]
+ WHAT_PID=/var/run/sshd.pid
+ WHAT_CONFIG=/etc/rc.config.d/sshd
+ rval=0
+ SRPPS=/opt/hpsrp/bin/srp_ps
+ [ -f /opt/hpsrp/bin/srp_ps ]
+ myps=ps
+ [ -f /etc/rc.config.d/sshd ]
+ . /etc/rc.config.d/sshd
+ SSHD_START=1
+ SSHD_ARGS=
+ SSHD_UMASK=022
+ umask 022
+ ps -ef
+ grep -v grep
+ grep /opt/ssh/sbin/sshd
+ 1> /dev/null
+ NOT_RUNNING=1
+ [ 1 -eq 1 -a -x /opt/ssh/sbin/sshd -a 1 -eq 1 ]
+ rval=2
+ exit 2
#
# swlist |grep -i Secure*
HPUXBastille B.3.3 Bastille Security Hardening Tool
Secure_Shell A.06.20.030 HP-UX Secure Shell
#
# which ssh
no ssh in /usr/sbin /usr/bin /usr/ccs/bin /usr/contrib/bin /usr/contrib/Q4/bin /opt/perl/bin /opt/gvsd/bin /opt/ipf/bin /opt/nettladm/bin /opt/fcms/bin /opt/wbem/bin /opt/wbem/sbin /opt/sas/bin /opt/graphics/common/bin /opt/atok/bin /usr/bin/X11 /usr/contrib/bin/X11 /opt/sec_mgmt/bastille/bin /opt/caliper/bin /opt/drd/bin /opt/dsau/bin /opt/dsau/sbin /opt/resmon/bin /opt/firefox /opt/gnome/bin /opt/perf/bin /opt/propplus/bin /usr/contrib/kwdb/bin /opt/perl_32/bin /opt/perl_64/bin /opt/prm/bin /opt/sfm/bin /opt/swm/bin /opt/sec_mgmt/spc/bin /opt/swa/bin /opt/hpsmh/bin /opt/thunderbird /opt/sentinel/bin /opt/langtools/bin /opt/wlm/bin /opt/gwlm/bin /opt/ssh/bin /sbin /home/root
#
# ssh -V
sh: ssh: not found.
#

15 REPLIES
Bill Hassell
Honored Contributor

Re: Cannot ssh my server

This is the full ssh command: /opt/ssh/bin/ssh
That command will run ssh command OK.

The ssh bin directory is not in your PATH.
When the HP version of ssh is installed, it would have added /opt/ssh/bin to your /etc/PATH file.
You can add this path to /etc/PATH and the ssh command will now be found.

The sshd daemon is not needed to run ssh.
It is only used for incoming remote connections.
But sshd is failing to start.
Here is a normal startup trace for sshd:

+ NOT_RUNNING=1
+ [ 1 -eq 1 -a -x /opt/ssh/sbin/sshd -a 1 -eq 1 ]
+ /opt/ssh/sbin/sshd
+ echo HP-UX Secure Shell started
HP-UX Secure Shell started
+ return_val=0
+ set_return 0
+ exit 0

The return_val for your startup is not 0.
Look at the system log in /var/adm/syslog/syslog.log for error messages from sshd.



Bill Hassell, sysadmin
Highlighted
Steven Schweda
Honored Contributor

Re: Cannot ssh my server

> The ssh bin directory is not in your PATH.

   I seem to see it (toward the end of that pile):

      # which ssh
      no ssh in /usr/sbin [...] /opt/gwlm/bin /opt/ssh/bin /sbin /home/root

I can't see what's in it.

3r
Advisor

Re: Cannot ssh my server

Hi All,

I have installed OpenSSL (OpenSSL_A.01.00.01s.001_HP-UX_B.11.31_IA_PA) due to error below.

# /usr/bin/ssh -V

/usr/lib/hpux64/dld.so: Unable to find library 'libcrypto.so.1.0.0'.

Killed

And now I have this error:
# /sbin/init.d/secsh start
OpenSSL version mismatch. Built against 1000206f, you have 1000113f
EXIT CODE: 255

# swlist |grep -i Secure*
HPUXBastille B.3.3 Bastille Security Hardening Tool
OpenSSL A.01.00.01s.001 Secure Network Communications Protocol (PA: 0.9.8zf, IA: 1.0.1s)
SecureShell A.07.30.003 HP-UX Secure Shell

Bill Hassell
Honored Contributor

Re: Cannot ssh my server

OpenSSL and Secure Shell need to be reinstalled.
/usr/bin/ssh is likely a symlink:

 ll /usr/bin/ssh
lrwxr-xr-x   1 root       sys             16 Aug 18 12:21 /usr/bin/ssh -> /opt/ssh/bin/ssh

which is OK and makes ssh available from a more common path.

Here are the download locations for the latest OpenSSL and Secure Shell:

https://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumber=T1471AA

https://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumber=OPENSSL11I



Bill Hassell, sysadmin
3r
Advisor

Re: Cannot ssh my server

Hi Bill,

So I just need to reinstall meaning no need to uninstall them both, please confirm? And is there a sequence for the installation?

Bill Hassell
Honored Contributor

Re: Cannot ssh my server

Since Secure Shell uses OpenSSL, I would install it first.
Then install Secure Shell.
swinstall and the product scripts should handle the update without uninstalling.



Bill Hassell, sysadmin
3r
Advisor

Re: Cannot ssh my server

Hi Bill,

I just completed the reinstallation as advised, but still same issue. Below are the error during SSH reinstallation.

