Operating System - HP-UX
1834284 Members
2142 Online
110066 Solutions
New Discussion

Re: any incompatibility issues with HP-Secure Shell?

 
Nivesh Patnaik
Frequent Advisor

any incompatibility issues with HP-Secure Shell?

I am unable to connect to HP's secure shell daemon using a client from another vendor such as F-Secure.
Has anyone else encountered such an issue?
I can connect from one system using HP's ssh client to another system with the same product.
Is there something that needs to go in sshd_config to enable compatibility?

Here is some debug info:
debug1: Server will not fork when running in debugging mode.
Connection from A.B.C.D port 1075
debug1: Client protocol version 1.99; client software version 3.1.0 F-SECURE SSH
debug1: no match: 3.1.0 F-SECURE SSH
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.7.1p2-pwexp26
debug1: permanently_set_uid: 106/101
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server aes128-cbc hmac-sha1 none
debug1: kex: server->client aes128-cbc hmac-sha1 none
debug1: expecting SSH2_MSG_KEXDH_INIT
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user joe service ssh-connection method none
debug1: attempt 0 failures 0
debug1: allowed_user: entering
debug1: PAM: initializing for "joe"
I gave him his drink as usual. Some men can't hold their arsenic.
15 REPLIES 15
Sridhar Bhaskarla
Honored Contributor

Re: any incompatibility issues with HP-Secure Shell?

Hi Nirvesh,

Can you send client's debug portion. I don't see any issues so far. Though the version didn't match, it did pass that section as the protocol versions are compatible.

ssh -vvv hp-server

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
RAC_1
Honored Contributor

Re: any incompatibility issues with HP-Secure Shell?

sshd -ddd
would be better to investigate the problem.

Also is UsePAM set to yes in sshd_config file?? What version of HP SSH are you running??

Anil
There is no substitute to HARDWORK
Nivesh Patnaik
Frequent Advisor

Re: any incompatibility issues with HP-Secure Shell?

The server is running
Secure_Shell A.03.71.000 HP-UX Secure Shell

There are two HP-UX 10.20 clients that I am trying to connect from.

The first has F-Secure SSH3.1. I tried:
ssh2 -v -d99 -l joe hpserver

On the client side I see this and it just sits there for about 3 minutes:
debug: SshAppCommon/sshappcommon.c:133: Allocating global SshRegex context.
joe's password:
joe's password:
joe's password:

It doesn't validate on the password and exits.

On the server, the setting was UsePam yes.

When I change that to UsePam no, the difference that I notice is that, when attempting the cleint connection, I instantly get asked for the password. However, it doesn't validate on the password.

The user account and password are not an issue as I can connect from another HP system that has A.03.71 on it, to this hpserver.


The other client I use has OpenSSH_3.5p1.
I am able to connect with this.
I gave him his drink as usual. Some men can't hold their arsenic.
Nivesh Patnaik
Frequent Advisor

Re: any incompatibility issues with HP-Secure Shell?

Another fact:

I can connect from the F-Secure 3.1 client to a server running OpenSSH 3.5p1.

I gave him his drink as usual. Some men can't hold their arsenic.
Sridhar Bhaskarla
Honored Contributor

Re: any incompatibility issues with HP-Secure Shell?

Hi Nivesh,

Do you see any errors|messages in syslog.log when the user password is not being accepted such as "illegal user" etc.?

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Nivesh Patnaik
Frequent Advisor

Re: any incompatibility issues with HP-Secure Shell?

Only this:

Sep 10 14:01:06 hpserver sshd[26123]: Failed password for joe from A.B.C.D port 1074 ssh2

And it is from the times when I'm trying the password three times to no avail.
I gave him his drink as usual. Some men can't hold their arsenic.
Sridhar Bhaskarla
Honored Contributor

Re: any incompatibility issues with HP-Secure Shell?

Well, can you attach the complete outputs of 'sshd -ddd' and 'ssh -vvv' ?. We have only half the information.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Nivesh Patnaik
Frequent Advisor

Re: any incompatibility issues with HP-Secure Shell?

Sorry, just had to sensor the output.
The result from sshd -d -d -d is attached.

I really don't get anything on the F-Secure client side other than what I have already posted with the -d 99 option. I'll see if I can get any more client side debug, but in the mean time...
I gave him his drink as usual. Some men can't hold their arsenic.
Steven E. Protter
Exalted Contributor

Re: any incompatibility issues with HP-Secure Shell?

I have seen no issues in a mixed Linux HP-UX shop. The Linux is a PITA to upgrade so I don't bother. HP-UX is at 3.8 version.

Thats worth going to on the HP-UX side.

http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=T1471AA

My setup is currently mixed in the HP-UX side as i roll an upgrade through the server farm. I've run into no issues thus far.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Nivesh Patnaik
Frequent Advisor

Re: any incompatibility issues with HP-Secure Shell?

I'll try the upgrade and see if it makes a difference.
I gave him his drink as usual. Some men can't hold their arsenic.
Sridhar Bhaskarla
Honored Contributor

Re: any incompatibility issues with HP-Secure Shell?

From the -ddd output, obviously the password is not getting recognized. I wonder if F-secure is sending some garbage along with the password. It's tough to identify as the communication is encrypted. Try using few other clients to connect to HP system like putty and see if they work. If so, then the problem would be with F-secure.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Nivesh Patnaik
Frequent Advisor

Re: any incompatibility issues with HP-Secure Shell?

I just used Cygwin's SSH client (OpenSSH_3.9p1) and was able to connect to the HP Secure Shell daemon.

You may have a point about F-Secure being the oddball.
I gave him his drink as usual. Some men can't hold their arsenic.
Geoff Wild
Honored Contributor

Re: any incompatibility issues with HP-Secure Shell?

Yes - same issue - yhogh havn't tested with 3.81 HP Secure Shell yet.

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Nivesh Patnaik
Frequent Advisor

Re: any incompatibility issues with HP-Secure Shell?

I just upgraded to Secure_Shell A.03.81.002 and tried connecting with the F-Secure client.

It works! Will post another message if I find anything else on Monday.
I gave him his drink as usual. Some men can't hold their arsenic.
Darrell Tschakert
Regular Advisor

Re: any incompatibility issues with HP-Secure Shell?

Just loaded Secure ShellA.03.81.002 on a 11.00 HP-UX and can access the sshd with SecureCRT client, Cygwin ssh, and SSH Tectia Client.

However, we do have a problem with all of these clients once I get logged in. The stty intr character does not work. Does not work whether I set it to ^C, DEL, or ^A. The intrupt character works fine when I ssh into a linux sshd, but they will not work with the HP-UX sshd.

Darrell Tschakert
I'll add a quote when I think of one.