cancel
Showing results for 
Search instead for 
Did you mean: 

Cannot ssh my server

 
Highlighted
HPE Pro

Cannot ssh my server

HP-UX B.11.31 U ia64 0647988385 unlimited-user license

Platform info:
Model: "ia64 hp Integrity BL870c i2"

OS info:
Release: HP-UX B.11.31
Version: U (unlimited-user license)
Machine: ia64
ID Number: 0647988385
vmunix _release_version:
@(#) $Revision: vmunix: B.11.31_LR FLAVOR=perf

 

# cat /etc/rc.config.d/sshd
# SSHD_START: Set to 1 to start SSH daemon
# SSHD_ARGS: Command line arguments to pass to sshd
#
SSHD_START=1
SSHD_ARGS=
SSHD_UMASK=022 #The acceptable values of this variable are found by doing man umask
# /sbin/init.d/secsh stop
#
# sh -x /sbin/init.d/secsh start
+ PATH=/usr/sbin:/usr/bin:/sbin
+ export PATH
+ WHAT=HP-UX Secure Shell
+ WHAT_PATH=/opt/ssh/sbin/sshd
+ + awk {print $2}
+ grep -i ^pidfile /opt/ssh/etc/sshd_config
WHAT_PID=
+ [ = ]
+ WHAT_PID=/var/run/sshd.pid
+ WHAT_CONFIG=/etc/rc.config.d/sshd
+ rval=0
+ SRPPS=/opt/hpsrp/bin/srp_ps
+ [ -f /opt/hpsrp/bin/srp_ps ]
+ myps=ps
+ [ -f /etc/rc.config.d/sshd ]
+ . /etc/rc.config.d/sshd
+ SSHD_START=1
+ SSHD_ARGS=
+ SSHD_UMASK=022
+ umask 022
+ ps -ef
+ grep -v grep
+ grep /opt/ssh/sbin/sshd
+ 1> /dev/null
+ NOT_RUNNING=1
+ [ 1 -eq 1 -a -x /opt/ssh/sbin/sshd -a 1 -eq 1 ]
+ rval=2
+ exit 2
#
# swlist |grep -i Secure*
HPUXBastille B.3.3 Bastille Security Hardening Tool
Secure_Shell A.06.20.030 HP-UX Secure Shell
#
# which ssh
no ssh in /usr/sbin /usr/bin /usr/ccs/bin /usr/contrib/bin /usr/contrib/Q4/bin /opt/perl/bin /opt/gvsd/bin /opt/ipf/bin /opt/nettladm/bin /opt/fcms/bin /opt/wbem/bin /opt/wbem/sbin /opt/sas/bin /opt/graphics/common/bin /opt/atok/bin /usr/bin/X11 /usr/contrib/bin/X11 /opt/sec_mgmt/bastille/bin /opt/caliper/bin /opt/drd/bin /opt/dsau/bin /opt/dsau/sbin /opt/resmon/bin /opt/firefox /opt/gnome/bin /opt/perf/bin /opt/propplus/bin /usr/contrib/kwdb/bin /opt/perl_32/bin /opt/perl_64/bin /opt/prm/bin /opt/sfm/bin /opt/swm/bin /opt/sec_mgmt/spc/bin /opt/swa/bin /opt/hpsmh/bin /opt/thunderbird /opt/sentinel/bin /opt/langtools/bin /opt/wlm/bin /opt/gwlm/bin /opt/ssh/bin /sbin /home/root
#
# ssh -V
sh: ssh: not found.
#

Accept or Kudo

17 REPLIES 17
Highlighted
Honored Contributor

Re: Cannot ssh my server

This is the full ssh command: /opt/ssh/bin/ssh
That command will run ssh command OK.

The ssh bin directory is not in your PATH.
When the HP version of ssh is installed, it would have added /opt/ssh/bin to your /etc/PATH file.
You can add this path to /etc/PATH and the ssh command will now be found.

The sshd daemon is not needed to run ssh.
It is only used for incoming remote connections.
But sshd is failing to start.
Here is a normal startup trace for sshd:

+ NOT_RUNNING=1
+ [ 1 -eq 1 -a -x /opt/ssh/sbin/sshd -a 1 -eq 1 ]
+ /opt/ssh/sbin/sshd
+ echo HP-UX Secure Shell started
HP-UX Secure Shell started
+ return_val=0
+ set_return 0
+ exit 0

The return_val for your startup is not 0.
Look at the system log in /var/adm/syslog/syslog.log for error messages from sshd.



Bill Hassell, sysadmin
Highlighted
Honored Contributor

Re: Cannot ssh my server

> The ssh bin directory is not in your PATH.

   I seem to see it (toward the end of that pile):

      # which ssh
      no ssh in /usr/sbin [...] /opt/gwlm/bin /opt/ssh/bin /sbin /home/root

I can't see what's in it.

Highlighted
HPE Pro

Re: Cannot ssh my server

Hi All,

I have installed OpenSSL (OpenSSL_A.01.00.01s.001_HP-UX_B.11.31_IA_PA) due to error below.