ERROR: The "configure" script for "Secure_Shell.SECSH-CMN" failed │
│ │ (exit code "1"). The script location was │
│ │ "/var/tmp/BAA009090/catalog/Secure_Shell/SECSH-CMN/configure". │
│ │ * This script had errors and the execution of this fileset │
│ │ cannot proceed until the problem is fixed. Check the above │
│ │ output from the script for further details.

 

And when I check the script location it is not found.

# ls -ltr /var/tmp/BAA009090/catalog/Secure_Shell/SECSH-CMN/configure
/var/tmp/BAA009090/catalog/Secure_Shell/SECSH-CMN/configure not found

# ls -ltr /var/tmp/BAA009090
/var/tmp/BAA009090 not found

# ssh -V
OpenSSH_7.3p1+sftpfilecontrol-v1.3-hpn14v11, OpenSSL 1.0.1s 1 Mar 2016
HP-UX Secure Shell-A.07.30.003, HP-UX Secure Shell version

# /sbin/init.d/secsh start
OpenSSL version mismatch. Built against 1000206f, you have 1000113f
EXIT CODE: 255

Bill Hassell
Honored Contributor

Re: Cannot ssh my server

It looks like you are using the interactive feature of swinstall.
I don't recommend ever using the Xwindow or interactive feature for swinstall as it hides too much information..

Use the command line like this:

# swinstall -s /var/tmp/blh/OpenSSL_A.01.00.02k.001_HP-UX_B.11.31_IA_PA.depot \*

...
* Beginning Analysis and Execution * Session selections have been saved in the file "/root/.sw/sessions/swinstall.last". * "atl8v3:/": 16 filesets have the selected revision already installed. * "atl8v3:/": 16 software objects were determined to be skipped in the analysis phase. * Analysis and Execution succeeded. NOTE: More information may be found in the agent logfile using the command "swjob -a log atl8v3-1138 @ atl8v3:/". ======= 01/12/18 11:43:26 EST END swinstall SESSION (non-interactive) (jobid=atl8v3-1138)

Be sure to use \* at the end of the command. If you get an error, run the swjob command shown at the end of the output.

Here is Secure shell install:

       * Beginning Analysis and Execution
       * Session selections have been saved in the file
         "/root/.sw/sessions/swinstall.last".
       * The analysis phase succeeded for "atl8v3:/".
       * The execution phase succeeded for "atl8v3:/".
       * Analysis and Execution succeeded.


NOTE:    More information may be found in the agent logfile using the
         command "swjob -a log atl8v3-1139 @ atl8v3:/".

=======  01/12/18 11:48:27 EST  END swinstall SESSION (non-interactive)
         (jobid=atl8v3-1139)

and to check the installation:

# ssh -V
OpenSSH_7.3p1+sftpfilecontrol-v1.3-hpn14v11, OpenSSL 1.0.2k  26 Jan 2017
HP-UX Secure Shell-A.07.30.003, HP-UX Secure Shell version


Bill Hassell, sysadmin
3r
Advisor

Re: Cannot ssh my server

Hi Bill,

Still the same result, and I have rebooted the server just to test and yet all the same.

# /sbin/init.d/secsh start
OpenSSL version mismatch. Built against 1000206f, you have 1000113f
EXIT CODE: 255

 

Bill Hassell
Honored Contributor

Re: Cannot ssh my server

It is very difficult to help you without any information:

>> Still the same result, and I have rebooted the server just to test and yet all the same.

Did you download the two packages from the links I provided?
Did you use swinstall in command line mode as I provided?
Did you run swjob as directed at the end of each each swinstall run?
Do you see any error message in /var/adm/syslog/syslog.log?

Can you provide the last 30 lines from each swinstall run?
Can you provide the output from swjob?



Bill Hassell, sysadmin
3r
Advisor

Re: Cannot ssh my server

Hi Bill,

My bad for providing a very limited information, below are the requested information form the question below.

Did you download the two packages from the links I provided? ==> Yes
Did you use swinstall in command line mode as I provided? ==> yes
Did you run swjob as directed at the end of each each swinstall run? ==> yes
Do you see any error message in /var/adm/syslog/syslog.log? ==> please see attached file

Can you provide the last 30 lines from each swinstall run?  ==> please see attached file
Can you provide the output from swjob?  ==> please see attached file

3r
Advisor

Re: Cannot ssh my server

Hi Bill, 

Sorry I cannot attached the file, below are the output of swinstall for OpenSSL:

# swinstall -s /var/tmp/mydepot/OPENSSL.DEPOT -x reinstall=true \*

======= 01/15/18 08:54:09 MET BEGIN swinstall SESSION
(non-interactive) (jobid=fr70vhvmh002-0093)

* Session started for user "root@fr70vhvmh002".

