[Info-vax] Process SSH for OpenVMS

Wed Jun 1 07:55:16 EDT 2022

> -----Original Message-----
> From: Info-vax <info-vax-bounces at rbnsn.com> On Behalf Of VAXman----
> via Info-vax
> Sent: June-01-22 7:16 AM
> To: info-vax at rbnsn.com
> Cc: VAXman- at SendSpamHere.ORG
> Subject: Re: [Info-vax] Process SSH for OpenVMS
> 
> In article <t77ebm$jn9$1 at dont-email.me>, Chris Townley <news at cct-
> net.co.uk> writes:
> >On 01/06/2022 01:54, VAXman- at SendSpamHere.ORG wrote:
> >> In article <t76er8$1ng$1 at dont-email.me>, Chris Townley <news at cct-
> net.co.uk> writes:
> >>> On 31/05/2022 15:53, VAXman- at SendSpamHere.ORG wrote:
> >>>> Is anybody here using Process SSH for OpenVMS?
> >>>>
> >>>> Trying to replace TCPIP Services ssh with Process Software's ssh so
> >>>> that a customer can have some *modern* key exchange algorithms.
> >>>> Process's ssh works *almost* but two issues (I'm working with
> >>>> Process support but maybe somebody here has come across these
> issue) remain.
> >>>>
> >>>> 1. Public keys won't/don't work and 2. sftp sessions timeout in
> >>>> about a minute of inactivity.
> >>>>
> >>>
> >>> Not quite the same, but I use TCPWare, and can connect out of the
> >>> box using keys from Windows or Linus boxes
> >>
> >> Your keys are stored in the users' SYS$LOGIN_DEVICE:[<home>.SSH2]
> directory?
> >> Files are listed in the AUTHORIZATION. file as: KEY
<public-key-filename>?
> >
> >Correct.
> >>
> >>
> >>> ISTR you can control the sftp timeout - look at the manual.
> >>> Personally I like them to expire sooner rather than later, rather like
old
> unsecure FTP.
> >>
> >> I'd assume there is such a parameter but searching the
> >> "documentation" I've yet to find a parameter to configure its timeout.
> >
> >You might want to look at the "IdleTimeOut" parameter in
> >[TCPWARE.SSH2]SSHD2_CONFIG. file
> >
> >Sorry I cannot be more specific
> 
> No problem.  I'm just trying to get an answer as quickly as possible.
> 
> I thought about it last night and today, I issued $ SET WATCH
FILE/CLASS=ALL
> and then, ran the SSH Master.  This didn't do it. :(  The master creates
the
> process that does all of the ssh hand-shaking and creates the pseudo-
> terminal
> and process that is the logged-in process.   I really need to watch what
that
> process, created by the SSH Master, is doing. :(  I'll have to modify my
RMS-
> CDC code to log all file $OPENs, and make SSH2.DIR and its contents the
files
> of interest to watch.  I don't believe there's any other way to see what
the
> SSH process is doing via SET WATCH FILE.
> 
> --

I use Process Multinet V5.6 in my lab using pretty much default settings and
have never had issues with idle sftp timeouts. Fwiw - I use Filezilla to
transfer files between Windows devices and VSI OpenVMS systems all the time.

Just a WAG, but is there a firewall between the client and the server? 

On a previous engagement in a previous lifetime, some strange, hard to pin
down, idle timeouts were caused by a firewall parameter setting. Our FW
folks found the issue by reviewing firewall logs when the timeouts occurred.

If there is a firewall in the mix, then reviewing the logs for the public
key transactions might be useful as well.

Regards,

Kerry Main
Kerry dot main at starkgaming dot com

-- 
This email has been checked for viruses by AVG.
https://www.avg.com