HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Querry on HP Secure SSH
Operating System - HP-UX
1830054
Members
6834
Online
109998
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-07-2009 06:18 AM
07-07-2009 06:18 AM
We are upgrading from version A.04.70.009. When I installed the 5.20.004, the log contained the following messages.
: A new version of "/opt/ssh/etc/ssh_config" has been placed on
the system. The new version is located at
"/opt/ssh/newconfig/opt/ssh/etc/ssh_config".
Do I need to move the new config files to /opt/ssh/etc and apply the configuration changes that were previously done? Once I do this will it allow me to use the new chroot functionality described in section 1.9 part F(configuring SFTP) of the /opt/ssh/README.hp file. Once the line sshd_config is change so the line Subsystem sftp /opt/ssh/libexec/sftp-server is replaced by Subsystem sftp internal-sfp and ChrootDirectory /opt/anonftp, can users that do not have /opt/anonftp as their home directory still use sftp and scp to the server?
Here is the Full log
* Installing bundle "T1471AA,r=A.05.20.004" .
* Installing fileset "Secure_Shell.SECURE_SHELL,r=A.05.20.004"
(1 of 1).
NOTE: A new version of "/etc/rc.config.d/sshd" has been installed on
the system.
NOTE: A new version of "/opt/ssh/etc/ssh_config" has been placed on
the system. The new version is located at
"/opt/ssh/newconfig/opt/ssh/etc/ssh_config".
The existing version of "/opt/ssh/etc/ssh_config" is not being
overwritten since it appears that it has been modified by the
administrator since it was delivered.
NOTE: A new version of "/opt/ssh/etc/sshd_config" has been placed on
the system. The new version is located at
"/opt/ssh/newconfig/opt/ssh/etc/sshd_config".
The existing version of "/opt/ssh/etc/sshd_config" is not
being overwritten since it appears that it has been modified
by the administrator since it was delivered.
NOTE: A new version of "/opt/ssh/etc/moduli" has been installed on
the system.
* Running install clean command /usr/lbin/sw/install_clean.
NOTE: tlinstall is searching filesystem - please be patient
NOTE: Successfully completed
* Beginning the Configure Execution Phase.
* Summary of Execution Phase:
* 1 of 1 filesets had no Errors or Warnings.
* The Execution Phase succeeded.
: A new version of "/opt/ssh/etc/ssh_config" has been placed on
the system. The new version is located at
"/opt/ssh/newconfig/opt/ssh/etc/ssh_config".
Do I need to move the new config files to /opt/ssh/etc and apply the configuration changes that were previously done? Once I do this will it allow me to use the new chroot functionality described in section 1.9 part F(configuring SFTP) of the /opt/ssh/README.hp file. Once the line sshd_config is change so the line Subsystem sftp /opt/ssh/libexec/sftp-server is replaced by Subsystem sftp internal-sfp and ChrootDirectory /opt/anonftp, can users that do not have /opt/anonftp as their home directory still use sftp and scp to the server?
Here is the Full log
* Installing bundle "T1471AA,r=A.05.20.004" .
* Installing fileset "Secure_Shell.SECURE_SHELL,r=A.05.20.004"
(1 of 1).
NOTE: A new version of "/etc/rc.config.d/sshd" has been installed on
the system.
NOTE: A new version of "/opt/ssh/etc/ssh_config" has been placed on
the system. The new version is located at
"/opt/ssh/newconfig/opt/ssh/etc/ssh_config".
The existing version of "/opt/ssh/etc/ssh_config" is not being
overwritten since it appears that it has been modified by the
administrator since it was delivered.
NOTE: A new version of "/opt/ssh/etc/sshd_config" has been placed on
the system. The new version is located at
"/opt/ssh/newconfig/opt/ssh/etc/sshd_config".
The existing version of "/opt/ssh/etc/sshd_config" is not
being overwritten since it appears that it has been modified
by the administrator since it was delivered.
NOTE: A new version of "/opt/ssh/etc/moduli" has been installed on
the system.
* Running install clean command /usr/lbin/sw/install_clean.
NOTE: tlinstall is searching filesystem - please be patient
NOTE: Successfully completed
* Beginning the Configure Execution Phase.
* Summary of Execution Phase:
* 1 of 1 filesets had no Errors or Warnings.
* The Execution Phase succeeded.
Solved! Go to Solution.
7 REPLIES 7
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-07-2009 06:20 AM
07-07-2009 06:20 AM
Re: Querry on HP Secure SSH
Shalom,
If you did customization, you may need to make those changes again.
Not sure, but that is my interpretation of the message.
Though Secure Shell install is pretty smart, and I've never had to make customization more than once.
SEP
If you did customization, you may need to make those changes again.
Not sure, but that is my interpretation of the message.
Though Secure Shell install is pretty smart, and I've never had to make customization more than once.
SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-07-2009 07:17 AM
07-07-2009 07:17 AM
Re: Querry on HP Secure SSH
will it allow me to use the new chroot functionality?
