[Info-vax] ssh problem with Multinet 5,3/Itanium

Malcolm Dunnett nothome at spammers.are.scum
Fri Jan 8 22:40:03 EST 2010 

I don't know if this is a 5.3 issue or an Itanium specific issue. I'm 
sure it's very specific to my environment though.

In order to be able to use LDAP/ACME verification with Multinet I have 
written a routine that implements the keyboard-interactive protocol and 
authenticates the supplied username/password using ACME and LDAP 
(against Active Directory). To make this work with Multinet SSH I 
replace the LDAP-PLUGIN program supplied with vanilla Multinet (which is 
a placeholder routine that does nothing) with my program and modify the 
SSHD2_CONFIG. file to enable keyboard-interactive authentication.

This works great on Alpha with Multinet 5.2 but today I tried to 
configure it with Multinet 5.3 on an IA64 box. The authentication still 
works ok (I get an "Authentication successful." message returned from 
the IA64 box). However right after the authentication successful message 
the session disconnects. The [.SSH]SSHD.log file on the IA64 contains:

SSHD 0001[3CC0043E]: FATAL: 
DISK$MULTINET_V53_A:[MULTINET_V53A.MULTINET.SSH6.LIB.SSHUTIL.SSHADT]SSHADT.C;1:672 
SshADT (function name
  unavailable) Precondition failed: container != ((void *) 0)
   dunnett      job terminated at  8-JAN-2010 19:22:57.74

and the SSHD_MASTER.LOG file on the IA64 contains:

log: (08-Jan-2010 19:22:53)  Connection accepted from 142.25.103.71 port 
3472
log: (08-Jan-2010 19:22:53)  Executing ssh2 daemon
log: (08-Jan-2010 19:22:53)  Child process started, pid = 3cc0043e 
(total active = 1)
log: (08-Jan-2010 19:22:57)  Child process: 3CC0043E terminated (0 remain)
log: (08-Jan-2010 19:22:57)    exit status: %SYSTEM-?-ILLPAGCNT, illegal 
page count parameter

I realize I'm way out on a limb with unsupported code here but I'm still 
hoping there's a simple solution. The lack of ACME support in Multinet 
SSH is a real problem because it means that every time a password is 
changed the user needs to connect via some other method (eg telnet) in 
order to synch the password before ssh can be used with the new 
password. Of course what I'd really like is for Multinet SSH to support 
ACME/LDAP - but barring that supporting the keyboard-interactive method 
would be great.

Barring a Multinet solution, is there an implementation of SSH out there 
(open source) that works on VMS and supports keyboard-interactive?

Does anyone know if the next version of TCP/IP services (in VMS 8.4) 
will support ACME/LDAP for SSH? (in which case dropping Multinet in 
favour of TCP/IP services might offer a solution)

Thanks in advance for any help.

More information about the Info-vax mailing list