OpenSSH command definition resulting in a warning accounting record

OpenVMS x86 Field Test questions, reports, and feedback.

Topic author
agn453
Contributor
Posts: 11
Joined: Tue Aug 18, 2020 1:05 am
Reputation: 0
Status: Offline

OpenSSH command definition resulting in a warning accounting record

Post by agn453 » Mon May 08, 2023 5:04 am

I'm a community field tester using OpenVMS x86_64 E9.2-1 with
OpenSSH V8.9-1D.

Today I went chasing accounting file entries whenever a BATCH or
INTERACTIVE logs in (which I thought was indicating a problem with
one of my SYLOGIN or LOGIN command files) -

Code: Select all

$ ACC/SINCE=8-May-2023
SUBPROCESS Process Termination
------------------------------
Username:          SYSTEM            UIC:               [SYSTEM]
Account:           SYSTEM            Finish time:        8-MAY-2023 00:00:00.11
Process ID:        000004C5          Start time:         8-MAY-2023 00:00:00.06
Owner ID:          000004C4          Elapsed time:                0 00:00:00.04
Terminal name:                       Processor time:              0 00:00:00.05
Remote node addr:                    Priority:          4
Remote node name:                    Privilege <31-00>: FFFFFFFF
Remote ID:                           Privilege <63-32>: FFFFFFFF
Remote full name:
Posix UID:         -2                Posix GID:         -2 (%XFFFFFFFE)
Queue entry:                         Final status code: 00038140
Queue name:
Job name:
Final status text: %CLI-W-UNDSYM, undefined symbol - check validity and spelling
Page faults:              206        Direct IO:                  0
Page fault reads:           9        Buffered IO:               88
Peak working set:        3632        Volumes mounted:            0
Peak page file:        224608        Images executed:            3
It results from a PIPE command in the OpenSSH command definition setup
file SSH$ROOT:[BIN]SSH$DEFINE_COMMANDS.COM which I invoke from my
SYLOGIN.COM. The DCL at line 92 is

Code: Select all

$ pipe show symbol SSH_ADD | search sys$pipe TCPIP$SSH /nowarning/nolog/nooutput
$ if f$message($STATUS, "SEVERITY") .eqs. "%S"
and the symbol SSH_ADD is not defined (on my system) - hence the pipe
exits with the undefined symbol status warning.

To prevent such superfluous accounting file entries, I suggest these two lines get
replaced with the following DCL -

Code: Select all

$ if f$locate("TCPIP$SSH","''SSH_ADD'") .lt. f$length("''SSH_ADD'")
(this tests if the symbol SSH_ADD contains the string TCPIP$SSH too)

Can you please pass this message on to the maintainers of the OpenSSH port.

Thanks
Tony Nicholson
Last edited by mister.moderator on Wed May 24, 2023 3:20 am, edited 1 time in total.

Tags:

User avatar

volkerhalle
Master
Posts: 191
Joined: Fri Aug 14, 2020 11:31 am
Reputation: 0
Status: Offline

Re: OpenSSH command definition resulting in a warning accounting record

Post by volkerhalle » Mon May 08, 2023 5:24 am

agn453 wrote:
Mon May 08, 2023 5:04 am

Code: Select all

$ if f$locate("TCPIP$SSH","''SSH_ADD'") .lt. f$length("''SSH_ADD'")
Tony,

you're sure, that this works ?

VOLKER $ write sys$output f$locate("TCPIP$SSH","''SSH_ADD'")
37
VOLKER $ write sys$output f$length("''SSH_ADD'")
37
VOLKER $ del/sym/glo ssh_add
VOLKER $ write sys$output f$locate("TCPIP$SSH","''SSH_ADD'")
0
VOLKER $ write sys$output f$length("''SSH_ADD'")
0

This test NEVER becomes TRUE !

It should probably FIRST be tested, whether the SSH_ADD symbol does exist at all with:

$ IF F$TYPE(ssh_add).NES.""

Volker.


Topic author
agn453
Contributor
Posts: 11
Joined: Tue Aug 18, 2020 1:05 am
Reputation: 0
Status: Offline

Re: OpenSSH command definition resulting in a warning accounting record

Post by agn453 » Mon May 08, 2023 5:32 am

SSH_ADD never contains TCPIP$SSH on my system.. It is always
undefined when the SYLOGIN.COM runs. After running it is

$ sh sym ssh_add
SSH_ADD == "$SSH$ROOT:[BIN.X86_64]SSH$SSH-ADD.EXE"

I don't know the background for checking for this (perhaps it is guarding
against a version of SSH with an old version of TCP/IP Services).

Tony

User avatar

volkerhalle
Master
Posts: 191
Joined: Fri Aug 14, 2020 11:31 am
Reputation: 0
Status: Offline

Re: OpenSSH command definition resulting in a warning accounting record

Post by volkerhalle » Mon May 08, 2023 5:46 am

Tony,

the 'old' TCPIP SSH Secure Shell OpenVMS (V1.0) 3.2.0 product uses:

$ SHOW SYMB ssh_add
SSH_ADD*2 == "$SYS$SYSTEM:TCPIP$SSH_SSH-ADD2.EXE"

The OpenSSH procedure SSH$DEFINE_COMMANDS.COM seems to try and detect, if this kind of symbol is still defined and delete it (together with SSH_AGENT and SSH_KEYGEN global symbols).