Once the line sshd_config is change so the line Subsystem sftp /opt/ssh/libexec/sftp-server is replaced by Subsystem sftp internal-sfp and ChrootDirectory /opt/anonftp, can users that do not have /opt/anonftp as their home directory still use sftp and scp to the server?
Please advice....
Once the line sshd_config is change so the line Subsystem sftp /opt/ssh/libexec/sftp-server is replaced by Subsystem sftp internal-sfp and ChrootDirectory /opt/anonftp, can users that do not have /opt/anonftp as their home directory still use sftp and scp to the server?
Please advice....
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-07-2009 07:22 AM
07-07-2009 07:22 AM
Re: Querry on HP Secure SSH
Secure Shell ships with a chroot script.
I find it to be a big hassle to configure, but it can be made to work.
HP-UX Secure shell and chroot environments.
http://docs.hp.com/en/T1471-90026/ch01s14.html
SEP
I find it to be a big hassle to configure, but it can be made to work.
HP-UX Secure shell and chroot environments.
http://docs.hp.com/en/T1471-90026/ch01s14.html
SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-07-2009 07:19 PM
07-07-2009 07:19 PM
Re: Querry on HP Secure SSH
You can do configuration changes on your newly installed configuration file and add it to PATH variable. It should work most of the cases. If it not worked then you need move these new configuration files to old location.
Thanks
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-07-2009 10:05 PM
07-07-2009 10:05 PM
Re: Querry on HP Secure SSH
Hi,
As far as config files are concerned u can use
command line option -f while
starting sshd. Also if it is starting automatically
u can pass parameter "-f" to
SSHD_ARGS variable in file /etc/rc.config.d/sshd.
The default location is /opt/ssh/etc/sshd_config
Regards
-Santosh
As far as config files are concerned u can use
command line option -f
starting sshd. Also if it is starting automatically
u can pass parameter "-f
SSHD_ARGS variable in file /etc/rc.config.d/sshd.
The default location is /opt/ssh/etc/sshd_config
Regards
-Santosh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-08-2009 05:53 AM
07-08-2009 05:53 AM
Re: Querry on HP Secure SSH
Well i still get a precise answer for this..
1) When I installed the new version of secure SSH it put the new versions of the ssh_config and sshd_config into the directory /opt/ssh/newconfig/opt/ssh/etc/ instead of into /opt/ssh/etc. Am I suppose to apply the changes made previously to these files and leave them in /opt/ssh/newconfig/opt/ssh/etc or do I need to copy them to /opt/ssh/etc before I restart sshd. The logfiles produced from the install of the software does not specify.
2) Do not want to run the use /opt/ssh/utils/ssh_chroot_setup.sh to create a chrooted environment. It is too messy and is an adminstration nightmare as it copies in a bunch of system files that need to be updated into the environment. Was hoping to use the new functionality specified in section 1.9 part F(configuring SFTP) of the /opt/ssh/README.hp file to jail the user. Need to know whether implementing this only allows the chrooted users to use sftp.
1) When I installed the new version of secure SSH it put the new versions of the ssh_config and sshd_config into the directory /opt/ssh/newconfig/opt/ssh/etc/ instead of into /opt/ssh/etc. Am I suppose to apply the changes made previously to these files and leave them in /opt/ssh/newconfig/opt/ssh/etc or do I need to copy them to /opt/ssh/etc before I restart sshd. The logfiles produced from the install of the software does not specify.
2) Do not want to run the use /opt/ssh/utils/ssh_chroot_setup.sh to create a chrooted environment. It is too messy and is an adminstration nightmare as it copies in a bunch of system files that need to be updated into the environment. Was hoping to use the new functionality specified in section 1.9 part F(configuring SFTP) of the /opt/ssh/README.hp file to jail the user. Need to know whether implementing this only allows the chrooted users to use sftp.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-08-2009 06:22 AM
07-08-2009 06:22 AM
Solution
Hey;
1. If you want to use the new configuration files, then you should move them into /opt/ssh/etc and update them for your environment. As previous posters have pointed out, you don't absolutely have to do this, but if you don't, you'll also be editing init scripts to tell sshd where to find the configuration file.
2. Don't know the answer to this one; you'll have to experiment. I do know that locking users down to scp/sftp only in ssh tends to be a mite difficult. I know of a way using forced commands and ssh/public key authentication but tends to be a bit kludgey. Even then, I'm not sure of sftp. You can either google search or post another question if your experiments don't show you a valid method.
Doug O'Leary
------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
1. If you want to use the new configuration files, then you should move them into /opt/ssh/etc and update them for your environment. As previous posters have pointed out, you don't absolutely have to do this, but if you don't, you'll also be editing init scripts to tell sshd where to find the configuration file.
2. Don't know the answer to this one; you'll have to experiment. I do know that locking users down to scp/sftp only in ssh tends to be a mite difficult. I know of a way using forced commands and ssh/public key authentication but tends to be a bit kludgey. Even then, I'm not sure of sftp. You can either google search or post another question if your experiments don't show you a valid method.
Doug O'Leary
------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP