HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- openssh connect problem
Operating System - HP-UX
1833137
Members
3609
Online
110051
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-27-2003 05:05 AM
08-27-2003 05:05 AM
openssh connect problem
I am having the same problem as the following post but I do not understand why.
http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x3388227a6ab4d711900a0090279cd0f9,00.html
This post was a while back and it indicates a different version of openssh than the one I am using. Which according to this post is supposed to be a "known good binary version".
http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0xcada68da2286d711abdc0090277a778c,00.html
I do not understand that "the problem is not with the HP Box" but with ssh indicating that it might be the client but I do not understand how that could be. At any rate, I do not have access to a machine to compile the patch.
Has anyone else run into this problem? I have to believe it is a configuration problem.
http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x3388227a6ab4d711900a0090279cd0f9,00.html
This post was a while back and it indicates a different version of openssh than the one I am using. Which according to this post is supposed to be a "known good binary version".
http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0xcada68da2286d711abdc0090277a778c,00.html
I do not understand that "the problem is not with the HP Box" but with ssh indicating that it might be the client but I do not understand how that could be. At any rate, I do not have access to a machine to compile the patch.
Has anyone else run into this problem? I have to believe it is a configuration problem.
7 REPLIES 7
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-27-2003 05:46 AM
08-27-2003 05:46 AM
Re: openssh connect problem
The patch programm is not part of the base OS.
You can download it from
http://big.asknet.de/hppd/hpux/Sysadmin/patch-2.5.4/
( the 11.00 version will work for 11.11, too)
If it not works try the ssh client from HP.
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=T1471AA
HTH
Roland
You can download it from
http://big.asknet.de/hppd/hpux/Sysadmin/patch-2.5.4/
( the 11.00 version will work for 11.11, too)
If it not works try the ssh client from HP.
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=T1471AA
HTH
Roland
Sometimes you lose and sometimes the others win
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-27-2003 05:51 AM
08-27-2003 05:51 AM
Re: openssh connect problem
It might actually be a problem on your HP box. If you are running a compiled version of openssh instead of...
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=T1471AA
You might not have pam integration correct.
You also might want to check this:
swlist -l product | grep -i pam
Make sure pam is installed on the HP-UX box. If not, its on the Application CD's and available at http:/software.hp.com
SEP
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=T1471AA
You might not have pam integration correct.
You also might want to check this:
swlist -l product | grep -i pam
Make sure pam is installed on the HP-UX box. If not, its on the Application CD's and available at http:/software.hp.com
SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-27-2003 06:02 AM
08-27-2003 06:02 AM
Re: openssh connect problem
