HPE Community
Operating System - OpenVMS
1832277 Members
2079 Online
110041 Solutions
New Discussion

UCX V5.4 ECO4 - Problem with sftp

 
Burkart Beat
Frequent Advisor

‎01-03-2005 12:04 AM

‎01-03-2005 12:04 AM

UCX V5.4 ECO4 - Problem with sftp

Hello

And here an new problem with ssh and sftp

We have 2 OpenVMS Systems OBS1 and OBS3
Both have installed UCX V5.4 with ECO 4 and ssh configured. The ssh command works with both systems just fine. But when I try sftp obs3 from obs1 I get:

OBS1>sftp obs3
bbu@obs3's password:
Disconnected; connection lost (Connection closed.).

sftp> Warning: child process (/sys$system/tcpip$ssh_ssh2) exited with code 27.

%TCPIP-E-SSH_FC_ERROR, undetermined error within sshfilecopy
OBS1>

On the OBS3 in the SYS$SYSDEVICE:[TCPIP$SSH]TCPIP$SSH_RUN.LOG;12 Logfile I see the following errors:

obs3$dkb0:[sys0.syscommon.][sysexe]tcpip$ssh_sshd2.exe: SSH Secure Shell OpenVM
Mon 03 13:25:27 WARNING: Starting image in auxiliary server mode.
Mon 03 13:25:27 INFORMATIONAL: OpenVMS$gl_sockfd = 0
Mon 03 13:25:27 INFORMATIONAL: connection from "171.1.200.59"
Mon 03 13:25:33 NOTICE: User bbu's local password accepted.
Mon 03 13:25:33 NOTICE: Password authentication for user bbu accepted.
Mon 03 13:25:33 NOTICE: User bbu, coming from OBS1, authenticated.
/sys$system/tcpip$ssh_sftp-server2: no more processes
Mon 03 13:25:33 WARNING: Subsystem sftp not defined
WARNING: Subsystem sftp not defined
%TCPIP-E-SSH_ERROR, non-specific error condition
TCPIP$SSH job terminated at 3-JAN-2005 13:25:33.42
Accounting information:
Buffered I/O count: 347 Peak working set size: 6096
Direct I/O count: 122 Peak virtual size: 193744
Page faults: 648 Mounted volumes: 0
Charged CPU time: 0 00:00:00.21 Elapsed time: 0 00:00:06.41
[EOB]


Does anyone have a idea where the problem is?

Best regards

Beat
0 Kudos
Reply
12 REPLIES 12
Kris Clippeleyr
Honored Contributor

‎01-03-2005 12:36 AM

‎01-03-2005 12:36 AM

Re: UCX V5.4 ECO4 - Problem with sftp

Hi,

I could not reproduce your problem, but the exit code mentioned in:

Warning: child process (/sys$system/tcpip$ssh_ssh2) exited with code 27

if treated decimal, means:
%SYSTEM-I-EXQUOTA, process quota exceeded

And, although "informational", together with:

sys$system/tcpip$ssh_sftp-server2: no more processes

would indicate that the process running under account TCPIP$SSH cannot create a subprocess. So, could you check the "prclm" in SYSUAF for this account.

I know it's a long shot, but you never can tell.

Greetz, and Happy New Year,

Kris (aka Qkcl)
I'm gonna hit the highway like a battering ram on a silver-black phantom bike...
0 Kudos
Reply
Burkart Beat
Frequent Advisor

‎01-03-2005 01:35 AM

‎01-03-2005 01:35 AM

Re: UCX V5.4 ECO4 - Problem with sftp

Hi Kris

Thanks for your greetings. Same to you too!

I have tried it, but with no better results. The User is defined this way:

Username: TCPIP$SSH Owner: TCPIP$SSH
Account: TCPIP UIC: [3655,5] ([TCPIP$AUX,TCPIP$SS
H])
CLI: DCL Tables: DCLTABLES
Default: TCPIP$SSH_DEVICE:[TCPIP$SSH]
LGICMD: LOGIN
Flags: Restricted
Primary days: Mon Tue Wed Thu Fri
Secondary days: Sat Sun
Primary 000000000011111111112222 Secondary 000000000011111111112222
Day Hours 012345678901234567890123 Day Hours 012345678901234567890123
Network: ##### Full access ###### ##### Full access ######
Batch: ----- No access ------ ----- No access ------
Local: ----- No access ------ ----- No access ------
Dialup: ----- No access ------ ----- No access ------
Remote: ----- No access ------ ----- No access ------
Expiration: (none) Pwdminimum: 6 Login Fails: 0
Pwdlifetime: 90 00:00 Pwdchange: (pre-expired)
Last Login: (none) (interactive), 3-JAN-2005 15:23 (non-interactive)
Maxjobs: 0 Fillm: 1024 Bytlm: 400000
Maxacctjobs: 0 Shrfillm: 0 Pbytlm: 0
Maxdetach: 0 BIOlm: 400 JTquota: 16000
Prclm: 64 DIOlm: 1024 WSdef: 350
Prio: 8 ASTlm: 2448 WSquo: 20000
Queprio: 0 TQElm: 20 WSextent: 20000
CPU: (none) Enqlm: 3000 Pgflquo: 20000
Authorized Privileges:
NETMBX TMPMBX
Default Privileges:
NETMBX TMPMBX
UAF>

After rebooting the system to restart the server the error didn't change.

Any further ideas?

Best regards
Beat
0 Kudos
Reply
Jan van den Ende
Honored Contributor

‎01-03-2005 02:02 AM

‎01-03-2005 02:02 AM

Re: UCX V5.4 ECO4 - Problem with sftp

Beat,

SSH does not generate a __network__ process, but an __interactive__ session. I am not sure if it is considered __local__ or __remote__, but if you enable both, I expect that to make a real difference.
If desired, thereafter you can try WHICH of them is needed.
And then, please tell us as well.

HTH.

Proost.

Have one on me.

Jan
Don't rust yours pelled jacker to fine doll missed aches.
0 Kudos
Reply
Kris Clippeleyr
Honored Contributor

‎01-03-2005 02:36 AM

‎01-03-2005 02:36 AM

Re: UCX V5.4 ECO4 - Problem with sftp

Jan,

If you "sftp" from one box to another, on the target box, a network process running under TCPIP$SSH is created (image: SYS$SYSTEM:TCPIP$SSH_SSHD2.EXE). This process then creates a subprocess that runs under the UIC specified by the initiator (in Beat's example it should be "bbu") (image: SYS$SYSTEM:TCPIP$SSH_SFTP-SERVER2.EXE).

Looking at the error messages, I think somehow the subprocess cannot be created. This can have multiple causes (no more slots in the PCB vector, PQL values too low, pooled quota exhausted, etc.)

Beat,

Maybe you can get more info if you define the logical names TCPIP$SSH_SERVER_PARAMS and TCPIP$SSH_SERVER_DEBUG to TRUE in the system logical name table of the target system. I think then you get more info in the log-file.

Greetz, and Happy New Year,

Kris (aka Qkcl)
I'm gonna hit the highway like a battering ram on a silver-black phantom bike...
0 Kudos
Reply
Burkart Beat
Frequent Advisor

‎01-03-2005 02:50 AM

‎01-03-2005 02:50 AM

Re: UCX V5.4 ECO4 - Problem with sftp

Hi Kris

Still not working, but some news. After setting the DEBUG Mode TRUE it says in the Logfile:

debug: SshRegex/SSHREGEX.C:2083: Releasing a binary tree node.
debug: SshRegex/SSHREGEX.C:2083: Releasing a binary tree node.
debug: SshRegex/SSHREGEX.C:2083: Releasing a binary tree node.
debug: Ssh2ChannelSession/SSHCHSESSION.C:417: User bbu is NOT chrooted.
debug: SshEventLoop/SSHUNIXELOOP.C:310: Got signal number: 20
/sys$system/tcpip$ssh_sftp-server2: no more processes
Mon 03 16:45:22 WARNING: Subsystem sftp not defined
WARNING: Subsystem sftp not defined
%TCPIP-E-SSH_ERROR, non-specific error condition
$ !


BBU is not chrooted

What is that?

BBU has all Privs!

Best regards

Beat
0 Kudos
Reply
Kris Clippeleyr
Honored Contributor

‎01-03-2005 02:51 AM

‎01-03-2005 02:51 AM

Re: UCX V5.4 ECO4 - Problem with sftp

Beat,

A correction to the suggestion about the logical names: only define the TCPIP$SSH_SERVER_DEBUG logical, __NOT__ the TCPIP$SSH_SERVER_PARAMS logical.