# /usr/bin/ssh -V

/usr/lib/hpux64/dld.so: Unable to find library 'libcrypto.so.1.0.0'.

Killed

And now I have this error:
# /sbin/init.d/secsh start
OpenSSL version mismatch. Built against 1000206f, you have 1000113f
EXIT CODE: 255

# swlist |grep -i Secure*
HPUXBastille B.3.3 Bastille Security Hardening Tool
OpenSSL A.01.00.01s.001 Secure Network Communications Protocol (PA: 0.9.8zf, IA: 1.0.1s)
SecureShell A.07.30.003 HP-UX Secure Shell

Accept or Kudo

Highlighted
Honored Contributor

Re: Cannot ssh my server

OpenSSL and Secure Shell need to be reinstalled.
/usr/bin/ssh is likely a symlink:

 ll /usr/bin/ssh
lrwxr-xr-x   1 root       sys             16 Aug 18 12:21 /usr/bin/ssh -> /opt/ssh/bin/ssh

which is OK and makes ssh available from a more common path.

Here are the download locations for the latest OpenSSL and Secure Shell:

https://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumber=T1471AA

https://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumber=OPENSSL11I



Bill Hassell, sysadmin
Highlighted
HPE Pro

Re: Cannot ssh my server

Hi Bill,

So I just need to reinstall meaning no need to uninstall them both, please confirm? And is there a sequence for the installation?

Accept or Kudo

Highlighted
Honored Contributor

Re: Cannot ssh my server

Since Secure Shell uses OpenSSL, I would install it first.
Then install Secure Shell.
swinstall and the product scripts should handle the update without uninstalling.



Bill Hassell, sysadmin
Highlighted
HPE Pro

Re: Cannot ssh my server

Hi Bill,

I just completed the reinstallation as advised, but still same issue. Below are the error during SSH reinstallation.

ERROR: The "configure" script for "Secure_Shell.SECSH-CMN" failed │
│ │ (exit code "1"). The script location was │
│ │ "/var/tmp/BAA009090/catalog/Secure_Shell/SECSH-CMN/configure". │
│ │ * This script had errors and the execution of this fileset │
│ │ cannot proceed until the problem is fixed. Check the above │
│ │ output from the script for further details.

 

And when I check the script location it is not found.

# ls -ltr /var/tmp/BAA009090/catalog/Secure_Shell/SECSH-CMN/configure
/var/tmp/BAA009090/catalog/Secure_Shell/SECSH-CMN/configure not found

# ls -ltr /var/tmp/BAA009090
/var/tmp/BAA009090 not found

# ssh -V
OpenSSH_7.3p1+sftpfilecontrol-v1.3-hpn14v11, OpenSSL 1.0.1s 1 Mar 2016
HP-UX Secure Shell-A.07.30.003, HP-UX Secure Shell version

# /sbin/init.d/secsh start
OpenSSL version mismatch. Built against 1000206f, you have 1000113f
EXIT CODE: 255

Accept or Kudo

Highlighted
Honored Contributor

Re: Cannot ssh my server

It looks like you are using the interactive feature of swinstall.
I don't recommend ever using the Xwindow or interactive feature for swinstall as it hides too much information..

Use the command line like this:

# swinstall -s /var/tmp/blh/OpenSSL_A.01.00.02k.001_HP-UX_B.11.31_IA_PA.depot \*

...
* Beginning Analysis and Execution * Session selections have been saved in the file "/root/.sw/sessions/swinstall.last". * "atl8v3:/": 16 filesets have the selected revision already installed. * "atl8v3:/": 16 software objects were determined to be skipped in the analysis phase. * Analysis and Execution succeeded. NOTE: More information may be found in the agent logfile using the command "swjob -a log atl8v3-1138 @ atl8v3:/". ======= 01/12/18 11:43:26 EST END swinstall SESSION (non-interactive) (jobid=atl8v3-1138)

Be sure to use \* at the end of the command. If you get an error, run the swjob command shown at the end of the output.

Here is Secure shell install:

       * Beginning Analysis and Execution
       * Session selections have been saved in the file
         "/root/.sw/sessions/swinstall.last".
       * The analysis phase succeeded for "atl8v3:/".
       * The execution phase succeeded for "atl8v3:/".
       * Analysis and Execution succeeded.


NOTE:    More information may be found in the agent logfile using the
         command "swjob -a log atl8v3-1139 @ atl8v3:/".

=======  01/12/18 11:48:27 EST  END swinstall SESSION (non-interactive)
         (jobid=atl8v3-1139)

and to check the installation:

# ssh -V
OpenSSH_7.3p1+sftpfilecontrol-v1.3-hpn14v11, OpenSSL 1.0.2k  26 Jan 2017
HP-UX Secure Shell-A.07.30.003, HP-UX Secure Shell version


Bill Hassell, sysadmin
Highlighted
HPE Pro

Re: Cannot ssh my server

Hi Bill,

Still the same result, and I have rebooted the server just to test and yet all the same.

# /sbin/init.d/secsh start
OpenSSL version mismatch. Built against 1000206f, you have 1000113f
EXIT CODE: 255

 

Accept or Kudo