HPE Community
Operating System - HP-UX
1832201 Members
2555 Online
110039 Solutions
New Discussion

relatioship between, ssh,pam.conf, password length and delay in getting password prompt

 
Rajanish C
New Member

‎04-23-2006 09:27 PM

‎04-23-2006 09:27 PM

relatioship between, ssh,pam.conf, password length and delay in getting password prompt

Hi,
i am having 2 rp series machines running hp ux 11.11 in trusted mode. After a reboot one of the machine is having problem with ssh login using putty. if i enable "use pam=yes" then it take about 2 minute to get the password prompt after i type in the user name. if i un set the "use pams=yes" option then it is giving access denied to any user having a password of more than 8 charecter length. on the other machine it is "use pams=yes" enabled and it takes paswords which are longer than 8 charecters and dont have any issue in getting the prompt too. both are running latest QPK and ssh version is 4.something.(i forgot to not this excatly)
Regards
Rajanish C
0 Kudos
Reply
8 REPLIES 8
RAC_1
Honored Contributor

‎04-23-2006 09:41 PM

‎04-23-2006 09:41 PM

Re: relatioship between, ssh,pam.conf, password length and delay in getting password prompt

Did you check nslookup on the server where you have problem? Can you do telnet and check. This will confirm if delay is associated with ssh or not. From client nslookup on slow server-on ip address and on hostname.
There is no substitute to HARDWORK
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎04-23-2006 09:42 PM

‎04-23-2006 09:42 PM

Re: relatioship between, ssh,pam.conf, password length and delay in getting password prompt

Shalom

Non-trusted hp-ux systems ignore passwords greater than 8 characters.

The delay you experience is probably a network delay, you should check /etc/resolv.conf name resolution for delays.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎04-23-2006 09:42 PM

‎04-23-2006 09:42 PM

Re: relatioship between, ssh,pam.conf, password length and delay in getting password prompt

Shalom

Non-trusted hp-ux systems ignore passwords greater than 8 characters.

The delay you experience is probably a network delay, you should check /etc/resolv.conf name resolution for delays.

swlist -l product | grep -i secure

Anything but the lastest Secure Shell is known to have problems. 4.2.004 is what you need.


SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Rajanish C
New Member

‎04-23-2006 09:45 PM

‎04-23-2006 09:45 PM

Re: relatioship between, ssh,pam.conf, password length and delay in getting password prompt

Hi,
I have mentioned it already that the system is running in trusted mode and i am not having any issue with telnet/ftp
Regards
Rajanish C
0 Kudos
Reply
RAC_1
Honored Contributor

‎04-23-2006 09:50 PM

‎04-23-2006 09:50 PM

Re: relatioship between, ssh,pam.conf, password length and delay in getting password prompt

What if you set PAM=yes and enter just first 8 chars of password?
There is no substitute to HARDWORK
0 Kudos
Reply
Haralambos
Advisor

‎04-25-2006 03:55 PM

‎04-25-2006 03:55 PM

Re: relatioship between, ssh,pam.conf, password length and delay in getting password prompt

see also the following thread:

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=1018433
0 Kudos
Reply
Rajanish C
New Member

‎04-25-2006 07:47 PM

‎04-25-2006 07:47 PM

Re: relatioship between, ssh,pam.conf, password length and delay in getting password prompt

Hi,
If i set "usePAM=yes" it solves the problem with password length but it takes a long time (around 2 minutes) for the password prompt to appear.
Regards
Rajanish C
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎04-26-2006 12:17 AM

‎04-26-2006 12:17 AM

Re: relatioship between, ssh,pam.conf, password length and delay in getting password prompt

You may want to get a trace of the sshd login to see which step is having a problem. You may find that the call to generate a random number is the culprit. Without the new random number generator (KRNG), a number of system queries are done to obtain a certain amount of entropy (randomness), some of which require a long time to run on certain configurations. See patch PHKL_27750.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.