HPE Community
Operating System - HP-UX
1823986 Members
4278 Online
109667 Solutions
New Discussion юеВ

ssh problem

 
sapi
Advisor

тАО01-19-2006 01:01 PM

тАО01-19-2006 01:01 PM

ssh problem

dear,

I have hp server N4000, hpux 11.11
I have problem when ssh to my server, error message from system:

from syslog.log:
error: openpty: Bad file number
error: session_pty_req: session 0 alloc failed

from session (putty):
login: user1
PASSCODE : *******
Server refused to allocate pty

configuration in kernel:
npty 60 - 60
nstrpty 60 - 60
nstrtel 60 - 60

if we connect to server via telnet, there is no problem.

we used ssh softaware form hp, T1471AA_A.04.00.000_HP-UX_B.11.11_32+64.depot

any guest for this problem ??


thx

-yut-


0 Kudos
9 REPLIES 9
RAC_1
Honored Contributor

тАО01-19-2006 01:04 PM

тАО01-19-2006 01:04 PM

Re: ssh problem

Set all those settings to 1024 and create device files.

# cd /dev

# insf d pty s 1024 e v

# insf d ptm s 1024 e v

# insf -d telm s 1024 e v

# insf -d tels s 1024 e -v
There is no substitute to HARDWORK
0 Kudos
sapi
Advisor

тАО01-19-2006 01:38 PM

тАО01-19-2006 01:38 PM

Re: ssh problem

I just configure kernel parameter base on your comment:

user pasword use RSA secureID.
error message from syslog.log:

Jan 20 09:32:32 rstrtap2 sshd[2294]: illegal entry in pam.conf: missing field
Jan 20 09:32:43 rstrtap2 sshd[2294]: Accepted keyboard-interactive/pam for user1 from 10.2.133.150 port 3937 ssh2
Jan 20 09:32:43 rstrtap2 sshd[2294]: error: openpty: Bad file number
Jan 20 09:32:43 rstrtap2 sshd[2294]: error: session_pty_req: session 0 alloc failed
0 Kudos
RAC_1
Honored Contributor

тАО01-19-2006 01:44 PM

тАО01-19-2006 01:44 PM

Re: ssh problem

ssh is complainging about bad pam.cnf file. Did you do any changes there?? Just copy over the old /etc/pam.conf and try.
There is no substitute to HARDWORK
0 Kudos
sapi
Advisor

тАО01-19-2006 01:48 PM

тАО01-19-2006 01:48 PM

Re: ssh problem

# more /etc/pam.conf
#
# PAM configuration
#
# Authentication management
#
sshd auth required /usr/lib/security/pam_securid.1
login auth required /usr/lib/security/libpam_unix.1
su auth required /usr/lib/security/libpam_unix.1
dtlogin auth required /usr/lib/security/libpam_unix.1
dtaction auth required /usr/lib/security/libpam_unix.1
ftp auth required /usr/lib/security/libpam_unix.1
OTHER auth required /usr/lib/security/libpam_unix.1
#
test
# Account management
#
login account required /usr/lib/security/libpam_unix.1
su account required /usr/lib/security/libpam_unix.1
dtlogin account required /usr/lib/security/libpam_unix.1
dtaction account required /usr/lib/security/libpam_unix.1
ftp account required /usr/lib/security/libpam_unix.1
#
OTHER account required /usr/lib/security/libpam_unix.1
#
# Session management
#
login session required /usr/lib/security/libpam_unix.1
dtlogin session required /usr/lib/security/libpam_unix.1
dtaction session required /usr/lib/security/libpam_unix.1
OTHER session required /usr/lib/security/libpam_unix.1
#
# Password management
#
login password required /usr/lib/security/libpam_unix.1
passwd password required /usr/lib/security/libpam_unix.1
dtlogin password required /usr/lib/security/libpam_unix.1
dtaction password required /usr/lib/security/libpam_unix.1
OTHER password required /usr/lib/security/libpam_unix.1



/usr/lib/security/pam_securid.1 ==> use for RSA secureid
0 Kudos
Joseph Loo
Honored Contributor

тАО01-19-2006 02:33 PM

тАО01-19-2006 02:33 PM

Re: ssh problem

hi yut,

so u have amended /etc/pam.conf by adding the sshd line? how abt reverting back to original and test it again.

