Archive-Date: Mon, 7 Feb 2005 09:07:53 -0400 Resent-Date: Mon, 07 Feb 2005 09:03:21 -0500 Date: Mon, 07 Feb 2005 05:01:50 -0800 Resent-From: Geoff Bryant From: viswanath Reply-To: Info-TCPware@process.com Subject: TCPWARE trap receive error Resent-To: info-tcpware@process.com To: info-tcpware@process.com Resent-Message-ID: <01LKIN2AB89IB09JB5@PROCESS.COM> Message-ID: <1107781310.539548.214040@z14g2000cwz.googlegroups.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Hello, Background: VMS 7.3-2 TCPWARE 5.6 with all patches mentioned on the site. Problem: When ever I run management agents I receive traps which are not able to see. I recieve the following message: ================================================== Message received from 16.138.247.226 ================================================== Received: 3082010F 02010004 09656C6D 67696E6B 0........elmgink 676FA481 FE06097E 01040181 6800CE15 go.....~....h... 4004108A F7E20201 06020104 43030473 @...........C..s F63081DF 300C0608 2B060102 01010500 .0..0...+....... 04003011 060C2B06 01040181 680B020B ..0...+.....h... 01000201 00302006 0E2B0601 04018168 .....0 ..+.....h 0A020202 01030306 0E7E0104 0181680B .........~....h. 02040101 05060230 13060E2B 06010401 .......0...+.... 81680A02 02020104 03020104 3013060E .h..........0... 2B060104 0181680A 02020201 05030201 +.....h......... 27301306 0E2B0601 04018168 0A020202 '0...+.....h.... 01070302 01273023 060E2B06 01040181 .....'0#..+..... 680A0202 02010A03 0411496E 73696768 h.........Insigh 74205765 62204167 656E7430 13060E2B t Web Agent0...+ 06010401 81680A02 0202010C 03020104 .....h.......... 3021060E 2B060104 0181680A 02020201 0!..+.....h..... 0D03040F 5F564953 484E5524 444B4235 ...._VISHNU$DKB5 30303A 00: Error parsing received SNMP message. But at the same time If I send any traps using trap_rcv.exe I can receive: $trap_gen 1.3.6.1.4.1.232 100 100 I receive: ================================================== Message received from X.X.X.X ================================================== SNMPv1-Trap-PDU: community - 656C6D67 696E6B67 6F elmginkgo enterprise - 1.3.6.1.4.1.105 agent address - 16.138.247.226 trap type - Cold Start (0) timeticks - 3 Variable Binding List: 1.3.6.1.4.1.105 = null Any inputs on this. thanks and Warm Regards, kasiviswanath Jayachandra. ================================================================================ Archive-Date: Mon, 7 Feb 2005 09:57:52 -0400 Date: Mon, 07 Feb 2005 09:52:55 -0500 From: Richard Whalen Reply-To: Info-TCPware@process.com Subject: RE: TCPWARE trap receive error To: "'info-tcpware@process.com'" Message-ID: <63D30D6E10CFD11190A90000F805FE86051ACB6E@lespaul.process.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 You did not say what you are using to display the traps. (what program produced the output below?) Can you capture one of these with: NETCU TCPDUMP/SNAP=512 UDP PORT 162 Can you define/SYSTEM TCPARE_SNMP_DEBUG 0x140000 Note that this will cause tcpware:snmpserver.log to grow large quickly, so you will want to deassign the logical and restart SNMP after one of these traps has been sent. You should contact your support channel in order for a case to be logged on this. ---------------------- Richard Whalen Process Software -----Original Message----- From: viswanath [mailto:kashinj@rediffmail.com] Sent: Monday, February 07, 2005 8:02 AM To: info-tcpware@process.com Subject: TCPWARE trap receive error Hello, Background: VMS 7.3-2 TCPWARE 5.6 with all patches mentioned on the site. Problem: When ever I run management agents I receive traps which are not able to see. I recieve the following message: ================================================== Message received from 16.138.247.226 ================================================== Received: 3082010F 02010004 09656C6D 67696E6B 0........elmgink 676FA481 FE06097E 01040181 6800CE15 go.....~....h... 4004108A F7E20201 06020104 43030473 @...........C..s F63081DF 300C0608 2B060102 01010500 .0..0...+....... 04003011 060C2B06 01040181 680B020B ..0...+.....h... 01000201 00302006 0E2B0601 04018168 .....0 ..+.....h 0A020202 01030306 0E7E0104 0181680B .........~....h. 02040101 05060230 13060E2B 06010401 .......0...+.... 81680A02 02020104 03020104 3013060E .h..........0... 2B060104 0181680A 02020201 05030201 +.....h......... 27301306 0E2B0601 04018168 0A020202 '0...+.....h.... 01070302 01273023 060E2B06 01040181 .....'0#..+..... 680A0202 02010A03 0411496E 73696768 h.........Insigh 74205765 62204167 656E7430 13060E2B t Web Agent0...+ 06010401 81680A02 0202010C 03020104 .....h.......... 3021060E 2B060104 0181680A 02020201 0!..