Re: Connection closed by IP in ssh under AIX TSM server

> [...]
> debug1: read PEM private key done: type RSA
> Connection closed by 135.120.64.50

   That looks abrupt.  I'd want to look at the logs on the server side.

Hi Steven,

Hope the below log files can help.

Below is the logs from hpux server:

# tail -f /var/adm/syslog/syslog.log
Jan 18 08:57:26 fr70vhvmh002 sshd[9243]: SSH: Server;Ltype: Authname;Remote: 139.54.50.28-52149;Name: tsmacct [preauth]
Jan 18 08:57:26 fr70vhvmh002 sshd[9243]: fatal: Access denied for user tsmacct by PAM account configuration [preauth]
Jan 18 09:16:44 fr70vhvmh002 sshd[10747]: SSH: Server;Ltype: Version;Remote: 139.54.50.28-53310;Protocol: 2.0;Client: OpenSSH_4.1
Jan 18 09:16:44 fr70vhvmh002 sshd[10747]: SSH: Server;Ltype: Kex;Remote: 139.54.50.28-53310;Enc: aes128-ctr;MAC: hmac-sha1;Comp: none [preauth]
Jan 18 09:16:44 fr70vhvmh002 sshd[10747]: SSH: Server;Ltype: Authname;Remote: 139.54.50.28-53310;Name: tsmacct [preauth]
Jan 18 09:16:44 fr70vhvmh002 sshd[10747]: fatal: Access denied for user tsmacct by PAM account configuration [preauth]
Jan 18 09:48:31 fr70vhvmh002 sshd[12914]: SSH: Server;Ltype: Version;Remote: 139.54.50.28-55119;Protocol: 2.0;Client: OpenSSH_4.1
Jan 18 09:48:31 fr70vhvmh002 sshd[12914]: SSH: Server;Ltype: Kex;Remote: 139.54.50.28-55119;Enc: aes128-ctr;MAC: hmac-sha1;Comp: none [preauth]
Jan 18 09:48:31 fr70vhvmh002 sshd[12914]: SSH: Server;Ltype: Authname;Remote: 139.54.50.28-55119;Name: tsmacct [preauth]
Jan 18 09:48:31 fr70vhvmh002 sshd[12914]: fatal: Access denied for user tsmacct by PAM account configuration [preauth]

below is the log from AIX server:

# tail -50 syslog
Jul 13 15:01:48 bcv50s1c mail:info sendmail[2601158]: p6DD1lYL4555004: to=operations.backup-tsm@hp.com, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=120198, relay=mailhost.alcatel-lucent.com [135.3.39.10], dsn=2.0.0, stat=Sent (p6DD1lNV010463 Message accepted for delivery)
Jul 13 15:01:55 bcv50s1c mail:info sendmail[7397596]: p6DD1twi7397596: from=root, size=202, class=0, nrcpts=1msgid=<201107131301.p6DD1twi7397596@bcv50s1c.dc-m.alcatel-lucent.com>, relay=root@localhost
Jul 13 15:01:56 bcv50s1c mail:info sendmail[1196204]: p6DD1twi7397596: to=operations.backup-tsm@hp.com, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=120202, relay=mailhost.alcatel-lucent.com [135.3.39.10], dsn=2.0.0, stat=Sent (p6DD1tS0010551 Message accepted for delivery)
Jul 13 15:02:21 bcv50s1c mail:info sendmail[1196222]: p6DD2LLM1196222: from=root, size=153487, class=0, nrcpts=1msgid=<201107131302.p6DD2LLM1196222@bcv50s1c.dc-m.alcatel-lucent.com>, relay=root@localhost
Jul 13 15:02:23 bcv50s1c mail:info sendmail[3379360]: p6DD2LLM1196222: to=operations.backup-tsm@hp.com, ctladdr=root (0/0), delay=00:00:02, xdelay=00:00:02, mailer=relay, pri=273487, relay=mailhost.alcatel-lucent.com [135.3.39.9], dsn=2.0.0, stat=Sent (p6DD2L9K016815 Message accepted for delivery)
Jul 13 15:02:27 bcv50s1c mail:info sendmail[561248]: p6DD2RQS561248: from=root, size=203372, class=0, nrcpts=1msgid=<201107131302.p6DD2RQS561248@bcv50s1c.dc-m.alcatel-lucent.com>, relay=root@localhost
Jul 13 15:02:29 bcv50s1c mail:info sendmail[7397610]: p6DD2RQS561248: to=operations.backup-tsm@hp.com, ctladdr=root (0/0), delay=00:00:02, xdelay=00:00:02, mailer=relay, pri=323372, relay=mailhost.alcatel-lucent.com [135.3.39.9], dsn=2.0.0, stat=Sent (p6DD2RWY016855 Message accepted for delivery)
Jul 13 15:02:39 bcv50s1c mail:info sendmail[2277590]: p6DD2dV72277590: from=root, size=198, class=0, nrcpts=1msgid=<201107131302.p6DD2dV72277590@bcv50s1c.dc-m.alcatel-lucent.com>, relay=root@localhost
Jul 13 15:02:40 bcv50s1c mail:info sendmail[3379364]: p6DD2dV72277590: to=operations.backup-tsm@hp.com, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=120198, relay=mailhost.alcatel-lucent.com [135.3.39.9], dsn=2.0.0, stat=Sent (p6DD2dvi016914 Message accepted for delivery)
Jul 13 15:02:52 bcv50s1c mail:info sendmail[6951032]: p6DD2qNI6951032: from=root, size=119775, class=0, nrcpts=1msgid=<201107131302.p6DD2qNI6951032@bcv50s1c.dc-m.alcatel-lucent.com>, relay=root@localhost
Jul 13 15:02:55 bcv50s1c mail:info sendmail[5455930]: p6DD2qNI6951032: to=operations.backup-tsm@hp.com, ctladdr=root (0/0), delay=00:00:03, xdelay=00:00:03, mailer=relay, pri=239775, relay=mailhost.alcatel-lucent.com [135.3.39.12], dsn=2.0.0, stat=Sent (p6DD2rbw013877 Message accepted for delivery)
Jul 13 15:02:56 bcv50s1c mail:info sendmail[1392826]: p6DD2uSQ1392826: from=root, size=25692, class=0, nrcpts=1msgid=<201107131302.p6DD2uSQ1392826@bcv50s1c.dc-m.alcatel-lucent.com>, relay=root@localhost
Jul 13 15:02:58 bcv50s1c mail:info sendmail[2080784]: p6DD2uSQ1392826: to=operations.backup-tsm@hp.com, ctladdr=root (0/0), delay=00:00:02, xdelay=00:00:02, mailer=relay, pri=145692, relay=mailhost.alcatel-lucent.com [135.3.39.12], dsn=2.0.0, stat=Sent (p6DD2v7D013926 Message accepted for delivery)
Jul 13 15:02:58 bcv50s1c mail:info sendmail[2351146]: p6DD2wje2351146: from=root, size=1995, class=0, nrcpts=1msgid=<201107131302.p6DD2wje2351146@bcv50s1c.dc-m.alcatel-lucent.com>, relay=root@localhost
Jul 13 15:02:59 bcv50s1c mail:info sendmail[7397614]: p6DD2wje2351146: to=operations.backup-tsm@hp.com, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=121995, relay=mailhost.alcatel-lucent.com [135.3.39.12], dsn=2.0.0, stat=Sent (p6DD2x99013942 Message accepted for delivery)
Jul 13 15:03:02 bcv50s1c mail:info sendmail[1855650]: p6DD32Xj1855650: from=root, size=11081, class=0, nrcpts=1msgid=<201107131303.p6DD32Xj1855650@bcv50s1c.dc-m.alcatel-lucent.com>, relay=root@localhost
Jul 13 15:03:03 bcv50s1c mail:info sendmail[471058]: p6DD32Xj1855650: to=operations.backup-tsm@hp.com, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=131081, relay=mailhost.alcatel-lucent.com [135.3.39.12], dsn=2.0.0, stat=Sent (p6DD32D5013957 Message accepted for delivery)
Jul 13 15:03:05 bcv50s1c mail:info sendmail[2277600]: p6DD35Uw2277600: from=root, size=198, class=0, nrcpts=1msgid=<201107131303.p6DD35Uw2277600@bcv50s1c.dc-m.alcatel-lucent.com>, relay=root@localhost
Jul 13 15:03:06 bcv50s1c mail:info sendmail[3379374]: p6DD35Uw2277600: to=operations.backup-tsm@hp.com, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=120198, relay=mailhost.alcatel-lucent.com [135.3.39.12], dsn=2.0.0, stat=Sent (p6DD35lg013978 Message accepted for delivery)
Jul 13 15:03:09 bcv50s1c mail:info sendmail[6951042]: p6DD396R6951042: from=root, size=492, class=0, nrcpts=1msgid=<201107131303.p6DD396R6951042@bcv50s1c.dc-m.alcatel-lucent.com>, relay=root@localhost
Jul 13 15:03:10 bcv50s1c mail:info sendmail[4554754]: p6DD3AFa4554754: from=root, size=201, class=0, nrcpts=1msgid=<201107131303.p6DD3AFa4554754@bcv50s1c.dc-m.alcatel-lucent.com>, relay=root@localhost
Jul 13 15:03:10 bcv50s1c mail:info sendmail[7397618]: p6DD396R6951042: to=operations.backup-tsm@hp.com, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=120492, relay=mailhost.alcatel-lucent.com [135.3.39.12], dsn=2.0.0, stat=Sent (p6DD3AiC014002 Message accepted for delivery)
Jul 13 15:03:11 bcv50s1c mail:info sendmail[3379378]: p6DD3AFa4554754: to=operations.backup-tsm@hp.com, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=120201, relay=mailhost.alcatel-lucent.com [135.3.39.12], dsn=2.0.0, stat=Sent (p6DD3Afa014004 Message accepted for delivery)
Jul 13 15:04:49 bcv50s1c user:notice root: .CASH_I_0799 JOBTERM record being written for job 'TSM30_FRMRS081_FS'
Jul 13 15:10:55 bcv50s1c user:notice root: .CASH_I_0799 JOBTERM record being written for job 'TSM20_BCV50S4A_AD_FS'
Jul 13 15:12:50 bcv50s1c mail:info sendmail[4624610]: p6DDCo384624610: from=root, size=337, class=0, nrcpts=1msgid=<201107131312.p6DDCo384624610@bcv50s1c.dc-m.alcatel-lucent.com>, relay=root@localhost
Jul 13 15:12:52 bcv50s1c mail:info sendmail[1253384]: p6DDCo384624610: to=operations.backup-tsm@hp.com, ctladdr=root (0/0), delay=00:00:02, xdelay=00:00:02, mailer=relay, pri=120337, relay=mailhost.alcatel-lucent.com [135.3.39.11], dsn=2.0.0, stat=Sent (p6DDCpTU021106 Message accepted for delivery)