also, u may like to install the latest version:

http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=T1471AA

regards.
what you do not see does not mean you should not believe
0 Kudos
sapi
Advisor

тАО01-19-2006 03:02 PM

тАО01-19-2006 03:02 PM

Re: ssh problem

hi joseph,

i already install latest secure shell (T1471AA_A.04.20.004_HP-UX_B.11.11_32+64.depot), but we canot login to server via ssh yet. via telnet is no problem.this grep message at syslog.log:

Jan 20 10:57:52 rstrtap2 sshd[3677]: error: openpty: Error 0
Jan 20 10:57:52 rstrtap2 sshd[3719]: error: session_pty_req: session 0 alloc failed
0 Kudos
RAC_1
Honored Contributor

тАО01-19-2006 03:34 PM

тАО01-19-2006 03:34 PM

Re: ssh problem

Post sshd -ddd and ssh -vvv

Also, you sure that you did insf for device files?? Can you see additional device files now?? ll /dev/pty | wc -l
There is no substitute to HARDWORK
0 Kudos
sapi
Advisor

тАО01-19-2006 05:08 PM

тАО01-19-2006 05:08 PM

Re: ssh problem

yes, i'm sure, this:
# ll /dev/pty | wc -l
1025
You have mail in /var/mail/root
# cd /opt/ssh/etc
# ls
moduli ssh_host_key ssh_prng_cmds
ssh_config ssh_host_key.pub sshd_config
ssh_host_dsa_key ssh_host_rsa_key
ssh_host_dsa_key.pub ssh_host_rsa_key.pub
# more sshd_config
# $OpenBSD: sshd_config,v 1.70 2004/12/23 23:11:00 djm Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.

#Port 22
Protocol 2
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /opt/ssh/etc/ssh_host_key
# HostKeys for protocol version 2
#HostKey /opt/ssh/etc/ssh_host_rsa_key
#HostKey /opt/ssh/etc/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768

# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#CountKeyAuthBadLogins no

# Auth selection
#
#HostbasedAuthAllowUsers
#HostbasedAuthDenyUsers
#PubkeyAuthAllowUsers
#PubkeyAuthDenyUsers
#KerberosAuthAllowUsers
#KerberosAuthDenyUsers
#KerberosOrLocalPasswdAllowUsers
#KerberosOrLocalPasswdDenyUsers
#PasswordAuthAllowUsers
#PasswordAuthDenyUsers
#ChallRespAuthAllowUsers [pam] user1 user2 ...
#ChallRespAuthDenyUsers [pam] user1 user2 ...
#ChallRespAuthAllowUsers [bsdauth] user1 user2 ...
#ChallRespAuthDenyUsers [bsdauth] user1 user2 ...
#ChallRespAuthAllowUsers [skey] user1 user2 ...
#ChallRespAuthDenyUsers [skey] user1 user2 ...
#ChallRespAuthAllowUsers [securid] user1 user2 ...
#ChallRespAuthDenyUsers [securid] user1 user2 ...
#GSSAPIAuthAllowUsers
#GSSAPIAuthDenyUsers

RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
KerberosAuthentication yes
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication mechanism.
# Depending on your PAM configuration, this may bypass the setting of
# PasswordAuthentication, PermitEmptyPasswords, and
# "PermitRootLogin without-password". If you just want the PAM account and
# session checks to run without PAM authentication, then enable this but set
# ChallengeResponseAuthentication=no
UsePAM yes

#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
X11UseLocalhost no
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#EnforceSecureTTY no
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10

# no default banner path
#Banner /some/path

# override default of no subsystems
Subsystem sftp /opt/ssh/libexec/sftp-server

# sftp-server logging
#LogSftp no
#SftpLogFacility AUTH
#SftpLogLevel INFO

# sftp-server umask control
#SftpUmask
#SftpPermitChmod yes
#SftpPermitChown yes


# more ssh_config
# $OpenBSD: ssh_config,v 1.20 2005/01/28 09:45:53 dtucker Exp $

# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

# Host *
# ForwardAgent no
# ForwardX11 no
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
# HostbasedAuthentication no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# Port 22
Protocol 2
HashKnownHosts yes
# Cipher 3des
# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes2
56-cbc



0 Kudos
sapi
Advisor

тАО01-22-2006 05:48 PM

тАО01-22-2006 05:48 PM

Re: ssh problem

configure at sshd_config
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.