* Beginning Selection
* Target connection succeeded for "fr70vhvmh002:/".
* Source: /var/tmp/mydepot/OPENSSL.DEPOT
* Targets: fr70vhvmh002:/
* Software selections:
OpenSSL,r=A.01.00.01s.001,a=HP-UX_B.11.31_IA/PA,v=HP
fips_1_1_2.FIPS-CONF,r=FIPS-OPENSSL-1.1.2.mt003,a=HP-UX_B.11.31_IA/PA,v=HP,fr=FIPS-OPENSSL-1.1.2.mt003,fa=HP-UX_B.11.31_IA/PA
fips_1_1_2.FIPS-DOC,r=FIPS-OPENSSL-1.1.2.mt003,a=HP-UX_B.11.31_IA/PA,v=HP,fr=FIPS-OPENSSL-1.1.2.mt003,fa=HP-UX_B.11.31_IA/PA
fips_1_1_2.FIPS-INC,r=FIPS-OPENSSL-1.1.2.mt003,a=HP-UX_B.11.31_IA/PA,v=HP,fr=FIPS-OPENSSL-1.1.2.mt003,fa=HP-UX_B.11.31_IA/PA
fips_1_1_2.FIPS-LIB,r=FIPS-OPENSSL-1.1.2.mt003,a=HP-UX_B.11.31_IA/PA,v=HP,fr=FIPS-OPENSSL-1.1.2.mt003,fa=HP-UX_B.11.31_IA
fips_1_1_2.FIPS-MAN,r=FIPS-OPENSSL-1.1.2.mt003,a=HP-UX_B.11.31_IA/PA,v=HP,fr=FIPS-OPENSSL-1.1.2.mt003,fa=HP-UX_B.11.31_IA/PA
fips_1_1_2.FIPS-MIS,r=FIPS-OPENSSL-1.1.2.mt003,a=HP-UX_B.11.31_IA/PA,v=HP,fr=FIPS-OPENSSL-1.1.2.mt003,fa=HP-UX_B.11.31_IA/PA
fips_1_1_2.FIPS-RUN,r=FIPS-OPENSSL-1.1.2.mt003,a=HP-UX_B.11.31_IA/PA,v=HP,fr=FIPS-OPENSSL-1.1.2.mt003,fa=HP-UX_B.11.31_IA
fips_1_1_2.FIPS-SRC,r=FIPS-OPENSSL-1.1.2.mt003,a=HP-UX_B.11.31_IA/PA,v=HP,fr=FIPS-OPENSSL-1.1.2.mt003,fa=HP-UX_B.11.31_IA/PA
fips_1_2.FIPS-CONF,r=FIPS-OPENSSL-1.2.zf03,a=HP-UX_B.11.31_IA/PA,v=HP,fr=FIPS-OPENSSL-1.2.zf03,fa=HP-UX_B.11.31_IA/PA
fips_1_2.FIPS-DOC,r=FIPS-OPENSSL-1.2.zf03,a=HP-UX_B.11.31_IA/PA,v=HP,fr=FIPS-OPENSSL-1.2.zf03,fa=HP-UX_B.11.31_IA/PA
fips_1_2.FIPS-INC,r=FIPS-OPENSSL-1.2.zf03,a=HP-UX_B.11.31_IA/PA,v=HP,fr=FIPS-OPENSSL-1.2.zf03,fa=HP-UX_B.11.31_IA/PA
fips_1_2.FIPS-LIB,r=FIPS-OPENSSL-1.2.zf03,a=HP-UX_B.11.31_IA/PA,v=HP,fr=FIPS-OPENSSL-1.2.zf03,fa=HP-UX_B.11.31_IA
fips_1_2.FIPS-MAN,r=FIPS-OPENSSL-1.2.zf03,a=HP-UX_B.11.31_IA/PA,v=HP,fr=FIPS-OPENSSL-1.2.zf03,fa=HP-UX_B.11.31_IA/PA
fips_1_2.FIPS-MIS,r=FIPS-OPENSSL-1.2.zf03,a=HP-UX_B.11.31_IA/PA,v=HP,fr=FIPS-OPENSSL-1.2.zf03,fa=HP-UX_B.11.31_IA/PA
fips_1_2.FIPS-RUN,r=FIPS-OPENSSL-1.2.zf03,a=HP-UX_B.11.31_IA/PA,v=HP,fr=FIPS-OPENSSL-1.2.zf03,fa=HP-UX_B.11.31_IA
fips_1_2.FIPS-SRC,r=FIPS-OPENSSL-1.2.zf03,a=HP-UX_B.11.31_IA/PA,v=HP,fr=FIPS-OPENSSL-1.2.zf03,fa=HP-UX_B.11.31_IA/PA