Jul 13 15:19:30 bcv50s1c mail:info sendmail[2052162]: p6DDJUTX2052162: from=root, size=1685, class=0, nrcpts=1msgid=<201107131319.p6DDJUTX2052162@bcv50s1c.dc-m.alcatel-lucent.com>, relay=root@localhost
Jul 13 15:19:32 bcv50s1c mail:info sendmail[4440254]: p6DDJUTX2052162: to=operations.backup-tsm@hp.com, ctladdr=root (0/0), delay=00:00:02, xdelay=00:00:02, mailer=relay, pri=121685, relay=mailhost.alcatel-lucent.com [135.3.39.11], dsn=2.0.0, stat=Sent (p6DDJVbW026477 Message accepted for delivery)
Jul 13 15:30:07 bcv50s1c user:notice root: .CASH_I_0120 Submitting TSM7_CONSOSQL_FS TSM7_BE_SQL15_FS 0001 1301 at node bcv50s1c (from node FRVELSSCH09)
Jul 13 15:30:07 bcv50s1c user:notice root: .CASH_I_0120 Submitting TSM50_FRMRSSUDB007_FS TSM50_FRMRSSUDB007_FS 0001 1301 at node bcv50s1c (from node FRVELSSCH09)
Jul 13 15:30:07 bcv50s1c user:notice root: .CASH_I_0798 JOBINIT record being written for job 'TSM7_BE_SQL15_FS'
Jul 13 15:30:07 bcv50s1c user:notice root: .CASH_I_0120 Submitting TSM50_FRMRSSUDB006_FS TSM50_FRMRSSUDB006_FS 0001 1301 at node bcv50s1c (from node FRVELSSCH09)
Jul 13 15:30:07 bcv50s1c user:notice root: .CASH_I_0798 JOBINIT record being written for job 'TSM50_FRMRSSUDB007_FS'
Jul 13 15:30:07 bcv50s1c user:notice root: .CASH_I_0120 Submitting TSM71_FRMRSSPKI01P_WIN_FS TSM71_FRMRSSPKI01P_WIN_FS 0001 1301 at node bcv50s1c (from node FRVELSSCH09)
Jul 13 15:30:07 bcv50s1c user:notice root: .CASH_I_0798 JOBINIT record being written for job 'TSM50_FRMRSSUDB006_FS'
Jul 13 15:30:07 bcv50s1c user:notice root: .CASH_I_0120 Submitting TSM71_FRMRSSPKI02P_WIN_FS TSM71_FRMRSSPKI02P_WIN_FS 0001 1301 at node bcv50s1c (from node FRVELSSCH09)
Jul 13 15:30:07 bcv50s1c user:notice root: .CASH_I_0798 JOBINIT record being written for job 'TSM71_FRMRSSPKI01P_WIN_FS'
Jul 13 15:30:07 bcv50s1c user:notice root: .CASH_I_0120 Submitting TSM50_FRMRSSUUCM01_FS TSM50_FRMRSSUUCM01_FS 0001 1301 at node bcv50s1c (from node FRVELSSCH09)
Jul 13 15:30:07 bcv50s1c user:notice root: .CASH_I_0798 JOBINIT record being written for job 'TSM71_FRMRSSPKI02P_WIN_FS'
Jul 13 15:30:07 bcv50s1c user:notice root: .CASH_I_0798 JOBINIT record being written for job 'TSM50_FRMRSSUUCM01_FS'
Jul 13 15:30:07 bcv50s1c user:notice root: .CASH_I_0120 Submitting TSM50_FRMRSSUUCM02_FS TSM50_FRMRSSUUCM02_FS 0001 1301 at node bcv50s1c (from node FRVELSSCH09)
Jul 13 15:30:07 bcv50s1c user:notice root: .CASH_I_0120 Submitting TSM41_FRILLSWDD03_WIN_FS TSM41_FRILLSWDD03_WIN_FS 0001 1301 at node bcv50s1c (from node FRVELSSCH09)
Jul 13 15:30:07 bcv50s1c user:notice root: .CASH_I_0798 JOBINIT record being written for job 'TSM50_FRMRSSUUCM02_FS'
Jul 13 15:30:08 bcv50s1c user:notice root: .CASH_I_0120 Submitting TSM30_BCV50SE7_FS BCV50SE7_FS 0001 1301 at node bcv50s1c (from node FRVELSSCH09)
Jul 13 15:30:08 bcv50s1c user:notice root: .CASH_I_0798 JOBINIT record being written for job 'TSM41_FRILLSWDD03_WIN_FS'
Jul 13 15:30:09 bcv50s1c user:notice root: .CASH_I_0798 JOBINIT record being written for job 'BCV50SE7_FS'
Jul 13 15:30:23 bcv50s1c user:notice root: .CASH_I_0799 JOBTERM record being written for job 'TSM7_BE_SQL15_FS'
Jul 13 15:31:22 bcv50s1c syslog:err|error syslogd: Good Bye

