Operating System - HP-UX
1748128 Members
4035 Online
108758 Solutions
New Discussion

Re: HPUX Secure Shell Help

 
Jonathan Grymes
Frequent Advisor

HPUX Secure Shell Help

I just installed the latest Secure Shell (HP-UX_11i_v2_T1471AA_A.05.90.002_HP-UX_B.11.23_IA_PA.depot). The Install completed with errors. See the output below.

 

Summary of Analysis Phase:
       * 2 of 2 filesets had no Errors or Warnings.
       * The Analysis Phase succeeded.


       * Beginning the Install Execution Phase.
       * Filesets:         2
       * Files:            631
       * Kbytes:           30711
       * Installing bundle "T1471AA,r=A.05.90.002" .
       * Installing fileset "Secure_Shell.SECSH-CMN,r=A.05.90.002" (1
         of 2).
NOTE:    A new version of "/etc/rc.config.d/sshd" has been placed on
         the system. The new version is located at
         "/opt/ssh/newconfig/etc/rc.config.d/sshd".
         The existing version of "/etc/rc.config.d/sshd" is not being
         overwritten since it appears that it has been modified by the
         administrator since it was delivered.
       * Installing fileset "Secure_Shell.SECURE_SHELL,r=A.05.90.002"
         (2 of 2).
       * Running install clean command /usr/lbin/sw/install_clean.
NOTE:    tlinstall is searching filesystem - please be patient
NOTE:    Successfully completed

       * Beginning the Configure Execution Phase.
Could not obtain seed from PRNGd^M
ERROR:   could not start sshd
ERROR:   The "configure" script for "Secure_Shell.SECSH-CMN" failed
         (exit code "1"). The script location was
         "/var/tmp/BAAa21690/catalog/Secure_Shell/SECSH-CMN/configure".
       * This script had errors and the execution of this fileset
         cannot proceed until the problem is fixed.  Check the above
         output from the script for further details.
Could not obtain seed from PRNGd^M
ERROR:   could not start sshd
ERROR:   The "configure" script for "Secure_Shell.SECURE_SHELL" failed
         (exit code "1"). The script location was
         "/var/tmp/BAAa21690/catalog/Secure_Shell/SECURE_SHELL/configure".

       * This script had errors and the execution of this fileset
         cannot proceed until the problem is fixed.  Check the above
         output from the script for further details.

       * Summary of Execution Phase:
ERROR:       Installed     Secure_Shell.SECSH-CMN,r=A.05.90.002
ERROR:       Installed     Secure_Shell.SECURE_SHELL,r=A.05.90.002

5 REPLIES 5
Torsten.
Acclaimed Contributor

Re: HPUX Secure Shell Help

This is probably the key message:

Could not obtain seed from PRNGd^M

Do you see the ^M?

Most of the times this is caused by a wrong FTP transfer of the depot file (ascii instead of binary) - this corrupts the depot!


Transfer again in binary mode, the install again.

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.

__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
Dennis Handly
Acclaimed Contributor

Re: HPUX Secure Shell Help

>caused by a wrong FTP transfer of the depot file (ascii instead of binary) - this corrupts the depot!

 

Hmm, I would have thought if the depot was corrupted, the checksums would all be bad and wouldn't even get to the configure stage.

Jonathan Grymes
Frequent Advisor

Re: HPUX Secure Shell Help

I downloaded the depot again using the HP download manager. I got the same results on the install.

Jonathan Grymes
Frequent Advisor

Re: HPUX Secure Shell Help

The ^M did not show up this time.

 

       * Installing bundle "T1471AA,r=A.05.90.002" .
       * Installing fileset "Secure_Shell.SECSH-CMN,r=A.05.90.002" (1
         of 2).
NOTE:    A new version of "/etc/rc.config.d/sshd" has been installed on
         the system.
NOTE:    A new version of "/opt/ssh/etc/ssh_config" has been installed
         on the system.
NOTE:    A new version of "/opt/ssh/etc/sshd_config" has been installed
         on the system.
NOTE:    A new version of "/opt/ssh/etc/moduli" has been installed on
         the system.
NOTE:    A new version of "/opt/ssh/etc/ssh_prng_cmds" has been
         installed on the system.
       * Installing fileset "Secure_Shell.SECURE_SHELL,r=A.05.90.002"
         (2 of 2).
       * Running install clean command /usr/lbin/sw/install_clean.
NOTE:    tlinstall is searching filesystem - please be patient
NOTE:    Successfully completed

       * Beginning the Configure Execution Phase.
Could not obtain seed from PRNGd
ERROR:   could not start sshd
ERROR:   The "configure" script for "Secure_Shell.SECSH-CMN" failed
         (exit code "1"). The script location was
         "/var/tmp/BAAa09782/catalog/Secure_Shell/SECSH-CMN/configure".
       * This script had errors and the execution of this fileset
         cannot proceed until the problem is fixed.  Check the above
         output from the script for further details.
Could not obtain seed from PRNGd
ERROR:   could not start sshd
ERROR:   The "configure" script for "Secure_Shell.SECURE_SHELL" failed
         (exit code "1"). The script location was
         "/var/tmp/BAAa09782/catalog/Secure_Shell/SECURE_SHELL/configure".

Bill Hassell
Honored Contributor

Re: HPUX Secure Shell Help

This is the problem:

 

Could not obtain seed from PRNGd
ERROR:   could not start sshd

 

This exact failure had me running around in circles. The kernel random number generator is not running. If I ran kcmodule to load the rng module manually (kcmodule rng=loaded), sshd would start normally. The root cause was very obscure. There were bad options for /stand (tranflush,mincache=dsync) which were not valid. In syslog:

 

UX:vxfs mount: ERROR: V-3-21262: option not supported on this version of vxfs.
Unable to mount /stand - please check entries in /etc/fstab
Skipping KRS database initialization - /stand can't be mounted

This means that none of the DLKM items were loaded included rng, the random number generator. After I fixed the /stand options in fstab:

/sbin/krs_sysinit:
       * The module 'rng' has been loaded.
       * The module 'gvid_info' has been loaded.
       * The module 'fdd' has been loaded.

 and sshd started normally after a reboot. Here are some factoids about the rng module:

 

rng is a dynamically loadable kernel module (DLKM). It is significantly faster and more efficient than previous RNG code. PRNGd is the classic Pseudo Random Number Generator daemon that used to be fueled by various commands that tried to generate entropy. The rng module eliminates all that overhead. In 11.11, the KRNG product helped a lot but was not a kernel module. rng first appeared at 11.23 and provides a data stream for /dev/random and /dev/urandom. init starts the DLKM load steps by running the directives in inittab which includes ioinitrc. Then ioinitrc starts krs_sysinit which loads the DLKM modules.

 

Most of the time, DLKM errors will be logged in syslog.log

 



Bill Hassell, sysadmin