How understand some SSHD messages

All types of networks, network stacks, and protocols supported by OpenVMS.
Post Reply

Topic author
gcalliet
Contributor
Posts: 10
Joined: Mon Aug 05, 2024 11:13 am
Reputation: 0
Status: Offline

How understand some SSHD messages

Post by gcalliet » Wed Sep 25, 2024 12:11 pm

Hello,

SSHD speaks to me using these words:

vms_add_login_msg failed
vms_update_sysuaf_valid_access

(I find them in the ssh$sshd.exe image)

Is it possible to known where and why SSHD speaks so? It is somewhere on a ssh login using x11 forwarding, but I suspect it's some subtle inter-configuration with sysuaf. Because we have not the sources, it is impossible to have any clue about that.

Thanks for the ideas.


sms
Master
Posts: 433
Joined: Fri Aug 21, 2020 5:18 pm
Reputation: 0
Status: Offline

Re: How understand some SSHD messages

Post by sms » Wed Sep 25, 2024 2:18 pm

Code: Select all

> SSHD speaks to me using these words:

   I don't know what that means.
   
   Which version of SSHD?

> vms_add_login_msg failed
> vms_update_sysuaf_valid_access
> 
> (I find them in the ssh$sshd.exe image)

   Why do you care?  Is there some actual problem which you are trying
to solve?

   I know nothing, but VMS does keep records of successful logins in
SYS$SYSTEM:SYSUAF.DAT.

      set default sys$system
      pipe mcr authorize show system | search sys$input last

I would not be amazed if an SSHD for VMS had a VMS-specific function to
update those data.

   I'd guess that "vms_add_login_msg" might be related to
SYS$MANAGER:WELCOME.TXT and/or the logical name SYS$WELCOME.  But what
do I know?


Topic author
gcalliet
Contributor
Posts: 10
Joined: Mon Aug 05, 2024 11:13 am
Reputation: 0
Status: Offline

Re: How understand some SSHD messages

Post by gcalliet » Wed Sep 25, 2024 4:56 pm

I know nothing, but VMS does keep records of successful logins in
SYS$SYSTEM:SYSUAF.DAT.

set default sys$system
pipe mcr authorize show system | search sys$input last

I would not be amazed if an SSHD for VMS had a VMS-specific function to
update those data.

I'd guess that "vms_add_login_msg" might be related to
SYS$MANAGER:WELCOME.TXT and/or the logical name SYS$WELCOME. But what
do I know?



Very good ideas.
But : the recording of the ssh login in authorize is ok.
and there is a normal welcome.txt

the exact log from sshd is:
vms_update_sysuaf_valid_access: vms_add_login_msg failed with status 0

So: what do we know?


sms
Master
Posts: 433
Joined: Fri Aug 21, 2020 5:18 pm
Reputation: 0
Status: Offline

Re: How understand some SSHD messages

Post by sms » Wed Sep 25, 2024 6:32 pm

Code: Select all

> So: what do we know?

   All I have are negatives.

   At least one of us seems to have no idea how to report a problem.

   Among the things which I (and other non-psychics?) do not know:

   What you are doing.  Actual actions/commands.  Actual
results/messages.  Software versions (SSH client and server).

>  the exact log from sshd is:
> [...]

   Which log is that?  When you did _what_?


> [...] Is there some actual problem which you are trying to solve?

   Still a mystery.  What, exactly, are you trying to do with SSH? 
Remote login?  Remote command?  Is SSH not working as expected? 
Authentication method?  When you issue the (secret) command, what
(secret) things happen?  Is the only problem the message in the log?

   As usual, showing actual actions (commands) with their actual results
(behavior, error messages, ...) can be more helpful than vague (or
information-free) descriptions.  Copy+paste is your friend.

   How much time do you expect anyone to waste trying to guess what
you're doing/seeing?

   If there is some actual SSH problem, then adding one or more "-v"
options to the SSH command might provide some helpful information.
Last edited by sms on Wed Sep 25, 2024 6:35 pm, edited 1 time in total.


Topic author
gcalliet
Contributor
Posts: 10
Joined: Mon Aug 05, 2024 11:13 am
Reputation: 0
Status: Offline

Re: How understand some SSHD messages

Post by gcalliet » Tue Oct 01, 2024 11:34 am

I didn't want to disturb.

Action : login ssh from putty on windows

log :

$ type ssh$root:[var]x881_192_168_1_53_0000043a.log
Accepted password for system from 192.168.1.53 port 0 ssh2
vms_update_sysuaf_valid_access: vms_add_login_msg failed with status 0

$ product sho product openssh/full
------------------------------------ ----------- --------- ------------------------------------ ------------------------------------
PRODUCT KIT TYPE STATE MAINTENANCE REFERENCED BY
------------------------------------ ----------- --------- ------------------------------------ ------------------------------------
VSI X86VMS OPENSSH V8.9-1H01 Full LP Installed VSI X86VMS OPENVMS E9.2-3
------------------------------------ ----------- --------- ------------------------------------ ------------------------------------

Why do I want to connect with ssh? ->

I try to use the new feature x11 forwarding

I tried it on another platform where I installed only the new version of openssh to try it

In this other platform something is ok: if I say on putty ok to x11 forwarding, on VMS and if a do a $ set display there is a display automaticly created. But there is a problem with authentication operations. I read on this forum that the problem could be resolved with the last version of VMS and in it DECWINDOWS.

I installed the last VMS version on another platform. And I have the problem you can see ont the login log. And the display is not created.

I thought it wasn't a decwindow and authorisation issue, just something that goes wrong before x11 forwarding can do something.

To prove that I tried a ssh connection without x11 forwarding to see if I get the same loging log.

And yes, same problem - you see the log.

Because the configuration on this second platform is very the same as in the first one, I want to understand what is the cause on the problem before continuing my tests.

I can read programs. If I had sources of the openssh port (or a crystal ball) we'd waste a lot less time

Thank you for the help


greg@tssolutions.com.au
Contributor
Posts: 19
Joined: Wed May 29, 2024 10:29 am
Reputation: 0
Location: Australia
Status: Offline
Contact:

Re: How understand some SSHD messages

Post by greg@tssolutions.com.au » Tue Oct 01, 2024 8:32 pm

Interesting...

I have the same issue:
Putty
ubuntu
X11 X display location: localhost:0.0
MIT-Magic-Cookie-1: .Xauthority

vms
X11 X display location: localhost:0.0
MIT-Magic-Cookie-1: .Xauthority

X11 server Cygwin on Windows 11

Ubuntu
> echo $DISPLAY
localhost:10.0
> xcalc
displays as expected

vms
> show display
Device: WSA32: [user]
Node: vms0.tssolutions.com.au
Transport: TCPIP
Server: 10
Screen: 0
> mcr decw$calc
Xlib: connection to "_WSA32:" refused by server
Xlib: PuTTY X11 proxy: No authorisation provided

X Toolkit Error: Can't Open display
%DWT-F-NOMSG, Message number 03AB8204

product sho product openssh/full
------------------------------------ ----------- --------- ---------------------
--------------- ------------------------------------
PRODUCT KIT TYPE STATE MAINTENANCE
REFERENCED BY
------------------------------------ ----------- --------- ---------------------
--------------- ------------------------------------
VSI X86VMS OPENSSH V8.9-1I01 Full LP Installed
VSI X86VMS OPENVMS V9.2-2
------------------------------------ ----------- --------- ---------------------
--------------- ------------------------------------

So it looks like there is an issue with the X11 tunnel implementation. Can only assume it is a handshaking issue.
gt
VMS Ambassador
Downunder

User avatar

cct
Master
Posts: 201
Joined: Sat Aug 15, 2020 9:00 am
Reputation: 0
Location: Cambridge, UK
Status: Offline

Re: How understand some SSHD messages

Post by cct » Tue Oct 01, 2024 8:52 pm

Interesting.
I haven't yet upgraded to the latest SSH. - holding off until the of the problems have been fixed
I run VMS under KVM and use PuTTY from both Windows, and Ubuntu, and have never had any issues.
Admittedly, I haven't tried to use X, as I have only ever used it on an Alpha console, and earlier on a VXT using an Infoserver and VAX VMS 6.3 - both fairly disappointing
--
Chris

Post Reply