[Info-vax] Process SSH for OpenVMS
Chris Townley
news at cct-net.co.uk
Wed Jun 1 13:51:25 EDT 2022
On 01/06/2022 16:14, VAXman- at SendSpamHere.ORG wrote:
> In article <t77k91$b4p$1 at dont-email.me>, Chris Townley <news at cct-net.co.uk> writes:
>> On 01/06/2022 11:15, VAXman- at SendSpamHere.ORG wrote:
>>> In article <t77ebm$jn9$1 at dont-email.me>, Chris Townley <news at cct-net.co.uk> writes:
>>>> On 01/06/2022 01:54, VAXman- at SendSpamHere.ORG wrote:
>>>>> In article <t76er8$1ng$1 at dont-email.me>, Chris Townley <news at cct-net.co.uk> writes:
>>>>>> On 31/05/2022 15:53, VAXman- at SendSpamHere.ORG wrote:
>>>>>>> Is anybody here using Process SSH for OpenVMS?
>>>>>>>
>>>>>>> Trying to replace TCPIP Services ssh with Process Software's ssh so that
>>>>>>> a customer can have some *modern* key exchange algorithms. Process's ssh
>>>>>>> works *almost* but two issues (I'm working with Process support but maybe
>>>>>>> somebody here has come across these issue) remain.
>>>>>>>
>>>>>>> 1. Public keys won't/don't work and
>>>>>>> 2. sftp sessions timeout in about a minute of inactivity.
>>>>>>>
>>>>>>
>>>>>> Not quite the same, but I use TCPWare, and can connect out of the box
>>>>>> using keys from Windows or Linus boxes
>>>>>
>>>>> Your keys are stored in the users' SYS$LOGIN_DEVICE:[<home>.SSH2] directory?
>>>>> Files are listed in the AUTHORIZATION. file as: KEY <public-key-filename>?
>>>>
>>>> Correct.
>>>>>
>>>>>
>>>>>> ISTR you can control the sftp timeout - look at the manual. Personally I
>>>>>> like them to expire sooner rather than later, rather like old unsecure FTP.
>>>>>
>>>>> I'd assume there is such a parameter but searching the "documentation" I've
>>>>> yet to find a parameter to configure its timeout.
>>>>
>>>> You might want to look at the "IdleTimeOut" parameter in
>>>> [TCPWARE.SSH2]SSHD2_CONFIG. file
>>>>
>>>> Sorry I cannot be more specific
>>>
>>> No problem. I'm just trying to get an answer as quickly as possible.
>>>
>>> I thought about it last night and today, I issued $ SET WATCH FILE/CLASS=ALL
>>> and then, ran the SSH Master. This didn't do it. :( The master creates the
>>> process that does all of the ssh hand-shaking and creates the pseudo-terminal
>>> and process that is the logged-in process. I really need to watch what that
>>> process, created by the SSH Master, is doing. :( I'll have to modify my RMS-
>>> CDC code to log all file $OPENs, and make SSH2.DIR and its contents the files
>>> of interest to watch. I don't believe there's any other way to see what the
>>> SSH process is doing via SET WATCH FILE.
>>>
>>
>> Don't forget the server process (sshd) uses its own config files - the
>> global one is SSHD2_CONFIG. in SSH2_DIR:
>> TCPWARE_SPECIFIC:[TCPWARE.SSH2] in my setup.
>
> I added:
>
> $ SET WATCH FILE/CLASS=ALL
>
> to: MULTINET_COMMON_ROOT:[MULTINET.PSCSSH]START_SSHD2.COM
>
> I issued $ SSHCTRL SET/DEBUG=6
>
> I then issued an ssh from my MacBook Air and it created a log. Of course, I had
> to password authenticate but...
>
> The log file shows the SSHD accessing the SSH2.DIR but *NOTHING* in the directory
> is access. Of coure, the first file is would need to access would be AUTHORIATION.
> an it is NEVER touched according to the XQP tracings from SET WATCH. If it doesn't
> access that, it doesn't see the "KEY <public-key-file>" entried to know the file's
> name to be read for the key.
>
You might be better off setting a debug level from the client, and
trapping to a log file - I have used that before
--
Chris
More information about the Info-vax
mailing list