fips_2_0_5.FIPS-CONF,r=FIPS-OPENSSL-2.0.5.s001,a=HP-UX_B.11.31_IA,v=HP,fr=FIPS-OPENSSL-2.0.5.s001,fa=HP-UX_B.11.31_IA
fips_2_0_5.FIPS-DOC,r=FIPS-OPENSSL-2.0.5.s001,a=HP-UX_B.11.31_IA,v=HP,fr=FIPS-OPENSSL-2.0.5.s001,fa=HP-UX_B.11.31_IA
fips_2_0_5.FIPS-INC,r=FIPS-OPENSSL-2.0.5.s001,a=HP-UX_B.11.31_IA,v=HP,fr=FIPS-OPENSSL-2.0.5.s001,fa=HP-UX_B.11.31_IA
fips_2_0_5.FIPS-LIB,r=FIPS-OPENSSL-2.0.5.s001,a=HP-UX_B.11.31_IA,v=HP,fr=FIPS-OPENSSL-2.0.5.s001,fa=HP-UX_B.11.31_IA
fips_2_0_5.FIPS-MAN,r=FIPS-OPENSSL-2.0.5.s001,a=HP-UX_B.11.31_IA,v=HP,fr=FIPS-OPENSSL-2.0.5.s001,fa=HP-UX_B.11.31_IA
fips_2_0_5.FIPS-MIS,r=FIPS-OPENSSL-2.0.5.s001,a=HP-UX_B.11.31_IA,v=HP,fr=FIPS-OPENSSL-2.0.5.s001,fa=HP-UX_B.11.31_IA
fips_2_0_5.FIPS-RUN,r=FIPS-OPENSSL-2.0.5.s001,a=HP-UX_B.11.31_IA,v=HP,fr=FIPS-OPENSSL-2.0.5.s001,fa=HP-UX_B.11.31_IA
fips_2_0_5.FIPS-SRC,r=FIPS-OPENSSL-2.0.5.s001,a=HP-UX_B.11.31_IA,v=HP,fr=FIPS-OPENSSL-2.0.5.s001,fa=HP-UX_B.11.31_IA
openssl.OPENSSL-CER,r=A.01.00.01s.001,a=HP-UX_B.11.31_IA/PA,v=HP,fr=A.01.00.01s.001,fa=HP-UX_B.11.31_IA/PA
openssl.OPENSSL-CONF,r=A.01.00.01s.001,a=HP-UX_B.11.31_IA/PA,v=HP,fr=A.01.00.01s.001,fa=HP-UX_B.11.31_IA/PA
openssl.OPENSSL-DOC,r=A.01.00.01s.001,a=HP-UX_B.11.31_IA/PA,v=HP,fr=A.01.00.01s.001,fa=HP-UX_B.11.31_IA/PA
openssl.OPENSSL-INC,r=A.01.00.01s.001,a=HP-UX_B.11.31_IA/PA,v=HP,fr=A.01.00.01s.001,fa=HP-UX_B.11.31_IA/PA
openssl.OPENSSL-LIB,r=A.01.00.01s.001,a=HP-UX_B.11.31_IA/PA,v=HP,fr=A.01.00.01s.001,fa=HP-UX_B.11.31_IA
openssl.OPENSSL-MAN,r=A.01.00.01s.001,a=HP-UX_B.11.31_IA/PA,v=HP,fr=A.01.00.01s.001,fa=HP-UX_B.11.31_IA/PA
openssl.OPENSSL-MIS,r=A.01.00.01s.001,a=HP-UX_B.11.31_IA/PA,v=HP,fr=A.01.00.01s.001,fa=HP-UX_B.11.31_IA/PA
openssl.OPENSSL-PRNG,r=A.01.00.01s.001,a=HP-UX_B.11.31_IA/PA,v=HP,fr=A.01.00.01s.001,fa=HP-UX_B.11.31_IA
openssl.OPENSSL-PVT,r=A.01.00.01s.001,a=HP-UX_B.11.31_IA/PA,v=HP,fr=A.01.00.01s.001,fa=HP-UX_B.11.31_IA/PA
openssl.OPENSSL-RUN,r=A.01.00.01s.001,a=HP-UX_B.11.31_IA/PA,v=HP,fr=A.01.00.01s.001,fa=HP-UX_B.11.31_IA
openssl.OPENSSL-SRC,r=A.01.00.01s.001,a=HP-UX_B.11.31_IA/PA,v=HP,fr=A.01.00.01s.001,fa=HP-UX_B.11.31_IA/PA
* Selection succeeded.