> [...] I'd want to look at the logs on the server side.

   At some relevant times.

> below is the log from AIX server:
> [...]

   What do you see in that mess which looks related?  The times seem far
from the client times you reported before.  "Jul 13"?  Different time
zone (or different solar system)?

> Jul 13 15:31:22 bcv50s1c syslog:err|error syslogd: Good Bye

   Perhaps you should find an AIX forum where you can ask where sshd
logs its events, because this does not seem to be it.

>   I'd want to look at the logs on the server side.

I've had to do that when -vvv isn't forthcoming.  I.e. my putty version was using older ciphers.

For Linux it's in /var/log/auth.log.

In this user's case, Isn't the server side HP-UX?  I.e. it works with root but not with tsmacct user?

Jan 18 09:48:31 fr70vhvmh002 sshd[12914]: SSH: Server;Ltype: Version;Remote: 139.54.50.28-55119;Protocol: 2.0;Client: OpenSSH_4.1
Jan 18 09:48:31 fr70vhvmh002 sshd[12914]: SSH: Server;Ltype: Kex;Remote: 139.54.50.28-55119;Enc: aes128-ctr;MAC: hmac-sha1;Comp: none [preauth]
Jan 18 09:48:31 fr70vhvmh002 sshd[12914]: SSH: Server;Ltype: Authname;Remote: 139.54.50.28-55119;Name: tsmacct [preauth]
Jan 18 09:48:31 fr70vhvmh002 sshd[12914]: fatal: Access denied for user tsmacct by PAM account configuration [preauth]

H iDennis,

Below is the logs from hpux server:

# tail -f /var/adm/syslog/syslog.log
Jan 18 08:57:26 fr70vhvmh002 sshd[9243]: SSH: Server;Ltype: Authname;Remote: 139.54.50.28-52149;Name: tsmacct [preauth]
Jan 18 08:57:26 fr70vhvmh002 sshd[9243]: fatal: Access denied for user tsmacct by PAM account configuration [preauth]
Jan 18 09:16:44 fr70vhvmh002 sshd[10747]: SSH: Server;Ltype: Version;Remote: 139.54.50.28-53310;Protocol: 2.0;Client: OpenSSH_4.1
Jan 18 09:16:44 fr70vhvmh002 sshd[10747]: SSH: Server;Ltype: Kex;Remote: 139.54.50.28-53310;Enc: aes128-ctr;MAC: hmac-sha1;Comp: none [preauth]
Jan 18 09:16:44 fr70vhvmh002 sshd[10747]: SSH: Server;Ltype: Authname;Remote: 139.54.50.28-53310;Name: tsmacct [preauth]
Jan 18 09:16:44 fr70vhvmh002 sshd[10747]: fatal: Access denied for user tsmacct by PAM account configuration [preauth]
Jan 18 09:48:31 fr70vhvmh002 sshd[12914]: SSH: Server;Ltype: Version;Remote: 139.54.50.28-55119;Protocol: 2.0;Client: OpenSSH_4.1
Jan 18 09:48:31 fr70vhvmh002 sshd[12914]: SSH: Server;Ltype: Kex;Remote: 139.54.50.28-55119;Enc: aes128-ctr;MAC: hmac-sha1;Comp: none [preauth]
Jan 18 09:48:31 fr70vhvmh002 sshd[12914]: SSH: Server;Ltype: Authname;Remote: 139.54.50.28-55119;Name: tsmacct [preauth]
Jan 18 09:48:31 fr70vhvmh002 sshd[12914]: fatal: Access denied for user tsmacct by PAM account configuration [preauth]

below is the log from AIX server:

# tail -50 syslog
Jul 13 15:01:48 bcv50s1c mail:info sendmail[2601158]: p6DD1lYL4555004: to=operations.backup-tsm@hp.com, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=120198, relay=mailhost.alcatel-lucent.com [135.3.39.10], dsn=2.0.0, stat=Sent (p6DD1lNV010463 Message accepted for delivery)
Jul 13 15:01:55 bcv50s1c mail:info sendmail[7397596]: p6DD1twi7397596: from=root, size=202, class=0, nrcpts=1msgid=<201107131301.p6DD1twi7397596@bcv50s1c.dc-m.alcatel-lucent.com>, relay=root@localhost
Jul 13 15:01:56 bcv50s1c mail:info sendmail[1196204]: p6DD1twi7397596: to=operations.backup-tsm@hp.com, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=120202, relay=mailhost.alcatel-lucent.com [135.3.39.10], dsn=2.0.0, stat=Sent (p6DD1tS0010551 Message accepted for delivery)
Jul 13 15:02:21 bcv50s1c mail:info sendmail[1196222]: p6DD2LLM1196222: from=root, size=153487, class=0, nrcpts=1msgid=<201107131302.p6DD2LLM1196222@bcv50s1c.dc-m.alcatel-lucent.com>, relay=root@localhost
Jul 13 15:02:23 bcv50s1c mail:info sendmail[3379360]: p6DD2LLM1196222: to=operations.backup-tsm@hp.com, ctladdr=root (0/0), delay=00:00:02, xdelay=00:00:02, mailer=relay, pri=273487, relay=mailhost.alcatel-lucent.com [135.3.39.9], dsn=2.0.0, stat=Sent (p6DD2L9K016815 Message accepted for delivery)
Jul 13 15:02:27 bcv50s1c mail:info sendmail[561248]: p6DD2RQS561248: from=root, size=203372, class=0, nrcpts=1msgid=<201107131302.p6DD2RQS561248@bcv50s1c.dc-m.alcatel-lucent.com>, relay=root@localhost
Jul 13 15:02:29 bcv50s1c mail:info sendmail[7397610]: p6DD2RQS561248: to=operations.backup-tsm@hp.com, ctladdr=root (0/0), delay=00:00:02, xdelay=00:00:02, mailer=relay, pri=323372, relay=mailhost.alcatel-lucent.com [135.3.39.9], dsn=2.0.0, stat=Sent (p6DD2RWY016855 Message accepted for delivery)
Jul 13 15:02:39 bcv50s1c mail:info sendmail[2277590]: p6DD2dV72277590: from=root, size=198, class=0, nrcpts=1msgid=<201107131302.p6DD2dV72277590@bcv50s1c.dc-m.alcatel-lucent.com>, relay=root@localhost
Jul 13 15:02:40 bcv50s1c mail:info sendmail[3379364]: p6DD2dV72277590: to=operations.backup-tsm@hp.com, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=120198, relay=mailhost.alcatel-lucent.com [135.3.39.9], dsn=2.0.0, stat=Sent (p6DD2dvi016914 Message accepted for delivery)
Jul 13 15:02:52 bcv50s1c mail:info sendmail[6951032]: p6DD2qNI6951032: from=root, size=119775, class=0, nrcpts=1msgid=<201107131302.p6DD2qNI6951032@bcv50s1c.dc-m.alcatel-lucent.com>, relay=root@localhost
Jul 13 15:02:55 bcv50s1c mail:info sendmail[5455930]: p6DD2qNI6951032: to=operations.backup-tsm@hp.com, ctladdr=root (0/0), delay=00:00:03, xdelay=00:00:03, mailer=relay, pri=239775, relay=mailhost.alcatel-lucent.com [135.3.39.12], dsn=2.0.0, stat=Sent (p6DD2rbw013877 Message accepted for delivery)
Jul 13 15:02:56 bcv50s1c mail:info sendmail[1392826]: p6DD2uSQ1392826: from=root, size=25692, class=0, nrcpts=1msgid=<201107131302.p6DD2uSQ1392826@bcv50s1c.dc-m.alcatel-lucent.com>, relay=root@localhost
Jul 13 15:02:58 bcv50s1c mail:info sendmail[2080784]: p6DD2uSQ1392826: to=operations.backup-tsm@hp.com, ctladdr=root (0/0), delay=00:00:02, xdelay=00:00:02, mailer=relay, pri=145692, relay=mailhost.alcatel-lucent.com [135.3.39.12], dsn=2.0.0, stat=Sent (p6DD2v7D013926 Message accepted for delivery)
Jul 13 15:02:58 bcv50s1c mail:info sendmail[2351146]: p6DD2wje2351146: from=root, size=1995, class=0, nrcpts=1msgid=<201107131302.p6DD2wje2351146@bcv50s1c.dc-m.alcatel-lucent.com>, relay=root@localhost
Jul 13 15:02:59 bcv50s1c mail:info sendmail[7397614]: p6DD2wje2351146: to=operations.backup-tsm@hp.com, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=121995, relay=mailhost.alcatel-lucent.com [135.3.39.12], dsn=2.0.0, stat=Sent (p6DD2x99013942 Message accepted for delivery)
Jul 13 15:03:02 bcv50s1c mail:info sendmail[1855650]: p6DD32Xj1855650: from=root, size=11081, class=0, nrcpts=1msgid=<201107131303.p6DD32Xj1855650@bcv50s1c.dc-m.alcatel-lucent.com>, relay=root@localhost
Jul 13 15:03:03 bcv50s1c mail:info sendmail[471058]: p6DD32Xj1855650: to=operations.backup-tsm@hp.com, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=131081, relay=mailhost.alcatel-lucent.com [135.3.39.12], dsn=2.0.0, stat=Sent (p6DD32D5013957 Message accepted for delivery)
Jul 13 15:03:05 bcv50s1c mail:info sendmail[2277600]: p6DD35Uw2277600: from=root, size=198, class=0, nrcpts=1msgid=<201107131303.p6DD35Uw2277600@bcv50s1c.dc-m.alcatel-lucent.com>, relay=root@localhost
Jul 13 15:03:06 bcv50s1c mail:info sendmail[3379374]: p6DD35Uw2277600: to=operations.backup-tsm@hp.com, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=120198, relay=mailhost.alcatel-lucent.com [135.3.39.12], dsn=2.0.0, stat=Sent (p6DD35lg013978 Message accepted for delivery)
Jul 13 15:03:09 bcv50s1c mail:info sendmail[6951042]: p6DD396R6951042: from=root, size=492, class=0, nrcpts=1msgid=<201107131303.p6DD396R6951042@bcv50s1c.dc-m.alcatel-lucent.com>, relay=root@localhost
Jul 13 15:03:10 bcv50s1c mail:info sendmail[4554754]: p6DD3AFa4554754: from=root, size=201, class=0, nrcpts=1msgid=<201107131303.p6DD3AFa4554754@bcv50s1c.dc-m.alcatel-lucent.com>, relay=root@localhost
Jul 13 15:03:10 bcv50s1c mail:info sendmail[7397618]: p6DD396R6951042: to=operations.backup-tsm@hp.com, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=120492, relay=mailhost.alcatel-lucent.com [135.3.39.12], dsn=2.0.0, stat=Sent (p6DD3AiC014002 Message accepted for delivery)
Jul 13 15:03:11 bcv50s1c mail:info sendmail[3379378]: p6DD3AFa4554754: to=operations.backup-tsm@hp.com, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=120201, relay=mailhost.alcatel-lucent.com [135.3.39.12], dsn=2.0.0, stat=Sent (p6DD3Afa014004 Message accepted for delivery)
Jul 13 15:04:49 bcv50s1c user:notice root: .CASH_I_0799 JOBTERM record being written for job 'TSM30_FRMRS081_FS'
Jul 13 15:10:55 bcv50s1c user:notice root: .CASH_I_0799 JOBTERM record being written for job 'TSM20_BCV50S4A_AD_FS'
Jul 13 15:12:50 bcv50s1c mail:info sendmail[4624610]: p6DDCo384624610: from=root, size=337, class=0, nrcpts=1msgid=<201107131312.p6DDCo384624610@bcv50s1c.dc-m.alcatel-lucent.com>, relay=root@localhost
Jul 13 15:12:52 bcv50s1c mail:info sendmail[1253384]: p6DDCo384624610: to=operations.backup-tsm@hp.com, ctladdr=root (0/0), delay=00:00:02, xdelay=00:00:02, mailer=relay, pri=120337, relay=mailhost.alcatel-lucent.com [135.3.39.11], dsn=2.0.0, stat=Sent (p6DDCpTU021106 Message accepted for delivery)
Jul 13 15:19:30 bcv50s1c mail:info sendmail[2052162]: p6DDJUTX2052162: from=root, size=1685, class=0, nrcpts=1msgid=<201107131319.p6DDJUTX2052162@bcv50s1c.dc-m.alcatel-lucent.com>, relay=root@localhost