Have you installed the patches
PHCO_24839 or
PHCO_27037
Check this.
HTH
Roland
PHCO_24839 or
PHCO_27037
Check this.
HTH
Roland
Sometimes you lose and sometimes the others win
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-27-2003 10:55 PM
08-27-2003 10:55 PM
Re: openssh connect problem
I used this patch (that I downloaded from a forum somewehere near here) and it cured all my PAM problems:
================
cat > hp_pam.patch
diff -r -c openssh-3.4p1/auth-pam.c openssh-3.4p1-dw/auth-pam.c
*** openssh-3.4p1/auth-pam.c Tue May 7 21:27:56 2002
--- openssh-3.4p1-dw/auth-pam.c Mon Jul 15 15:37:57 2002
***************
*** 294,299 ****
--- 294,311 ----
session_opened = 1;
}
+ /* Set the TTY after session is open */
+ void do_pam_set_tty(const char *ttyname) {
+ int pam_retval;
+ if (ttyname != NULL) {
+ debug("PAM setting tty to \"%.200s\"", ttyname);
+ pam_retval = pam_set_item(__pamh, PAM_TTY, ttyname);
+ if (pam_retval != PAM_SUCCESS)
+ fatal("PAM set tty failed[%d]: %.200s",
+ pam_retval, PAM_STRERROR(__pamh, pam_retval));
+ }
+ }
+
/* Set PAM credentials */
void do_pam_setcred(int init)
{
diff -r -c openssh-3.4p1/auth-pam.h openssh-3.4p1-dw/auth-pam.h
*** openssh-3.4p1/auth-pam.h Thu Apr 4 13:02:28 2002
--- openssh-3.4p1-dw/auth-pam.h Mon Jul 15 15:36:34 2002
***************
*** 12,17 ****
--- 12,18 ----
int do_pam_authenticate(int flags);
int do_pam_account(char *username, char *remote_user);
void do_pam_session(char *username, const char *ttyname);
+ void do_pam_set_tty(const char *ttyname);
void do_pam_setcred(int init);
void print_pam_messages(void);
int is_pam_password_change_required(void);
diff -r -c openssh-3.4p1/session.c openssh-3.4p1-dw/session.c
*** openssh-3.4p1/session.c Wed Jun 26 08:51:06 2002
--- openssh-3.4p1-dw/session.c Tue Jul 16 07:52:35 2002
***************
*** 461,467 ****
session_proctitle(s);
#if defined(USE_PAM)
- do_pam_session(s->pw->pw_name, NULL);
do_pam_setcred(1);
if (is_pam_password_change_required())
packet_disconnect("Password change required but no "
--- 461,466 ----
***************
*** 579,585 ****
ttyfd = s->ttyfd;
#if defined(USE_PAM)
! do_pam_session(s->pw->pw_name, s->tty);
do_pam_setcred(1);
#endif
--- 578,584 ----
ttyfd = s->ttyfd;
#if defined(USE_PAM)
! do_pam_set_tty(s->tty);
do_pam_setcred(1);
#endif
***************
*** 1204,1209 ****
--- 1203,1215 ----
* Reestablish them here.
*/
do_pam_setcred(0);
+
+ /*
+ * We need to open the session here because PAM on HP-UX does not
+ * work after the call to permanently_set_uid.
+ */
+ do_pam_session(pw->pw_name,NULL);
+
# endif /* USE_PAM */
# if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY)
irix_setusercontext(pw);
======================
Now patch the source-code as follows: patch ???p1 < hp_pam.patch
To do the compile I used:
cat > make_ssh
if [[ -r ./config.status ]] ; then
rm ./config.status
fi
sh ./configure --prefix=/usr/local --sysconfdir=/usr/local/etc --with-tcp-wrappers --with-pid-dir=/var/run/sudo --with-ssl-dir=/usr/local/ssl --with-authenticate --with-logging=file --with-goodpri=info --with-badpri=warning --without-mail-if-no-user --with-passprompt="Enter Your Password: " --with-umask=027 --with-timeout=5 --with-password-timeout=1 -tempdir=/var/tmp ???disable-suid-ssh --with-chroot --without-scard --disable-root-sudo | tee /tmp/sshbuild.log && make && make install-nokeys
====
Run sh make_ssh, et viola!