* Beginning Analysis and Execution
* Session selections have been saved in the file
"/.sw/sessions/swinstall.last".
* "fr70vhvmh002:/": 35 filesets have the selected revision
already installed.
* "fr70vhvmh002:/": 1 bundles have the selected revision
already installed.
* The execution phase succeeded for "fr70vhvmh002:/".
* Analysis and Execution succeeded.


NOTE: More information may be found in the agent logfile using the
command "swjob -a log fr70vhvmh002-0093 @ fr70vhvmh002:/".

======= 01/15/18 08:55:24 MET END swinstall SESSION (non-interactive)
(jobid=fr70vhvmh002-0093)

 

# swjob -a log fr70vhvmh002-0093 @ fr70vhvmh002:/
======= 01/15/18 08:54:10 MET BEGIN install AGENT SESSION (pid=9692)
(jobid=fr70vhvmh002-0093)

* Agent session started for user
"root@fr70vhvmh002.dc-m.alcatel-lucent.com". (pid=9692)

* Beginning Analysis Phase.
* Source:
fr70vhvmh002.dc-m.alcatel-lucent.com:/var/tmp/mydepot/OPENSSL.DEPOT

* Target: fr70vhvmh002:/
* Target logfile: fr70vhvmh002:/var/adm/sw/swagent.log
* Reading source for product information.
NOTE: The fileset "fips_1_1_2.FIPS-CONF,r=FIPS-OPENSSL-1.1.2.mt003"
will be reinstalled because the "reinstall" option is set to
"true".
NOTE: The fileset "fips_1_1_2.FIPS-DOC,r=FIPS-OPENSSL-1.1.2.mt003"
will be reinstalled because the "reinstall" option is set to
"true".
NOTE: The fileset "fips_1_1_2.FIPS-INC,r=FIPS-OPENSSL-1.1.2.mt003"
will be reinstalled because the "reinstall" option is set to
"true".
NOTE: The fileset "fips_1_1_2.FIPS-LIB,r=FIPS-OPENSSL-1.1.2.mt003"
will be reinstalled because the "reinstall" option is set to
"true".
NOTE: The fileset "fips_1_1_2.FIPS-MAN,r=FIPS-OPENSSL-1.1.2.mt003"
will be reinstalled because the "reinstall" option is set to
"true".
NOTE: The fileset "fips_1_1_2.FIPS-MIS,r=FIPS-OPENSSL-1.1.2.mt003"
will be reinstalled because the "reinstall" option is set to
"true".
NOTE: The fileset "fips_1_1_2.FIPS-RUN,r=FIPS-OPENSSL-1.1.2.mt003"
will be reinstalled because the "reinstall" option is set to
"true".
NOTE: The fileset "fips_1_1_2.FIPS-SRC,r=FIPS-OPENSSL-1.1.2.mt003"
will be reinstalled because the "reinstall" option is set to
"true".
NOTE: The fileset "fips_1_2.FIPS-CONF,r=FIPS-OPENSSL-1.2.zf03" will
be reinstalled because the "reinstall" option is set to
"true".
NOTE: The fileset "fips_1_2.FIPS-DOC,r=FIPS-OPENSSL-1.2.zf03" will
be reinstalled because the "reinstall" option is set to
"true".
NOTE: The fileset "fips_1_2.FIPS-INC,r=FIPS-OPENSSL-1.2.zf03" will
be reinstalled because the "reinstall" option is set to
"true".
NOTE: The fileset "fips_1_2.FIPS-LIB,r=FIPS-OPENSSL-1.2.zf03" will
be reinstalled because the "reinstall" option is set to
"true".
NOTE: The fileset "fips_1_2.FIPS-MAN,r=FIPS-OPENSSL-1.2.zf03" will
be reinstalled because the "reinstall" option is set to
"true".
NOTE: The fileset "fips_1_2.FIPS-MIS,r=FIPS-OPENSSL-1.2.zf03" will
be reinstalled because the "reinstall" option is set to
"true".
NOTE: The fileset "fips_1_2.FIPS-RUN,r=FIPS-OPENSSL-1.2.zf03" will
be reinstalled because the "reinstall" option is set to
"true".
NOTE: The fileset "fips_1_2.FIPS-SRC,r=FIPS-OPENSSL-1.2.zf03" will
be reinstalled because the "reinstall" option is set to
"true".
NOTE: The fileset "fips_2_0_5.FIPS-CONF,r=FIPS-OPENSSL-2.0.5.s001"
will be reinstalled because the "reinstall" option is set to
"true".
NOTE: The fileset "fips_2_0_5.FIPS-DOC,r=FIPS-OPENSSL-2.0.5.s001"
will be reinstalled because the "reinstall" option is set to
"true".
NOTE: The fileset "fips_2_0_5.FIPS-INC,r=FIPS-OPENSSL-2.0.5.s001"
will be reinstalled because the "reinstall" option is set to
"true".
NOTE: The fileset "fips_2_0_5.FIPS-LIB,r=FIPS-OPENSSL-2.0.5.s001"
will be reinstalled because the "reinstall" option is set to
"true".
NOTE: The fileset "fips_2_0_5.FIPS-MAN,r=FIPS-OPENSSL-2.0.5.s001"
will be reinstalled because the "reinstall" option is set to
"true".
NOTE: The fileset "fips_2_0_5.FIPS-MIS,r=FIPS-OPENSSL-2.0.5.s001"
will be reinstalled because the "reinstall" option is set to
"true".
NOTE: The fileset "fips_2_0_5.FIPS-RUN,r=FIPS-OPENSSL-2.0.5.s001"
will be reinstalled because the "reinstall" option is set to
"true".
NOTE: The fileset "fips_2_0_5.FIPS-SRC,r=FIPS-OPENSSL-2.0.5.s001"
will be reinstalled because the "reinstall" option is set to
"true".
NOTE: The fileset "openssl.OPENSSL-CER,r=A.01.00.01s.001" will be
reinstalled because the "reinstall" option is set to "true".
NOTE: The fileset "openssl.OPENSSL-CONF,r=A.01.00.01s.001" will be
reinstalled because the "reinstall" option is set to "true".
NOTE: The fileset "openssl.OPENSSL-DOC,r=A.01.00.01s.001" will be
reinstalled because the "reinstall" option is set to "true".
NOTE: The fileset "openssl.OPENSSL-INC,r=A.01.00.01s.001" will be
reinstalled because the "reinstall" option is set to "true".
NOTE: The fileset "openssl.OPENSSL-LIB,r=A.01.00.01s.001" will be
reinstalled because the "reinstall" option is set to "true".
NOTE: The fileset "openssl.OPENSSL-MAN,r=A.01.00.01s.001" will be
reinstalled because the "reinstall" option is set to "true".
NOTE: The fileset "openssl.OPENSSL-MIS,r=A.01.00.01s.001" will be
reinstalled because the "reinstall" option is set to "true".
NOTE: The fileset "openssl.OPENSSL-PRNG,r=A.01.00.01s.001" will be
reinstalled because the "reinstall" option is set to "true".
NOTE: The fileset "openssl.OPENSSL-PVT,r=A.01.00.01s.001" will be
reinstalled because the "reinstall" option is set to "true".
NOTE: The fileset "openssl.OPENSSL-RUN,r=A.01.00.01s.001" will be
reinstalled because the "reinstall" option is set to "true".
NOTE: The fileset "openssl.OPENSSL-SRC,r=A.01.00.01s.001" will be
reinstalled because the "reinstall" option is set to "true".
* Reading source for file information.
* Executing preDSA command.
NOTE: The used disk space on filesystem "/" is estimated to remain
unchanged.
This will leave 3115224 Kbytes of available user disk space
after the installation.
NOTE: The used disk space on filesystem "/opt" is estimated to
increase by 33688 Kbytes.
This will leave 2355400 Kbytes of available user disk space
after the installation.
NOTE: The used disk space on filesystem "/var" is estimated to
remain unchanged.
This will leave 594088 Kbytes of available user disk space
after the installation.
NOTE: The bundle "OpenSSL,r=A.01.00.01s.001" will be reinstalled
because the "reinstall" option is set to "true".

* Summary of Analysis Phase:
* 35 of 35 filesets had no Errors or Warnings.
* The Analysis Phase succeeded.


* Beginning the Install Execution Phase.
* Filesets: 35
* Files: 9428
* Kbytes: 580095
* Installing bundle "OpenSSL,r=A.01.00.01s.001" .
* Installing fileset
"fips_1_1_2.FIPS-CONF,r=FIPS-OPENSSL-1.1.2.mt003" (1 of 35).
* Installing fileset
"fips_1_1_2.FIPS-DOC,r=FIPS-OPENSSL-1.1.2.mt003" (2 of 35).
* Installing fileset
"fips_1_1_2.FIPS-INC,r=FIPS-OPENSSL-1.1.2.mt003" (3 of 35).
* Installing fileset
"fips_1_1_2.FIPS-LIB,r=FIPS-OPENSSL-1.1.2.mt003" (4 of 35).
* Installing fileset
"fips_1_1_2.FIPS-MAN,r=FIPS-OPENSSL-1.1.2.mt003" (5 of 35).
* Installing fileset
"fips_1_1_2.FIPS-MIS,r=FIPS-OPENSSL-1.1.2.mt003" (6 of 35).
* Installing fileset
"fips_1_1_2.FIPS-RUN,r=FIPS-OPENSSL-1.1.2.mt003" (7 of 35).
* Installing fileset
"fips_1_1_2.FIPS-SRC,r=FIPS-OPENSSL-1.1.2.mt003" (8 of 35).
* Installing fileset
"fips_1_2.FIPS-CONF,r=FIPS-OPENSSL-1.2.zf03" (9 of 35).
* Installing fileset "fips_1_2.FIPS-DOC,r=FIPS-OPENSSL-1.2.zf03"
(10 of 35).
* Installing fileset "fips_1_2.FIPS-INC,r=FIPS-OPENSSL-1.2.zf03"
(11 of 35).
* Installing fileset "fips_1_2.FIPS-LIB,r=FIPS-OPENSSL-1.2.zf03"
(12 of 35).
* Installing fileset "fips_1_2.FIPS-MAN,r=FIPS-OPENSSL-1.2.zf03"
(13 of 35).
* Installing fileset "fips_1_2.FIPS-MIS,r=FIPS-OPENSSL-1.2.zf03"
(14 of 35).
* Installing fileset "fips_1_2.FIPS-RUN,r=FIPS-OPENSSL-1.2.zf03"
(15 of 35).
* Installing fileset "fips_1_2.FIPS-SRC,r=FIPS-OPENSSL-1.2.zf03"
(16 of 35).
* Installing fileset
"fips_2_0_5.FIPS-CONF,r=FIPS-OPENSSL-2.0.5.s001" (17 of 35).
* Installing fileset
"fips_2_0_5.FIPS-DOC,r=FIPS-OPENSSL-2.0.5.s001" (18 of 35).
* Installing fileset
"fips_2_0_5.FIPS-INC,r=FIPS-OPENSSL-2.0.5.s001" (19 of 35).
* Installing fileset
"fips_2_0_5.FIPS-LIB,r=FIPS-OPENSSL-2.0.5.s001" (20 of 35).
* Installing fileset
"fips_2_0_5.FIPS-MAN,r=FIPS-OPENSSL-2.0.5.s001" (21 of 35).
* Installing fileset
"fips_2_0_5.FIPS-MIS,r=FIPS-OPENSSL-2.0.5.s001" (22 of 35).
* Installing fileset
"fips_2_0_5.FIPS-RUN,r=FIPS-OPENSSL-2.0.5.s001" (23 of 35).
* Installing fileset
"fips_2_0_5.FIPS-SRC,r=FIPS-OPENSSL-2.0.5.s001" (24 of 35).
* Installing fileset "openssl.OPENSSL-CER,r=A.01.00.01s.001" (25
of 35).
* Installing fileset "openssl.OPENSSL-CONF,r=A.01.00.01s.001"
(26 of 35).
* Installing fileset "openssl.OPENSSL-DOC,r=A.01.00.01s.001" (27
of 35).
* Installing fileset "openssl.OPENSSL-INC,r=A.01.00.01s.001" (28
of 35).
* Installing fileset "openssl.OPENSSL-LIB,r=A.01.00.01s.001" (29
of 35).
* Installing fileset "openssl.OPENSSL-MAN,r=A.01.00.01s.001" (30
of 35).
* Installing fileset "openssl.OPENSSL-MIS,r=A.01.00.01s.001" (31
of 35).
* Installing fileset "openssl.OPENSSL-PRNG,r=A.01.00.01s.001"
(32 of 35).
* Installing fileset "openssl.OPENSSL-PVT,r=A.01.00.01s.001" (33
of 35).
* Installing fileset "openssl.OPENSSL-RUN,r=A.01.00.01s.001" (34
of 35).
* Installing fileset "openssl.OPENSSL-SRC,r=A.01.00.01s.001" (35
of 35).

* Beginning the Configure Execution Phase.

NOTE: Processes 2447
are currently using the library/binary /opt/openssl/1.0/lib/hpux64/#libcrypto.so.1.0.0.
A new version of this library has been installed.
To use the new version, you must stop and restart the process.

* Summary of Execution Phase:
* 35 of 35 filesets had no Errors or Warnings.
* The Execution Phase succeeded.


======= 01/15/18 08:55:24 MET END install AGENT SESSION (pid=9692)
(jobid=fr70vhvmh002-0093)
#

 

3r
Advisor

Re: Cannot ssh my server

Hi Bill, 

Sorry I cannot attached the file, below are the output of swinstall for SSH:

# swinstall -s /var/tmp/mydepot/MYDEPOT.DEPOT -x reinstall=true \*

======= 01/15/18 09:01:32 MET BEGIN swinstall SESSION
(non-interactive) (jobid=fr70vhvmh002-0094)

* Session started for user "root@fr70vhvmh002".

* Beginning Selection
* Target connection succeeded for "fr70vhvmh002:/".
NOTE: The software "Secure_Shell" was successfully marked, but it
depends on the following software items which could not be
found in the source. However, these items may already be in
the target. This will be checked during the Analysis Phase:
openssl.OPENSSL-LIB,r>=A.01.00.02h,a=HP-UX_B.11.31_IA/PA
* Source: /var/tmp/mydepot/MYDEPOT.DEPOT
* Targets: fr70vhvmh002:/
* Software selections:
SecureShell,r=A.07.30.003,a=HP-UX_B.11.31_IA/PA,v=HP
Secure_Shell.SECSH-CMN,r=A.07.30.003,a=HP-UX_B.11.31_IA/PA,v=HP,fr=A.07.30.003,fa=HP-UX_B.11.31_IA/PA
Secure_Shell.SECURE_SHELL,r=A.07.30.003,a=HP-UX_B.11.31_IA/PA,v=HP,fr=A.07.30.003,fa=HP-UX_B.11.31_IA
* Selection succeeded.


