Re: SSH question

de049 · ‎11-04-2008

Hi all,

Before you all start pulling yer hair out with my question, let me start by saying i'm new to HP-UX and SSH so need to get a simple answer before considering the technical approach to my problem.

Basically, i want to get my HP-UX server working on SSH from remote access as opposed to telnet access as has been the case until now.

I have found hundreds of threads and papers that have simply blown me away. Can someone offer a simple, 2D response to the following (before looking at what needs to be installed, setup etc.

I wish to setup SSH whereby users are always asked the passwords, no keys required i guess, right? Therefore, whats the easiest way to setup SSH on my HP-UX 11.i server?

My knowledge of installing stuff on this OS is also basic, so please bet gentle and the more "For Dummies" approach you take to educate me the better :-)

Hoping someone finds the patience......

A Million thanks!

Dwayne

Amarnath D · ‎11-04-2008

Hi Dwayne,

Can i know what SSH application your are using is OpenSSH or Tectia or any other?

Cheers,
Amar

Danny Petterson - DK · ‎11-04-2008

Go to this site:

http://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=T1471AA

...and download ssh if you dont already got it.

And instead of reinventing the wheel. I will refer to this document:

How to install:
http://docs.hp.com/en/5992-4213/ch02s02.html#babcefha

...and the entire document:
http://docs.hp.com/en/5992-4213/index.html

You dont have to read on all the configuration-things, just concentrate on how to install.

When its done, test it. If it works, disable ftp, telnet rlogin etc. in /etc/inetd.conf (by marking those lines out with a #), and restarting the inetd (/sbin/init.d/inetd stop and then /sbin/init.d/inetd start). This will prevent use of those unsecure services. BUT - remember to take a copy of /etc/inetd.conf before you do the changes, then you will have a chance to roll back if something fails.

Please, just ask here if you got any additional questions.

de049 · ‎11-04-2008

Hi guys,

Thanks for the very prompt response. Basically, to answer the 1st question, i am using either Putty or an application we use in house called Reflection.

With regards the rest, i take it there's no way of setting up SSH without installing stuff, correct? Its not as straight forward as connecting from any remote PC via telnet.

Darn! I'll give your recommendations a try anyway.

thanks laods

Ivan Krastev · ‎11-04-2008

And for disabling key authentication set this to NO:
PubkeyAuthentication NO

http://www.docs.hp.com/en/5992-4213/apas02.html#v1230053

regards,
ivan

de049 · ‎11-04-2008

Guys,

i've installed and tested it. It connects PERFECTLY now. Million thanks for doing just what i pledged for - simple explanation of my problem.

I really appreciate this. I was always looking much deeper and thats why i think i kept getting overwhelmed and lost.

I shall now proceed to blocking other forms of access as recommended.

Thanks again guys ;-)

Dwayne

Dennis Handly · ‎11-04-2008

>Thanks again guys ;-)

If their answers were helpful, please read the following about assigning points:
http://forums.itrc.hp.com/service/forums/helptips.do?#33

de049 · ‎11-04-2008

Ok, i've just tried to # out the telnet option in my /etc/inetd.conf file, then stop and start the service, but everytime i vi the file again to check it, the # is not stored infront of the telnet line. I am sure i'm saving the file ok using either ZZ or :w!

ANy advice? I have tested via telnet and still connect.

thanks

Danny Petterson - DK · ‎11-04-2008

Hi - when you save in vi, after changing the files
Press ESC
:x!

then you write and exit

Suraj K Sankari · ‎11-04-2008

Hi,

Or you can use
Hit Esc
then
:wq!

Suraj

de049 · ‎11-04-2008

strange, tried all those but still it wont stick.

Why when i do a CAT on inetd.conf i get a different content to VI inetd.conf?

If i do CAT i see no TELNET entries listed. If i do VI, i see telnet but i always loose the # i put infront of it.

thanks

Suraj K Sankari · ‎11-04-2008

Hi,

Please set your terminal.
can you post your .profile
I think due to terminal setting you are facing this problem.

Suraj

Danny Petterson - DK · ‎11-04-2008

Yeah, as stated above, let us know your term:

echo $TERM

and lets see your profile:
cat ~/.profile

de049 · ‎11-04-2008

echo $TERM = vt220

profile = export TERM

EDITOR=vi
export EDITOR

fi # if !VUE

# Set up shell environment:

set -u # error if undefined variable.
trap "echo 'logout root'" 0 # what to do on exit.

# Set up shell variables:

MAIL=/var/mail/root
# don't export, so only login shell checks.

echo "WARNING: YOU ARE SUPERUSER !!\n"
# Inserted by MV38 installation
export MV38=/opt/mv38/MV38v11.3.1

Danny Petterson - DK · ‎11-04-2008

echo vt100 >> ~/.profile

Logout and login again - see if it helps.

Suraj K Sankari · ‎11-04-2008

Hi de049,

As said by Danny did you changed vt220 to vt100
if yes then tell us still you are facing problem.

Suraj

de049 · ‎11-04-2008

ok, yes it works now. Basically, it was a combo of the VT terminal and the fact my client software wasn't fully displaying the exact content. I adjusted the terminal rows and all is now displayed via CAT and VI identically.

Thanks guys. You've been incredible!!!

Suraj K Sankari · ‎11-04-2008

Hi Dwayne,

KEEP ASSIGNING POINTS TO THOSE WHO SPEND THEIR VALUABLE TIME FOR YOU.

http://forums11.itrc.hp.com/service/forums/helptips.do?#33

Suraj

Danny Petterson - DK · ‎11-04-2008

Easy Guys, Im sure Dwayne will, he just needs to get his work done first - Im sure we can wait, its not that important :-)

Take care everybody
Yours
Danny

de049 · ‎11-04-2008

Dont worry i will assign the much deserved points right away.

One last thing. ever since i played around with the VT profile changes, i keep getting this at the prompt on first login:

# rofile[54]: vt100: not found.t220".

Before at first login i simply got the # prompt awaiting my input. Now i have to type CLEAR before being able to continue with my input.

Any ideas.

dwayne

Torsten. · ‎11-04-2008

Hi Dwayne,

did you apply this to line 54?

"echo vt100 >> ~/.profile"

I wonder what this should be used for ...

I'm sure you have something wrong in line 54 of your profile - check it.

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!

Torsten. · ‎11-04-2008

To check it us vi, e.g.

# vi .profile

while in vi, do

-key
:
set number
-key

to get the lines numbered.

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!

de049 · ‎11-04-2008

i've checked and line 54 contains the exact same entry as line 52, that is: vt100.

Shall i remove this line 54?

Torsten. · ‎11-04-2008

If line 52 and 54 only contain "vt100" then delete both.
Any similar lines around?

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!

Torsten. · ‎11-04-2008

Just in case you did too many modifications while troubleshooting, you can find a fresh copy of .profile in /usr/newconfig/.profile.

You may consider to use a fresh file or just compare the differences.

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: SSH question

SSH question

Re: SSH question

Re: SSH question

Re: SSH question

Re: SSH question

Re: SSH question

Re: SSH question

Re: SSH question

Re: SSH question

Re: SSH question

Re: SSH question

Re: SSH question

Re: SSH question

Re: SSH question

Re: SSH question

Re: SSH question

Re: SSH question

Re: SSH question

Re: SSH question

Re: SSH question

Re: SSH question

Re: SSH question

Re: SSH question

Re: SSH question

Re: SSH question