Good luck,
Andrew
================
cat > hp_pam.patch
diff -r -c openssh-3.4p1/auth-pam.c openssh-3.4p1-dw/auth-pam.c
*** openssh-3.4p1/auth-pam.c Tue May 7 21:27:56 2002
--- openssh-3.4p1-dw/auth-pam.c Mon Jul 15 15:37:57 2002
***************
*** 294,299 ****
--- 294,311 ----
session_opened = 1;
}
+ /* Set the TTY after session is open */
+ void do_pam_set_tty(const char *ttyname) {
+ int pam_retval;
+ if (ttyname != NULL) {
+ debug("PAM setting tty to \"%.200s\"", ttyname);
+ pam_retval = pam_set_item(__pamh, PAM_TTY, ttyname);
+ if (pam_retval != PAM_SUCCESS)
+ fatal("PAM set tty failed[%d]: %.200s",
+ pam_retval, PAM_STRERROR(__pamh, pam_retval));
+ }
+ }
+
/* Set PAM credentials */
void do_pam_setcred(int init)
{
diff -r -c openssh-3.4p1/auth-pam.h openssh-3.4p1-dw/auth-pam.h
*** openssh-3.4p1/auth-pam.h Thu Apr 4 13:02:28 2002
--- openssh-3.4p1-dw/auth-pam.h Mon Jul 15 15:36:34 2002
***************
*** 12,17 ****
--- 12,18 ----
int do_pam_authenticate(int flags);
int do_pam_account(char *username, char *remote_user);
void do_pam_session(char *username, const char *ttyname);
+ void do_pam_set_tty(const char *ttyname);
void do_pam_setcred(int init);
void print_pam_messages(void);
int is_pam_password_change_required(void);
diff -r -c openssh-3.4p1/session.c openssh-3.4p1-dw/session.c
*** openssh-3.4p1/session.c Wed Jun 26 08:51:06 2002
--- openssh-3.4p1-dw/session.c Tue Jul 16 07:52:35 2002
***************
*** 461,467 ****
session_proctitle(s);
#if defined(USE_PAM)
- do_pam_session(s->pw->pw_name, NULL);
do_pam_setcred(1);
if (is_pam_password_change_required())
packet_disconnect("Password change required but no "
--- 461,466 ----
***************
*** 579,585 ****
ttyfd = s->ttyfd;
#if defined(USE_PAM)
! do_pam_session(s->pw->pw_name, s->tty);
do_pam_setcred(1);
#endif
--- 578,584 ----
ttyfd = s->ttyfd;
#if defined(USE_PAM)
! do_pam_set_tty(s->tty);
do_pam_setcred(1);
#endif
***************
*** 1204,1209 ****
--- 1203,1215 ----
* Reestablish them here.
*/
do_pam_setcred(0);
+
+ /*
+ * We need to open the session here because PAM on HP-UX does not
+ * work after the call to permanently_set_uid.
+ */
+ do_pam_session(pw->pw_name,NULL);
+
# endif /* USE_PAM */
# if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY)
irix_setusercontext(pw);
======================
Now patch the source-code as follows: patch ???p1 < hp_pam.patch
To do the compile I used:
cat > make_ssh
if [[ -r ./config.status ]] ; then
rm ./config.status
fi
sh ./configure --prefix=/usr/local --sysconfdir=/usr/local/etc --with-tcp-wrappers --with-pid-dir=/var/run/sudo --with-ssl-dir=/usr/local/ssl --with-authenticate --with-logging=file --with-goodpri=info --with-badpri=warning --without-mail-if-no-user --with-passprompt="Enter Your Password: " --with-umask=027 --with-timeout=5 --with-password-timeout=1 -tempdir=/var/tmp ???disable-suid-ssh --with-chroot --without-scard --disable-root-sudo | tee /tmp/sshbuild.log && make && make install-nokeys
====
Run sh make_ssh, et viola!
Good luck,
Andrew
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-28-2003 06:03 AM
08-28-2003 06:03 AM
Re: openssh connect problem
I appreciate the answers here. The System Admin and myself will need to consider how we will proceed. I am leaning toward using the HP ssh server.
I will update the thread with the action we took.
I will update the thread with the action we took.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-28-2003 06:09 AM
08-28-2003 06:09 AM
Re: openssh connect problem
Quick solver. I've run into this just yesterday.
Edit your sshd_config file and change the line
#UsePrivilegeSeparation yes
to
UsePrivilegeSeparation no
Then, restart sshd. You should be able to login. I'm saying you this because the published patch didn't solve my problems.
HTH
Paulo Fessel
Edit your sshd_config file and change the line
#UsePrivilegeSeparation yes
to
UsePrivilegeSeparation no
Then, restart sshd. You should be able to login. I'm saying you this because the published patch didn't solve my problems.
HTH
Paulo Fessel
L'employé propose, le boss dispose.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-28-2003 03:21 PM
08-28-2003 03:21 PM
Re: openssh connect problem
We converted to HP's distribution of ssh and haven't had a problem since.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP