[Info-vax] stumped by SSH

Phillip Helbig undress to reply helbig at asclothestro.multivax.de
Sun Feb 7 07:55:30 EST 2016 

In article <n978p1$jl6$1 at dont-email.me>, Simon Clubley
<clubley at remove_me.eisner.decus.org-Earth.UFP> writes: 

> So VMS is the SSH server.
> 
> [Jan-Erik is right; normally, when one talks about a "remote" system,
> the default implication in this type of discussion is _that_ system is
> the server and hence is the one being accessed, as a server, from a
> local client. That's what I assumed as well.]
> 
> Some questions:
> 
> Are all accounts (both successful and unsuccessful) being accessed from
> the same remote Linux box ?

Yes.

> Have you _actually_ done a $ show int after a login failure ?

Yes.

> What's the final status in the accounting log for the login attempt ?

Auditable event:          Network login failure
Event time:                7-FEB-2016 13:50:40.50
PID:                      20A2B87F
Process name:             TCPIP$SS_BG8083
Username:                 TCPIP$SSH
Remote nodename:          SSH_PASSWORD:HYD
Remote username:          SSH_93C5DDFD
Status:                   %LOGIN-F-NOTVALID, user authorization failure

> For an account which you cannot log into from a Linux client, can you
> login to the VMS server from a _VMS_ SSH client on another box ?

No.  It's the combination of a) SSH and b) some accounts.  It doesn't 
matter if I am logging in from the same node, another node in the 
cluster, or a remote linux box.

> To turn on debugging in the Linux SSH client, use "ssh -v" on your
> Linux command line. Increase the number of v's above (as in "ssh -vv"
> or "ssh -vvv") to gradually increase the amount of debugging information.

Bad account:

debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
user at node's password:
debug2: we sent a password packet, wait for reply
debug3: Received SSH2_MSG_IGNORE
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.

Good account:

debug2: we sent a password packet, wait for reply
debug3: Received SSH2_MSG_IGNORE
debug1: Authentication succeeded (password).

So, I know what I knew before: The authorization fails after typing in 
the password on one account but not the other.  The password is correct, 
since I can log in via SET HOST/LAT or TELNET.

More information about the Info-vax mailing list