HPE Community
Operating System - HP-UX
1831343 Members
3317 Online
110024 Solutions
New Discussion

Re: Shadow Password Product with SSH and SUDO

 
SOLVED
Go to solution
Michael R. Monteith
Advisor

‎05-29-2003 09:59 AM

‎05-29-2003 09:59 AM

Shadow Password Product with SSH and SUDO

I just installed and was testing Shadow Password B.01.00.00 and it does not work with SSH and SUDO.

I suspect it's because those products aren't using PAM authentication.

But I was wondering if there are settings somewhere that might correct this or if it's an issue with Shadow Password or the SSH or SUDO?

I haven't played with SSH or SUDO on trusted systems, but I assume they work.

0 Kudos
Reply
9 REPLIES 9
James A. Donovan
Honored Contributor

‎05-29-2003 11:42 AM

‎05-29-2003 11:42 AM

Re: Shadow Password Product with SSH and SUDO

You'll need to determine how your ssh and sudo binaries were configured at compile time. SSH will only use PAM if the --with-pam configuration option is specified. Sudo, by default, will be configured to understand shadow password files, but you must use the --with-pam option to get it to understand PAM.
Remember, wherever you go, there you are...
Reply
Michael R. Monteith
Advisor

‎06-09-2003 05:37 AM

‎06-09-2003 05:37 AM

Re: Shadow Password Product with SSH and SUDO

Thanks. We have a group that builds the product for distribution within our company. I notified them of the issue and possible solution. Hopefully this will take care of it. I'll let you know.

Thanks
Michael
0 Kudos
Reply
LORI_39
Occasional Advisor

‎06-10-2003 11:47 AM

‎06-10-2003 11:47 AM

Re: Shadow Password Product with SSH and SUDO

The openssh-3.6.1p2 binaries were recompiled using the --with-pam option. The user of the secured system can ssh out but not into the system. Any other ideas?
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎06-10-2003 11:56 AM

‎06-10-2003 11:56 AM

Re: Shadow Password Product with SSH and SUDO

Don't use sudo, but I'm a pretty experienced user of ssh.

That being said, I converted my systems to trusted, which if my pea brain molecules still work uses shadowed passwords.

Then I installed ssh and an upgrade.

I had no trouble with authentication at all, and even deployed public keys.

If you go with shadowed passwords and then install the product your results may be different.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
James A. Donovan
Honored Contributor

‎06-10-2003 12:03 PM

‎06-10-2003 12:03 PM

Solution

Re: Shadow Password Product with SSH and SUDO

On the server that cannot be logged into, you can restart the sshd daemon with the -d option. This will let you get some good diagnostic info, and maybe point to a solution. I believe -dd and -ddd are also available for even more detailed info.

On the client side, you can specify -vvv to give you verbose client connection information as well.

Without more diagnostic info, it's very difficult to say what the solution will be.
Remember, wherever you go, there you are...
Reply
Sridhar Bhaskarla
Honored Contributor

‎06-10-2003 01:00 PM

‎06-10-2003 01:00 PM

Re: Shadow Password Product with SSH and SUDO

I haven't worked on Shadow Password. Reason is that HP trusted systems offer the same feature with other bonuses.

But I worked with both ssh and sudo and both work very well with trusted systems except that ssh has a hiccup with expired passwords. Both can use PAM authentication if they are compiled with it and I believe most of the compilations are that way.

It may be something to do with Shadow Password that itself needs a PAM module to plug in.

-Sri

You may be disappointed if you fail, but you are doomed if you don't try
Reply
LORI_39
Occasional Advisor

‎06-10-2003 01:22 PM

‎06-10-2003 01:22 PM

Re: Shadow Password Product with SSH and SUDO

Donovan,
Attached is the response using -ddd on the server side.

It looks like it's not even trying to use PAM anywhere in it.

Michael
0 Kudos
Reply
James A. Donovan
Honored Contributor

‎06-11-2003 09:27 AM

‎06-11-2003 09:27 AM

Re: Shadow Password Product with SSH and SUDO

Try downloading HP's version of OpenSSH from http://www.software.hp.com, and use that to test with. If it works, then you know the issue is with your compilation of OpenSSH. If it fails then it's probably a configuration issue on your server.

Can you post the configuration options you used to generate the Makefile?

Has your /etc/pam.conf file been modified?

Remember, wherever you go, there you are...
0 Kudos
Reply
Michael R. Monteith
Advisor

‎06-25-2003 05:24 AM

‎06-25-2003 05:24 AM

Re: Shadow Password Product with SSH and SUDO

Well, they got it fixed. The wierd thing is the fix. They ended up recompiling everything. Before they were just recompiling SSH. But when they recompliled zlib and all it worked. Not sure what was wrong in the other packages that did it, but hey, it works.

Thanks
Michael
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.