[Info-vax] Process SSH for OpenVMS
VAXman- at SendSpamHere.ORG
VAXman- at SendSpamHere.ORG
Wed Jun 1 11:14:47 EDT 2022
In article <t77k91$b4p$1 at dont-email.me>, Chris Townley <news at cct-net.co.uk> writes:
>On 01/06/2022 11:15, VAXman- at SendSpamHere.ORG wrote:
>> In article <t77ebm$jn9$1 at dont-email.me>, Chris Townley <news at cct-net.co.uk> writes:
>>> On 01/06/2022 01:54, VAXman- at SendSpamHere.ORG wrote:
>>>> In article <t76er8$1ng$1 at dont-email.me>, Chris Townley <news at cct-net.co.uk> writes:
>>>>> On 31/05/2022 15:53, VAXman- at SendSpamHere.ORG wrote:
>>>>>> Is anybody here using Process SSH for OpenVMS?
>>>>>>
>>>>>> Trying to replace TCPIP Services ssh with Process Software's ssh so that
>>>>>> a customer can have some *modern* key exchange algorithms. Process's ssh
>>>>>> works *almost* but two issues (I'm working with Process support but maybe
>>>>>> somebody here has come across these issue) remain.
>>>>>>
>>>>>> 1. Public keys won't/don't work and
>>>>>> 2. sftp sessions timeout in about a minute of inactivity.
>>>>>>
>>>>>
>>>>> Not quite the same, but I use TCPWare, and can connect out of the box
>>>>> using keys from Windows or Linus boxes
>>>>
>>>> Your keys are stored in the users' SYS$LOGIN_DEVICE:[<home>.SSH2] directory?
>>>> Files are listed in the AUTHORIZATION. file as: KEY <public-key-filename>?
>>>
>>> Correct.
>>>>
>>>>
>>>>> ISTR you can control the sftp timeout - look at the manual. Personally I
>>>>> like them to expire sooner rather than later, rather like old unsecure FTP.
>>>>
>>>> I'd assume there is such a parameter but searching the "documentation" I've
>>>> yet to find a parameter to configure its timeout.
>>>
>>> You might want to look at the "IdleTimeOut" parameter in
>>> [TCPWARE.SSH2]SSHD2_CONFIG. file
>>>
>>> Sorry I cannot be more specific
>>
>> No problem. I'm just trying to get an answer as quickly as possible.
>>
>> I thought about it last night and today, I issued $ SET WATCH FILE/CLASS=ALL
>> and then, ran the SSH Master. This didn't do it. :( The master creates the
>> process that does all of the ssh hand-shaking and creates the pseudo-terminal
>> and process that is the logged-in process. I really need to watch what that
>> process, created by the SSH Master, is doing. :( I'll have to modify my RMS-
>> CDC code to log all file $OPENs, and make SSH2.DIR and its contents the files
>> of interest to watch. I don't believe there's any other way to see what the
>> SSH process is doing via SET WATCH FILE.
>>
>
>Don't forget the server process (sshd) uses its own config files - the
>global one is SSHD2_CONFIG. in SSH2_DIR:
>TCPWARE_SPECIFIC:[TCPWARE.SSH2] in my setup.
I added:
$ SET WATCH FILE/CLASS=ALL
to: MULTINET_COMMON_ROOT:[MULTINET.PSCSSH]START_SSHD2.COM
I issued $ SSHCTRL SET/DEBUG=6
I then issued an ssh from my MacBook Air and it created a log. Of course, I had
to password authenticate but...
The log file shows the SSHD accessing the SSH2.DIR but *NOTHING* in the directory
is access. Of coure, the first file is would need to access would be AUTHORIATION.
an it is NEVER touched according to the XQP tracings from SET WATCH. If it doesn't
access that, it doesn't see the "KEY <public-key-file>" entried to know the file's
name to be read for the key.
--
VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG
I speak to machines with the voice of humanity.
More information about the Info-vax
mailing list