* Beginning Analysis and Execution
* Session selections have been saved in the file
"/.sw/sessions/swinstall.last".
* "fr70vhvmh002:/": 2 filesets have the selected revision
already installed.
ERROR: "fr70vhvmh002:/": The software dependencies for 1 products or
filesets cannot be resolved.
* "fr70vhvmh002:/": 1 bundles have the selected revision
already installed.
* The analysis phase failed for "fr70vhvmh002:/".
ERROR: "fr70vhvmh002:/": 1 software objects were determined to be
skipped in the analysis phase.
ERROR: "fr70vhvmh002:/": 1 configure or unconfigure scripts failed.
* The execution phase failed for "fr70vhvmh002:/".
* Analysis and Execution had errors.


ERROR: More information may be found in the agent logfile using the
command "swjob -a log fr70vhvmh002-0094 @ fr70vhvmh002:/".

======= 01/15/18 09:01:39 MET END swinstall SESSION (non-interactive)
(jobid=fr70vhvmh002-0094)

#
#
# swjob -a log fr70vhvmh002-0094 @ fr70vhvmh002:/
======= 01/15/18 09:01:32 MET BEGIN install AGENT SESSION (pid=11270)
(jobid=fr70vhvmh002-0094)

* Agent session started for user
"root@fr70vhvmh002.dc-m.alcatel-lucent.com". (pid=11270)

* Beginning Analysis Phase.
* Source:
fr70vhvmh002.dc-m.alcatel-lucent.com:/var/tmp/mydepot/MYDEPOT.DEPOT

* Target: fr70vhvmh002:/
* Target logfile: fr70vhvmh002:/var/adm/sw/swagent.log
* Reading source for product information.
NOTE: The fileset "Secure_Shell.SECSH-CMN,r=A.07.30.003" will be
reinstalled because the "reinstall" option is set to "true".
NOTE: The fileset "Secure_Shell.SECURE_SHELL,r=A.07.30.003" will be
reinstalled because the "reinstall" option is set to "true".
* Reading source for file information.
The corequisite
"openssl.OPENSSL-LIB,r>=A.01.00.02h,a=HP-UX_B.11.31_IA/PA" for
fileset "Secure_Shell.SECURE_SHELL,r=A.07.30.003" cannot be
successfully resolved.
ERROR: The dependencies for fileset
"Secure_Shell.SECURE_SHELL,r=A.07.30.003" cannot be resolved
(see previous lines).
You must resolve the above dependencies before operating on
this fileset or change the "enforce_dependencies" option to
"false".
* Executing preDSA command.
NOTE: The used disk space on filesystem "/" is estimated to remain
unchanged.
This will leave 3115224 Kbytes of available user disk space
after the installation.
NOTE: The used disk space on filesystem "/opt" is estimated to
remain unchanged.
This will leave 2382424 Kbytes of available user disk space
after the installation.
NOTE: The used disk space on filesystem "/var" is estimated to
remain unchanged.
This will leave 598768 Kbytes of available user disk space
after the installation.
NOTE: The bundle "SecureShell,r=A.07.30.003" will be reinstalled
because the "reinstall" option is set to "true".

* Summary of Analysis Phase:
ERROR: Exclude Secure_Shell.SECURE_SHELL,r=A.07.30.003
ERROR: 1 of 2 filesets had Errors.
* 1 of 2 filesets had no Errors or Warnings.
ERROR: The Analysis Phase had errors. See the above output for
details.


* Beginning the Install Execution Phase.
* Filesets: 1
* Files: 491
* Kbytes: 6040
* Installing bundle "SecureShell,r=A.07.30.003" .
* Installing fileset "Secure_Shell.SECSH-CMN,r=A.07.30.003" (1
of 1).
NOTE: A new version of "/etc/rc.config.d/sshd" has been placed on
the system. The new version is located at
"/opt/ssh/newconfig/etc/rc.config.d/sshd".
The existing version of "/etc/rc.config.d/sshd" is not being
overwritten since it appears that it has been modified by the
administrator since it was delivered.
NOTE: A new version of "/opt/ssh/etc/ssh_config" has been placed on
the system. The new version is located at
"/opt/ssh/newconfig/opt/ssh/etc/ssh_config".
The existing version of "/opt/ssh/etc/ssh_config" is not being
overwritten since it appears that it has been modified by the
administrator since it was delivered.
NOTE: A new version of "/opt/ssh/etc/sshd_config" has been placed on
the system. The new version is located at
"/opt/ssh/newconfig/opt/ssh/etc/sshd_config".
The existing version of "/opt/ssh/etc/sshd_config" is not
being overwritten since it appears that it has been modified
by the administrator since it was delivered.

* Beginning the Configure Execution Phase.
OpenSSL version mismatch. Built against 1000206f, you have 1000113f
ERROR: could not generate ECDSA host key
ERROR: The "configure" script for "Secure_Shell.SECSH-CMN" failed
(exit code "1"). The script location was
"/var/tmp/BAA011270/catalog/Secure_Shell/SECSH-CMN/configure".
* This script had errors and the execution of this fileset
cannot proceed until the problem is fixed. Check the above
output from the script for further details.

