HPE Community
Operating System - OpenVMS
1827840 Members
1350 Online
109969 Solutions
New Discussion

Re: PSC SSH Client Connection Problem to HP SSH Server

 
Rick Dyson
Valued Contributor

‎06-14-2007 10:09 AM

‎06-14-2007 10:09 AM

PSC SSH Client Connection Problem to HP SSH Server

I have found that I can not make a SSH connection when I start an OpenVMS server with a PSC SSH client and try to connect to an OpenVMS server that is running HP's TCPIP SSH Server. I always get an error on the client side of:

warning: Authentication failed.
Disconnected; no more authentication methods available (No further authentication methods available.).

I have found that if VERBOSE logging is turned on on the HP SSH server side, I get (amoung other things) an error like this for each of the 3 password attempts I make (I am very confident that my password entry is correct!):

debug[3672]: Ssh2AuthPasswdServer/AUTHS-PASSWD.C:489: bad packet
debug[3672]: Ssh2AuthPasswdServer/AUTHS-PASSWD.C:489: bad packet
debug[3672]: Ssh2AuthPasswdServer/AUTHS-PASSWD.C:489: bad packet


Any suggestions or ideas?

BTW: Does the config entry "PermitRootLogin no" actually work for anyone else? I am still able to login as SYSTEM via SSH!

Thanks,
Rick Dyson
0 Kudos
Reply
3 REPLIES 3
Rick Dyson
Valued Contributor

‎06-14-2007 10:11 AM

‎06-14-2007 10:11 AM

Re: PSC SSH Client Connection Problem to HP SSH Server

Opps! Forgot some details!

Alpha/OpenVMS v7.3-2 (in all cases)

SSH Server:
HP TCPIP for OpenVMS v5.4 ECO 6

SSH Client:
PSC SSH for OpenVMS v2.3A

They should be forced as SSH2 protocol.

When I use other SSH clients, I have no problem connecting to the HP SSH server.

Rick
0 Kudos
Reply
Richard Whalen
Honored Contributor

‎06-14-2007 01:36 PM

‎06-14-2007 01:36 PM

Re: PSC SSH Client Connection Problem to HP SSH Server

We (Process Software) have been working with Rick on this some and have found that one way to trigger the problem is to attempt to log in to an account that has a pre-expired password and a password expiration time. We were able to successfully log in with an account that did not have a pre-expired password. The SSH server does not request that the password be changed. (Note that when we use our SSH2 server and client together there is a request for the password to be changed after authentication via password.)

Process Software and HP use different sources for their SSH implementation, but these two sources do share a common lineage. From looking at our source I see a "bad packet" message can be logged when there is an error parsing the packet containing the password. One of the parameters that the code is trying to parse is a flag that says whether or not the password needs to be changed.
0 Kudos
Reply
Rick Dyson
Valued Contributor

‎11-13-2007 04:29 PM

‎11-13-2007 04:29 PM

Re: PSC SSH Client Connection Problem to HP SSH Server

I just updated my test system to HP TCPIP for OpenVMS v5.4 ECO 7 and can confirm that the problem is still present. If I start from a PSC SSH for OpenVMS v2.3A ECO 1 client and try to connect to a HP SSH server it connects and challenges for password BUT WILL NEVER ACCEPT A VALID PASSWORD AND QUITS AFTER THE ALLOWED NUMBER OF FAILURES.

Am I the only one that is seeing this situation? (it would not be the first time I had something setup wrong!)

Connections from other clients and to other servers are all fine (of the ones I have access to test with).

Rick
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.