Jul 13 15:19:32 bcv50s1c mail:info sendmail[4440254]: p6DDJUTX2052162: to=operations.backup-tsm@hp.com, ctladdr=root (0/0), delay=00:00:02, xdelay=00:00:02, mailer=relay, pri=121685, relay=mailhost.alcatel-lucent.com [135.3.39.11], dsn=2.0.0, stat=Sent (p6DDJVbW026477 Message accepted for delivery)
Jul 13 15:30:07 bcv50s1c user:notice root: .CASH_I_0120 Submitting TSM7_CONSOSQL_FS TSM7_BE_SQL15_FS 0001 1301 at node bcv50s1c (from node FRVELSSCH09)
Jul 13 15:30:07 bcv50s1c user:notice root: .CASH_I_0120 Submitting TSM50_FRMRSSUDB007_FS TSM50_FRMRSSUDB007_FS 0001 1301 at node bcv50s1c (from node FRVELSSCH09)
Jul 13 15:30:07 bcv50s1c user:notice root: .CASH_I_0798 JOBINIT record being written for job 'TSM7_BE_SQL15_FS'
Jul 13 15:30:07 bcv50s1c user:notice root: .CASH_I_0120 Submitting TSM50_FRMRSSUDB006_FS TSM50_FRMRSSUDB006_FS 0001 1301 at node bcv50s1c (from node FRVELSSCH09)
Jul 13 15:30:07 bcv50s1c user:notice root: .CASH_I_0798 JOBINIT record being written for job 'TSM50_FRMRSSUDB007_FS'
Jul 13 15:30:07 bcv50s1c user:notice root: .CASH_I_0120 Submitting TSM71_FRMRSSPKI01P_WIN_FS TSM71_FRMRSSPKI01P_WIN_FS 0001 1301 at node bcv50s1c (from node FRVELSSCH09)
Jul 13 15:30:07 bcv50s1c user:notice root: .CASH_I_0798 JOBINIT record being written for job 'TSM50_FRMRSSUDB006_FS'
Jul 13 15:30:07 bcv50s1c user:notice root: .CASH_I_0120 Submitting TSM71_FRMRSSPKI02P_WIN_FS TSM71_FRMRSSPKI02P_WIN_FS 0001 1301 at node bcv50s1c (from node FRVELSSCH09)
Jul 13 15:30:07 bcv50s1c user:notice root: .CASH_I_0798 JOBINIT record being written for job 'TSM71_FRMRSSPKI01P_WIN_FS'
Jul 13 15:30:07 bcv50s1c user:notice root: .CASH_I_0120 Submitting TSM50_FRMRSSUUCM01_FS TSM50_FRMRSSUUCM01_FS 0001 1301 at node bcv50s1c (from node FRVELSSCH09)
Jul 13 15:30:07 bcv50s1c user:notice root: .CASH_I_0798 JOBINIT record being written for job 'TSM71_FRMRSSPKI02P_WIN_FS'
Jul 13 15:30:07 bcv50s1c user:notice root: .CASH_I_0798 JOBINIT record being written for job 'TSM50_FRMRSSUUCM01_FS'
Jul 13 15:30:07 bcv50s1c user:notice root: .CASH_I_0120 Submitting TSM50_FRMRSSUUCM02_FS TSM50_FRMRSSUUCM02_FS 0001 1301 at node bcv50s1c (from node FRVELSSCH09)
Jul 13 15:30:07 bcv50s1c user:notice root: .CASH_I_0120 Submitting TSM41_FRILLSWDD03_WIN_FS TSM41_FRILLSWDD03_WIN_FS 0001 1301 at node bcv50s1c (from node FRVELSSCH09)
Jul 13 15:30:07 bcv50s1c user:notice root: .CASH_I_0798 JOBINIT record being written for job 'TSM50_FRMRSSUUCM02_FS'
Jul 13 15:30:08 bcv50s1c user:notice root: .CASH_I_0120 Submitting TSM30_BCV50SE7_FS BCV50SE7_FS 0001 1301 at node bcv50s1c (from node FRVELSSCH09)
Jul 13 15:30:08 bcv50s1c user:notice root: .CASH_I_0798 JOBINIT record being written for job 'TSM41_FRILLSWDD03_WIN_FS'
Jul 13 15:30:09 bcv50s1c user:notice root: .CASH_I_0798 JOBINIT record being written for job 'BCV50SE7_FS'
Jul 13 15:30:23 bcv50s1c user:notice root: .CASH_I_0799 JOBTERM record being written for job 'TSM7_BE_SQL15_FS'
Jul 13 15:31:22 bcv50s1c syslog:err|error syslogd: Good Bye

> Below is the logs from hp-ux server:

Jan 18 09:48:31 fr70vhvmh002 sshd[12914]: fatal: Access denied for user tsmacct by PAM account configuration [preauth]

Yes, same as originally.  Don't those errors tell you something?