* Summary of Execution Phase:
ERROR: Installed Secure_Shell.SECSH-CMN,r=A.07.30.003
ERROR: Skipped (in analysis) Secure_Shell.SECURE_SHELL,r=A.07.30.003
ERROR: 2 of 2 filesets had Errors.
ERROR: The Execution Phase had errors. See the above output for
details.


======= 01/15/18 09:01:39 MET END install AGENT SESSION (pid=11270)
(jobid=fr70vhvmh002-0094)
#

 

3r
Advisor

Re: Cannot ssh my server

Hi All,

Can anyone help with this error after reinstalling the OpenSSL.

NOTE: Processes 2447
are currently using the library/binary /opt/openssl/1.0/lib/hpux64/#libcrypto.so.1.0.0.
A new version of this library has been installed.
To use the new version, you must stop and restart the process.

when I check the process 2447:
# ps -ef |grep -i 2447
root 2447 2440 0 Jan 12 ? 0:42 /opt/wbem/lbin/cimprovagt 0 4 9 root SFMProviderModule
root 18929 3461 1 10:49:44 console 0:00 grep -i 2447

then I stop cimserver and start it back, now that process is gone  /opt/wbem/lbin/cimprovagt, and I rebooted again but still the same issue.

# ls -ltr /opt/openssl/1.0/lib/hpux64
total 55104
-r--r--r-- 1 bin bin 1847506 Mar 9 2016 libssl.1.0.1s.a
-r-xr-xr-x 1 bin bin 6820864 Mar 9 2016 libcrypto.so.1.0.0
-r-xr-xr-x 1 bin bin 7939312 Mar 9 2016 libssl.so.1.0.0
-r--r--r-- 1 bin bin 11583158 Mar 9 2016 libcrypto.1.0.1s.a
dr-xr-xr-x 2 bin bin 96 Jan 12 10:31 pkgconfig
dr-xr-xr-x 2 bin bin 8192 Jan 15 08:55 engines
lrwxr-xr-x 1 root sys 44 Jan 15 08:55 libcrypto.so.1 -> /opt/openssl/0.9.8/lib/hpux64/libcrypto.so.1
lr-xr-xr-x 1 bin bin 15 Jan 15 08:55 libssl.so -> libssl.so.1.0.0
lrwxr-xr-x 1 root sys 46 Jan 15 08:55 libssl.0.9.8zf.a -> /opt/openssl/0.9.8/lib/hpux64/libssl.0.9.8zf.a
lrwxr-xr-x 1 root sys 18 Jan 15 08:55 libcrypto.a -> libcrypto.1.0.1s.a
lrwxr-xr-x 1 root sys 48 Jan 15 08:55 libcrypto.0.9.7m.a -> /opt/openssl/0.9.7/lib/hpux64/libcrypto.0.9.7m.a
lrwxr-xr-x 1 root sys 45 Jan 15 08:55 libssl.0.9.7m.a -> /opt/openssl/0.9.7/lib/hpux64/libssl.0.9.7m.a
lrwxr-xr-x 1 root sys 44 Jan 15 08:55 libcrypto.so.0 -> /opt/openssl/0.9.7/lib/hpux64/libcrypto.so.0
lrwxr-xr-x 1 root sys 41 Jan 15 08:55 libssl.so.0 -> /opt/openssl/0.9.7/lib/hpux64/libssl.so.0
lrwxr-xr-x 1 root sys 49 Jan 15 08:55 libcrypto.0.9.8zf.a -> /opt/openssl/0.9.8/lib/hpux64/libcrypto.0.9.8zf.a
lrwxr-xr-x 1 root sys 15 Jan 15 08:55 libssl.a -> libssl.1.0.1s.a
lr-xr-xr-x 1 bin bin 18 Jan 15 08:55 libcrypto.so -> libcrypto.so.1.0.0
lrwxr-xr-x 1 root sys 41 Jan 15 08:55 libssl.so.1 -> /opt/openssl/0.9.8/lib/hpux64/libssl.so.1

2# find / -name libcrypto.so.1.0.0
/opt/openssl/0.9.7/lib/hpux32/libcrypto.so.1.0.0
/opt/openssl/0.9.7/lib/hpux64/libcrypto.so.1.0.0
/opt/openssl/0.9.8/lib/hpux32/libcrypto.so.1.0.0
/opt/openssl/0.9.8/lib/hpux64/libcrypto.so.1.0.0
/opt/openssl/fips/1.0/lib/hpux32/libcrypto.so.1.0.0
/opt/openssl/fips/1.0/lib/hpux64/libcrypto.so.1.0.0
/opt/openssl/1.0/lib/hpux32/libcrypto.so.1.0.0
/opt/openssl/1.0/lib/hpux64/libcrypto.so.1.0.0
/usr/lib/hpux32/libcrypto.so.1.0.0
/usr/lib/hpux64/libcrypto.so.1.0.0

not sure if Need to update the library manually.

 

Bill Hassell
Honored Contributor

Re: Cannot ssh my server

The SFM module is using the SSLlibraries as you have seen.
Also, there are several versions of the libcrypto file on your system.
Most likely this is due to not installing the HPE-supplied version of OpenSSL sometime in the past.
This was a common situation a while back when HPE was slow to update their version OpenSSL and several sysadmins installed opensource versions to provide better security. The code was OK but the packaging did not follow all the HPE steps to properly install/reinstall the components. As you have seen, other tools (SFM) are using the libcrypto file.

I would stop cimserver completely:  /sbin/init.d/cimserver stop

Then use swremove to remove SSL and SSH:

# swremove SecureShell
# swremove OpenSSL
# swremove openssl

Then use swinstall to install OpenSSL and check for errors.
If all is well, install SSH and then restart cimserver.



Bill Hassell, sysadmin