Server Management - Systems Insight Manager
1830044 Members
3090 Online
109998 Solutions
New Discussion

F-Secure Open SSH

 
John Stone_2
Occasional Contributor

F-Secure Open SSH

All of our servers are running FSecure SSH for security reasons and not OpenSSH. I am getting the dreaded " EXCEPTION CLASS: com.hp.mx.exceptions.MxFailedAuthenticationException " error messages.

What changes should I be making in order to get this working?

Thanks

John
1 REPLY 1
Andrzej Kowalik
Honored Contributor

Re: F-Secure Open SSH

SIM like his own OpenSSH... :(
Problem is also with Cygwin
http://www.hp.com/wwsolutions/misc/hpsim-helpfiles/hpsim-ssh-wp.pdf
"Windows SSH server
While HP-UX and most Linux distributions usually ship with OpenSSH already installed, the same is not true of Windows-based operating systems. HP Systems Insight Manager provides a version of OpenSSH to be used with the DTF on Windows systems. This is installed along with the rest of the CMS software when installing the CMS. For managed systems, it can be installed from the management CD or downloaded from HPâ  s website.
The version provided by HP Systems Insight Manager was repackaged to work seamlessly with the install process. It was also modified to provide greater security than other widely-available distributions. Since OpenSSH is part of OpenBSD, it was originally implemented for UNIX-like operating systems. In order to easily port it to Windows, an emulation layer called Cygwin is used.
Cygwin provides a UNIX emulation layer so that UNIX software can be easily ported to Windows. It also has some well-known security problemsâ  it creates world-readable data structures to emulate UNIX processes. In order to make OpenSSH more secure, the version distributed with HP Systems Insight Manager contains a modified Cygwin compatibility layer that restricts access to these data structures to members of the Administratorâ  s group. Because of this, when HP Systems Insight Managerâ  s version of OpenSSH is used, only Windows Administrators can log into the Windows system via SSH." and:
"Coexistence problems with other Cygwin installations
Only one Cygwin-based program can be installed on a system at any given time.
In order for Cygwin to function, there are certain registry settings that have to existâ  namely, the mount points defined above. The installer checks for the Cygwin registry keys and refuses to install if they exist. The installation also fails if the full Cygwin distribution, or any other software that uses Cygwin (for example, the Python distribution in WinCVS), is installed. This is an unfortunate consequence of multiple Cygwin installations not being able to coexist.
There are other products that use Cygwin out there, and HP Systems Insight Managerâ  s OpenSSH distribution is not compatible with them. This includes other freely available OpenSSH distributions. If you are already using another version of OpenSSH and do not want to install the HP Systems Insight Manager version, that is fine. Keep in mind, however, that the HP Systems Insight Manager version is the only version that restricts access to the Cygwin data structures.
If the user has already installed the generic distribution of OpenSSH for Windows and sets up the keys to work with the CMS, the security hole that existed before HP Systems Insight Manager was used will still exist. It will not affect any other managed systems or the CMS. The potential exists for a non-administrator user on the managed node to interfere with any DTF tasks run on that node. However, this same problem existed on this system before HP Systems Insight Manager was in use.
If you are having trouble getting the HP Systems Insight Manager OpenSSH package to install, search your system for the Cygwin registry keys, as well as the file cygwin1.dll. The location of the file might give you some idea of what software is installed that is conflic