niXforums Forum Index
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   PreferencesPreferences   Log in to check your private messagesLog in to check your private messages   Log inLog in 
·  nixdoc.net ·  man pages ·  Linux HOWTOs ·  FreeBSD Tips ·  Forums
navigation Forum index » Not Unix » VMS
SSH Problem with TCPIP V5.4?
Post new topic   Reply to topic Page 1 of 1 [3 Posts] View previous topic :: View next topic
Author Message
Peter 'EPLAN' LANGSTOEGER
*nix forums Guru


Joined: 21 Jul 2005
Posts: 517

PostPosted: Thu Feb 10, 2005 6:26 pm    Post subject: Re: SSH Problem with TCPIP V5.4? Reply with quote
In article <1107896814.873330.6670@o13g2000cwo.googlegroups.com>, mcbill20@yahoo.com writes:
Quote:
I recently upgraded TCPIP 5.4 (no ECO) from 5.3. After upgrading, I
enabled SSH. I then downloaded PUTTY in order to do a quick test. I was
able to successfully login using PUTTY, although I noticed occasional
console messages about problems deleting TCPIP$SSH_RUN.LOG.

I recommend ECO4 (at least). Consider TCPIP V5.5 also. SSH is improved there.

Quote:
At the time, it wasn't a high priority so I didn't worry too much about
it. Unfortunately, my console is an LA120 and when I came in to the
computer room today I found that a half box of paper had been printed
with messages from SSH. Apparently machines in France, Poland and
Australia (according to NSLOOKUP) had been trying to get in using SSH.
As for the breakin part, I am not too concerned as my machine is very
well locked down and only local access is enabled for any privileged
accounts.

Yup. My SSH is currently open, too, and every access attempt is logged.
The initiators obviously use a tool because I usually get umpteen (57 ?)
connect requests within a few seconds.

Quote:
However, I was hoping to be able to leave SSH accessible from the
outside for when I need to login and look up something or do simple
admin. The intrusion problem is frustrating enough, but I would really
like to know what the problem is with SSH. This machine is running VMS
7.3-1 (all latest patches) and TCPIP 5.4 (no ECO's).

I do not see a problem at all.
If you have a problem with the paper, then don't print.

Quote:
Each time the remote machine would try to log in I would get a security
message but it would then be followed by multiple file access conflict
messages regarding the deletion of TCPIP$SSH_RUN.LOG (multiple
versions).

I looked through this group but didn't find anything on this. DOes
anyone know if this is a known problem?

No problem. There is a PURGE in TCPIP$SSH_RUN.COM which tries to reduce
the logfiles, which some may still be open, because of the massive connect
requests. But no real problem. You could increase the /KEEP value by say 2-3

Quote:
I wanted to include samples, but apparently (maybe for security
reasons) most of the output that goes to the console does not go into
the operator log. All I see in the operator log is:

Usually, there should be more in OPERATOR.LOG than on OPA0:
Especially, when OPA0 is still on paper.
eg. OPA0: is for problems when the system disk is no longer there
(or for pagefile space critical and similar)
Please rethink your logging strategy.
eg. There is also the SECURITY AUDIT file.

--
Peter "EPLAN" LANGSTOEGER
Network and OpenVMS system specialist
E-mail peter@langstoeger.at
A-1030 VIENNA AUSTRIA I'm not a pessimist, I'm a realist
Back to top
VAXman-@SendSpamHere.ORG
*nix forums Guru Wannabe


Joined: 22 Jul 2005
Posts: 251

PostPosted: Thu Feb 10, 2005 5:32 pm    Post subject: Re: SSH Problem with TCPIP V5.4? Reply with quote
In article <newscache$skkpbi$sc6$1@news.sil.at>, peter@langstoeger.at (Peter 'EPLAN' LANGSTOEGER) writes:
Quote:
In article <1107896814.873330.6670@o13g2000cwo.googlegroups.com>, mcbill20@yahoo.com writes:
I recently upgraded TCPIP 5.4 (no ECO) from 5.3. After upgrading, I
enabled SSH. I then downloaded PUTTY in order to do a quick test. I was
able to successfully login using PUTTY, although I noticed occasional
console messages about problems deleting TCPIP$SSH_RUN.LOG.

I recommend ECO4 (at least). Consider TCPIP V5.5 also. SSH is improved there.

Does TCPIP V5.5 SSH support -X yet?

--
http://www.ProvN.com for the *best* OpenVMS system security
solutions that others only claim to be.
--
Cyber-Terrorism (si'-ber tayr'-or-iz-em) n.:
The release of, the sale of, or the use of any Micro$oft software product!
--
VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM
Back to top
mcbill20@yahoo.com
*nix forums beginner


Joined: 24 Mar 2005
Posts: 36

PostPosted: Tue Feb 08, 2005 8:06 pm    Post subject: SSH Problem with TCPIP V5.4? Reply with quote
I recently upgraded TCPIP 5.4 (no ECO) from 5.3. After upgrading, I
enabled SSH. I then downloaded PUTTY in order to do a quick test. I was
able to successfully login using PUTTY, although I noticed occasional
console messages about problems deleting TCPIP$SSH_RUN.LOG.

At the time, it wasn't a high priority so I didn't worry too much about
it. Unfortunately, my console is an LA120 and when I came in to the
computer room today I found that a half box of paper had been printed
with messages from SSH. Apparently machines in France, Poland and
Australia (according to NSLOOKUP) had been trying to get in using SSH.
As for the breakin part, I am not too concerned as my machine is very
well locked down and only local access is enabled for any privileged
accounts.

However, I was hoping to be able to leave SSH accessible from the
outside for when I need to login and look up something or do simple
admin. The intrusion problem is frustrating enough, but I would really
like to know what the problem is with SSH. This machine is running VMS
7.3-1 (all latest patches) and TCPIP 5.4 (no ECO's).

Each time the remote machine would try to log in I would get a security
message but it would then be followed by multiple file access conflict
messages regarding the deletion of TCPIP$SSH_RUN.LOG (multiple
versions).

I looked through this group but didn't find anything on this. DOes
anyone know if this is a known problem?

I wanted to include samples, but apparently (maybe for security
reasons) most of the output that goes to the console does not go into
the operator log. All I see in the operator log is:

%%%%%%%%%%% OPCOM 8-FEB-2005 08:56:42.44 %%%%%%%%%%%
Message from user INTERnet on SHAGGY
INTERnet ACP SSH Accept Request from Host: 80.53.255.44 Port: 3065

%%%%%%%%%%% OPCOM 8-FEB-2005 08:56:48.24 %%%%%%%%%%%
Message from user INTERnet on SHAGGY
INTERnet ACP SSH Accept Request from Host: 80.53.255.44 Port: 3166

%%%%%%%%%%% OPCOM 8-FEB-2005 08:56:54.15 %%%%%%%%%%%
Message from user INTERnet on SHAGGY
INTERnet ACP SSH Accept Request from Host: 80.53.255.44 Port: 3277

%%%%%%%%%%% OPCOM 8-FEB-2005 08:57:00.10 %%%%%%%%%%%
Message from user INTERnet on SHAGGY
INTERnet ACP SSH Accept Request from Host: 80.53.255.44 Port: 3391


The messages on the console are like this: (I am typing them in
manually so there may be a few typos):

%%% OPCOM 8-FEB-2005 00:05:24.13 %%%
Message from user AUDIT$SERVER on SHAGGY
Security alarm (SECURITY) and security audit (SECURITY) on SHAGGY,
system id: 10380
Auditable event: Network breakin detection
Event time: 08-FEB-2005 00:05:24.13
PID: 2020059F
Process name: TCPIP$SS_BG2671
Username: TCPIP$SSH
Remote node fullname: SSH_PASSWORD:IS.TAKESAKOGUMI.CO.JP
Remote username: SSH_3DC218BA
Status: %LOGIN-F-NOTVALID, user authorization failure

This is expected of course and I will have to figure out how to keep
these from filling up logs and emptying printers, etc. However, I would
like to know why each of those messages is followed buy multiple of
these:

%%% OPCOM 8-FEB-2005 00:05:24.04 %%%
Message from user AUDIT$SERVER on SHAGGY
Auditable event: Object deletion
Event information: File deletion request (IO$_DELETE)
Event time: 08-FEB-2005 00:05:24.04
PID: 202005A0
Process name: TCPIP$SSH_BG2675
Username: TCPIP$SSH
Process owner: [TCPIP$AUX,TCPIP$SSH]
Image name: DSA0:[SYS0.SYSCOMMON][SYSEXE]DELETE.EXE
Object class name: File
Object owner: [TCPIP$AUX,TCPIP$SSH]
Object protection: SYSTEM:RWED, OWNER:RWED, GROUP:RE, WORLD:
File name: _DSA0:[TCPIP$SSH]TCPIP$SSH_RUN.LOG;132
Access requested: Delete
Sequence key: 0062AAB5
Status: %SYSTEM-W-ACCONFLICT, file access conflict

Each breakin message is followed by multiple of the ACCONFLICT
messages, but differing in file version numbers. For example, the
messages following this one are for versions 131, 130, 129...

Any ideas?

Thanks.
Bill McLaughlin
Back to top
Google
Back to top
Display posts from previous:   
Post new topic   Reply to topic Page 1 of 1 [3 Posts] View previous topic :: View next topic
The time now is Thu Jan 08, 2009 3:58 am | All times are GMT
navigation Forum index » Not Unix » VMS
Jump to:  

Similar Topics
Topic Author Forum Replies Last Post
No new posts Unknown in header problem -SOLVED- Light Speed Postfix 0 Thu Jul 03, 2008 10:40 am
No new posts problem with sending mail nuxia Postfix 0 Mon Apr 21, 2008 3:58 am
No new posts Postfix 2.3.8 Virtual problem Blotto Postfix 0 Fri Apr 04, 2008 6:11 am
No new posts Postfix sending problem for local domain remote email monkey_magix Postfix 0 Mon Sep 10, 2007 10:17 am
No new posts bounce problem murkis Postfix 0 Sun Oct 08, 2006 3:45 pm

Adverse Credit Remortgage | Personal Loans | Debt Consolidation | Credit Cards | Neopets Cheats, Games and Neopoints
Copyright © 2004-2005 DeniX Solutions SRL
 
Other DeniX Solutions sites: Unix/Linux blog |  electronics forum |  medicine forum |  science forum | 
Privacy Policy


Powered by phpBB © 2001, 2005 phpBB Group

[ Time: 0.2119s ][ Queries: 20 (0.1160s) ][ GZIP on - Debug on ]