Sorry,

Kris (aka Qkcl)
I'm gonna hit the highway like a battering ram on a silver-black phantom bike...
0 Kudos
Reply
Antoniov.
Honored Contributor

‎01-03-2005 04:09 AM

‎01-03-2005 04:09 AM

Re: UCX V5.4 ECO4 - Problem with sftp

Hi Beat,
I'm not expert of openssh but AFAIK it does not include the capacity to be chrooted therefore you have to define the root of your user (bbu) in some sftp control panel.
If I understand sftp doesn't know the root directory of user.

Antonio Vigliotti

Antonio Maria Vigliotti
0 Kudos
Reply
Antoniov.
Honored Contributor

‎01-03-2005 04:21 AM

‎01-03-2005 04:21 AM

Re: UCX V5.4 ECO4 - Problem with sftp

Hi Beat,
may be you did'nt create ssh directory in your user home directory as explained here http://h71000.www7.hp.com/doc/732final/aa-rvbua-te/aa-rvbua-te.html
Read also the capter "Remote Login and Command Execution with the SSH Command".

Antonio Vigliotti
Antonio Maria Vigliotti
0 Kudos
Reply
Burkart Beat
Frequent Advisor

‎01-03-2005 08:52 PM

‎01-03-2005 08:52 PM

Re: UCX V5.4 ECO4 - Problem with sftp

Hi all!

I have still the same problems. I tried to modify SSHD2_CONFIG. to this

ChRootUsers ftp, guest, bbu

This gave me another problem:

debug: SshRegex/SSHREGEX.C:2083: Releasing a binary tree node.
debug: SshRegex/SSHREGEX.C:2083: Releasing a binary tree node.
debug: SshRegex/SSHREGEX.C:2083: Releasing a binary tree node.
debug: Ssh2AuthCommonServer/AUTHS-COMMON.C:294: User 'bbu', uid 589835 didn't m.
debug: Ssh2AuthCommonServer/AUTHS-COMMON.C:294: User 'bbu', uid 589835 didn't m.
debug: Ssh2AuthCommonServer/AUTHS-COMMON.C:290: Found match with 'bbu' and 'bbu.
debug: Ssh2ChannelSession/SSHCHSESSION.C:397: User bbu is to be chrooted.
debug: Chroot to user 'bbu' home directory failed!
debug: Ssh2ChannelSession/SSHCHSESSION.C:3308: OpenVMS: Forking for subsystem s2
debug: Ssh2ChannelSession/SSHCHSESSION.C:3333: OpenVMS: Parent: read fd=7, writ7
debug: SshEventLoop/SSHUNIXELOOP.C:605: Registered file descriptor 7.
debug: SshEventLoop/SSHUNIXELOOP.C:401: Timeout registered at 1104827983.
debug: SshEventLoop/SSHUNIXELOOP.C:401: Timeout registered at 1104827983.

This makes me sick!!!
I do not want to be chrooted and just try to sftp or scp.

Then i tried to create a brand new username FOOBAR with an empty login and a homedirectory defined as SYS$SYSDEVICE:[FOOBAR]

With the same result, no chance!

Another funny thing: I have intalled UCX V5.4 in the meantime on 5 OpenVMS hosts OBS1, OBS2, OBS3, OBS4 and OBS6. All have the same problem except OBS4. The only difference is, the system is fully new setup. No OpenVMS Update nor UCX Update, just V7.3-1 and UCX V5.4 initially installed. And there it works... !?

So SSH works but scp or scp not! I give up and kick it in a corner for the next 2 centuries. Maybe in the meantime someone will be able to fix it. ;-)

NO just kidding - Any ideas?

Best regards

Beat
0 Kudos
Reply
Antoniov.
Honored Contributor

‎01-03-2005 10:35 PM

‎01-03-2005 10:35 PM

Re: UCX V5.4 ECO4 - Problem with sftp

Beat,
HP documentation hints to make a [.SSH] directory in home directory of every user you would use by sftp.
Did you make it?

Antonio Vigliotti
Antonio Maria Vigliotti
0 Kudos
Reply
Ian Miller.
Honored Contributor

‎01-03-2005 10:49 PM

‎01-03-2005 10:49 PM

Re: UCX V5.4 ECO4 - Problem with sftp

for me the [.SSH] directory below by login dir gets automagically created. Does this directory exist and is available on the target system?
____________________
Purely Personal Opinion
0 Kudos
Reply
Burkart Beat
Frequent Advisor

‎01-03-2005 10:54 PM

‎01-03-2005 10:54 PM

Re: UCX V5.4 ECO4 - Problem with sftp

Hi

Yes to both of you! I created [.SSH] and [.SSH2], because of some differences in the handout.

Regards
Beat
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.