Reposting this. One of the usual ITRC failures has arisen and the attempt to post this dropped. Checked for a posting that got through, and didn't see one. Apologies if this does does get duplicated.
-
If you're not seeing ssh activity in the audit logs and if you have auditing for (at least for testing purposes) all process login and logout types, then that's indicative of an issue between the ssh daemon and OpenVMS.
I'd check for ECOs for whatever IP stack and IP version you're using here and then (if you have support and if the problem persists) ring up HP.
There have been various reports of, um, certain omissions and certain design oddities within the implementation of authentication within at least a few versions of the TCP/IP Services ssh daemon. I'd thought much of that had been remediated, however.
Based on a quick check with /SSH Secure Shell OpenVMS (V5.5) 3.2.0 on COMPAQ Professional Workstation - VMS V8.3/ and TCP/IP Services /V5.6 - ECO 4/, I do see login audits for a network and then a detached user; they're not the typical interactive login audits I'd tend to expect for this stuff, so they may be slipping past your selection criteria. The detached process login is probably going to be the most interesting here; that's the one you'll want to collect.
It'd be more typical if these audits were interactive logins; not sure what's up with this stuff, but it looks to be how the ssh daemon is working.
