[Info-vax] rx8640 ILO MP port faulty?

Tue Jul 11 10:31:59 EDT 2023

On 2023-07-11 09:15:05 +0000, David Turner said:

> Try an old windows 7 box that wasn't recently updated and then connect 
> to it SSH and Browsers all fail here when I try to connect to an 
> rx2660. New SSL/TLS requirements prevent connection
> Pain in the aXX

Ayup.

Under-maintained and unmaintained configurations—Windows prior to 10, 
iLO 2 and 3, OpenVMS itself up to the work by VSI—will block access 
when connecting from or to maintained configurations.

We're on a treadmill of upgrades; software and hardware.

If what you're connecting from is more recent—Windows 7, not so 
much—then ssh connections can be downgraded. ssh servers you control 
can also be downgraded. Otherwise, yes, blockages arise.

The following sethost bash might work with WSL or WSL2 on Windows too, 
not that I have a way to test that configuration. Check the local 
Windows ssh client for its particularly connection upgrade and 
downgrade details.

It is also possible to add host-specific connection scripts into the 
local ssh configuration files. Local preference is to avoid that, 
though it does work.

Windows 8.1 is 2013, 8 was 2012, 7 from 2009 with its last service pack 
in 2011. (That's all before VSI even existed, too.)

#!/bin/bash
# sethost script to connect to remote systems, using whatever
# connection protocol and command is appropriate for the
# target server. ssh, telnet, whatever.
#
# with ssh, this script can be substituted for an entry added into
# the ssh configuration file to downgrade the connection. When
# connecting into HPE OpenVMS servers:
#
#Host server.example.com
# HostKeyAlgorithms ssh-dss
# KexAlgorithms diffie-hellman-group1-sha1
#
# This as most HPE OpenVMS systems and iLO have too-old
# ssh servers. VSI OpenVMS does better, here.
#
# The related ssh downgrade command follows:
#
# ssh -o HostKeyAlgorithms=ssh-rsa,ssh-dss -o
KexAlgorithms=diffie-hellman-group1-sha1 -o Ciphers=aes128-cbc,3des-cbc
-o MACs=hmac-md5,hmac-sha1 User at Server.Example.Com
#
if [ "$1" = "-h" ]
then
echo "Issues the ssh command to the specified host"
echo "usage: $0 [option] [host]"
echo " -h display this help text"
exit
fi

host=`echo $1 | tr a-z A-Z`
case "${host}" in
FOO)
ssh -q hoffman at foo.example.net
;;
CLUSTER | VMS1 | VMS2 )
ssh -o HostKeyAlgorithms=ssh-rsa,ssh-dss -o
KexAlgorithms=diffie-hellman-group1-sha1 -o Ciphers=aes128-cbc,3des-cbc
-o MACs=hmac-md5,hmac-sha1 Hoffman at Example.Org
;;
IOT)
telnet hoffman at iot.example.net
;;
* )
echo "Unrecognized destination host $1 specified"
;;
esac
echo " "

-- 
Pure Personal Opinion | HoffmanLabs LLC 