[Info-vax] stumped by SSH

[Craig A. Berry]

On 2/6/16 11:55 AM, Neil Rieck wrote:
> On Saturday, February 6, 2016 at 5:44:27 AM UTC-5, Phillip Helbig (undress to reply) wrote:
>> I've set up a new account, as far as I can tell almost a clone of
>> another account.
>>
>> Locally, logging in via TELNET or SET HOST/LAT work fine on both
>> accounts.  With the new account, SSH repeats the password: prompt after
>> entering the password.  After three tries, I get "warning:
>> Authentication failed."  The password is correct, since otherwise the
>> other protocols wouldn't let me log in.
>>
>> Remotely, everything works fine with the old account.  With the new one,
>> telnet works, but ssh gives "Permission denied, please try again."
>>
>> Any ideas?
>>
>> Both accounts are captive accounts.
>>
>> WRITE SYS$OUTPUT in LGICMD and SYS$SYLOGIN show that it is not even
>> getting this far.
>
>
> This SSH technology is purposely complicated -AND- is meant to bypass SYSUAF password authentication "if you so desire". I have several examples (for all three stacks) posted here but do not recall ever setting the captive bit.
>
> http://www3.sympatico.ca/n.rieck/docs/openvms_notes_ssh2.html
>
> Caveat: be very careful when setting up config files (both client and server) because SSH is case sensitive.

Does either account have a sys$login:ssh2.DIR and if so, are ownership
and protection set correctly for the directories and the files in them?
You wouldn't normally need these for password authentication, but it is
something SSH will look at (don't know how early in the authentication
process).