Volker.


Topic author
agn453
Contributor
Posts: 11
Joined: Tue Aug 18, 2020 1:05 am
Reputation: 0
Status: Offline

Re: OpenSSH command definition resulting in a warning accounting record

Post by agn453 » Mon May 08, 2023 7:06 am

volkerhalle wrote:
Mon May 08, 2023 5:24 am
agn453 wrote:
Mon May 08, 2023 5:04 am

Code: Select all

$ if f$locate("TCPIP$SSH","''SSH_ADD'") .lt. f$length("''SSH_ADD'")
Tony,

you're sure, that this works ?

VOLKER $ write sys$output f$locate("TCPIP$SSH","''SSH_ADD'")
37
VOLKER $ write sys$output f$length("''SSH_ADD'")
37
VOLKER $ del/sym/glo ssh_add
VOLKER $ write sys$output f$locate("TCPIP$SSH","''SSH_ADD'")
0
VOLKER $ write sys$output f$length("''SSH_ADD'")
0

This test NEVER becomes TRUE !
If the substring TCPIP$SSH is in the SSH_ADD string, then f$locate()
returns a position less than the length of the string in SSH_ADD.

I did test this. It's just the case being tested for is never true on our
installations of OpenVMS.

Tony

User avatar

volkerhalle
Master
Posts: 191
Joined: Fri Aug 14, 2020 11:31 am
Reputation: 0
Status: Offline

Re: OpenSSH command definition resulting in a warning accounting record

Post by volkerhalle » Mon May 08, 2023 9:59 am

agn453 wrote:
Mon May 08, 2023 7:06 am
I did test this. It's just the case being tested for is never true on our
installations of OpenVMS.
Tony,

yes, you're right. To be perfect, just use F$EDIT(''SSH_ADD',"UPCASE") instead of just "''ssh_add'" - the SEARCH command in the PIPE would also find lowercase or mixed-case TCPIP$SSH strings ;-)

And this code is much better than using an OpenVMS PIPE command involving a costly sub-process creation and also creating a subprocess accounting record with an error status !

Whoever has ported OpenSSH to OpenVMS does not seem to have been an experienced OpenVMS DCL programmer.

Volker.


tim.stegner
VSI Expert
Valued Contributor
Posts: 55
Joined: Wed Jul 21, 2021 9:14 am
Reputation: 0
Status: Offline

Re: OpenSSH command definition resulting in a warning accounting record

Post by tim.stegner » Mon May 08, 2023 11:13 am

howdy. The code doesn't appear to take into account that indeed SSH_ADD hasn't been defined, as it -was- previously before SSH stuff was excised from the TCPIP$DEFINE_COMMANDS.COM file.

As you'd helpfully supplied corrected code, might you submit a problem report via the portal reporting system for this issue? I'll make sure it's forwarded onto the OpenSSH team

thanks, -Tym (Tim Stegner, VMS Support)

User avatar

volkerhalle
Master
Posts: 191
Joined: Fri Aug 14, 2020 11:31 am
Reputation: 0
Status: Offline

Re: OpenSSH command definition resulting in a warning accounting record

Post by volkerhalle » Mon May 08, 2023 11:31 am

agn453 wrote:
Mon May 08, 2023 5:04 am
Can you please pass this message on to the maintainers of the OpenSSH port.
Tony,

would you want to log this problem through the VSI Service Portal ? Or do you want me to do this ?

Volker.


Topic author
agn453
Contributor
Posts: 11
Joined: Tue Aug 18, 2020 1:05 am
Reputation: 0
Status: Offline

Re: OpenSSH command definition resulting in a warning accounting record

Post by agn453 » Mon May 08, 2023 5:53 pm

volkerhalle wrote:
Mon May 08, 2023 11:31 am
agn453 wrote:
Mon May 08, 2023 5:04 am
Can you please pass this message on to the maintainers of the OpenSSH port.
Tony,

would you want to log this problem through the VSI Service Portal ? Or do you want me to do this ?

Volker.
Please do so - thanks Volker.

I thought as "community license" testers we had to report issues via the forum.

BTW: In my career I hadn't used TCPIP Services (UCX) from DEC/Compaq/HP/VSI
before - instead I used Multinet. My first exposure to VMS was 43 years ago - so I
guess you could call me an "experienced DCL programmer". I'm quite impressed with
the ease in configuring the TCPIP product - I even have my test instance up with IPv6.

Tony

User avatar

volkerhalle
Master
Posts: 191
Joined: Fri Aug 14, 2020 11:31 am
Reputation: 0
Status: Offline

Re: OpenSSH command definition resulting in a warning accounting record

Post by volkerhalle » Tue May 09, 2023 2:25 am

Reported as SPS-1051

Post Reply