+.....h..... 0D03040F 5F564953 484E5524 444B4235 ...._VISHNU$DKB5 30303A 00: Error parsing received SNMP message. But at the same time If I send any traps using trap_rcv.exe I can receive: $trap_gen 1.3.6.1.4.1.232 100 100 I receive: ================================================== Message received from X.X.X.X ================================================== SNMPv1-Trap-PDU: community - 656C6D67 696E6B67 6F elmginkgo enterprise - 1.3.6.1.4.1.105 agent address - 16.138.247.226 trap type - Cold Start (0) timeticks - 3 Variable Binding List: 1.3.6.1.4.1.105 = null Any inputs on this. thanks and Warm Regards, kasiviswanath Jayachandra. ================================================================================ Archive-Date: Mon, 28 Feb 2005 09:53:29 -0400 Resent-Date: Mon, 28 Feb 2005 09:48:00 -0500 Date: Mon, 28 Feb 2005 14:05:56 +0000 (UTC) Resent-From: Geoff Bryant From: peter@langstoeger.at (Peter 'EPLAN' LANGSTOEGER) Subject: [TCPware V5.6-2] SSH Client and Server Problem Resent-To: info-tcpware@process.com To: info-tcpware@process.com Reply-To: Info-TCPware@process.com Resent-Message-ID: <01LLC0QV8SKYB0BLDV@PROCESS.COM> Message-ID: I just noted that I have problems with SSH on my system (OpenVMS Alpha V7.3-2) 1) I can't login with SSH to my system (no useful info in the logs) 2) I can't login with SSH to other systems getting the following: %DCL-W-ACTIMAGE, error activating image KRB$RTL -CLI-E-IMGNAME, image file DSA0:[SYS0.SYSCOMMON.][SYSLIB]KRB$RTL.EXE;1 -SYSTEM-F-PRIVINSTALL, shareable images must be installed to run privileged image And indeed, last change was, I installed KERBEROS V2.1-72 (instead of V2.0-6). I wasn't aware that TCPware SSH relies on HP KERBEROS. Is this the case ? I also saw KERBEROS Startup mentioning V2.0 instead of V2.1 (so the product is not that good as it could be). I also saw that I use SSH_V562P032, while there are newer ones. Will they eventually fix this my problem ? I also saw that I downloaded SSH_V562P050 some weeks ago, while now there is only a SSH_V562P040 online. What is the story behind this ECO change ? TIA -- Peter "EPLAN" LANGSTOEGER Network and OpenVMS system specialist E-mail peter@langstoeger.at A-1030 VIENNA AUSTRIA I'm not a pessimist, I'm a realist ================================================================================ Archive-Date: Mon, 28 Feb 2005 10:15:43 -0400 Date: Mon, 28 Feb 2005 10:10:32 -0500 From: Richard Whalen Reply-To: Info-TCPware@process.com Subject: RE: [TCPware V5.6-2] SSH Client and Server Problem To: info-tcpware@process.com Message-ID: <3EF96AF20489A34296050FBD5C36ECB905A270@beacon.PSC.process.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C51DA7.A594CF92" This is a multi-part message in MIME format. ------_=_NextPart_001_01C51DA7.A594CF92 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable SSH can use Kerberos for authentication. We ship a dummy image that is = used when the actual product isn't present, but use the actual images = when they are present. At least that's the goal; sometimes things don't = get started up exactly right. Try installing SYS$LIBRARY:KRB$RTL, and = see if that resolves the problem. The newer SSH patch may also fix your = problem, as there have been problems in the past with coordinating the = startup, and work was done to resolve it. I don't know when HP released Kerberos V2.1-72, so I don't know if was = available at the time the patch was made. The SSH_V562P050 patch was removed due to some problems with properly = detecting that it was licensed that some customers were having with it. = While not all customers experienced these problems, enough did that we = felt it was necessary to remove the kit until it is resolved. If it = works for you, fine, otherwise we recommend that you use the = SSH_V562P040 kit. Richard Whalen Process Software -----Original Message----- From: Peter 'EPLAN' LANGSTOEGER [mailto:peter@langstoeger.at] Sent: Monday, February 28, 2005 9:06 AM To: info-tcpware@process.com Subject: [TCPware V5.6-2] SSH Client and Server Problem I just noted that I have problems with SSH on my system (OpenVMS Alpha = V7.3-2) 1) I can't login with SSH to my system (no useful info in the logs) 2) I can't login with SSH to other systems getting the following: %DCL-W-ACTIMAGE, error activating image KRB$RTL -CLI-E-IMGNAME, image file DSA0:[SYS0.SYSCOMMON.][SYSLIB]KRB$RTL.EXE;1 -SYSTEM-F-PRIVINSTALL, shareable images must be installed to run = privileged image And indeed, last change was, I installed KERBEROS V2.1-72 (instead of = V2.0-6). I wasn't aware that TCPware SSH relies on HP KERBEROS. Is this the case = ? I also saw KERBEROS Startup mentioning V2.0 instead of V2.1 (so the = product is not that good as it could be). I also saw that I use SSH_V562P032, while there are newer ones. Will they eventually fix this my problem ? I also saw that I downloaded SSH_V562P050 some weeks ago, while now = there is only a SSH_V562P040 online. What is the story behind this ECO change = ? TIA --=20 Peter "EPLAN" LANGSTOEGER Network and OpenVMS system specialist E-mail peter@langstoeger.at A-1030 VIENNA AUSTRIA I'm not a pessimist, I'm a realist ------_=_NextPart_001_01C51DA7.A594CF92 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: [TCPware V5.6-2] SSH Client and Server Problem

SSH can use Kerberos for authentication.  We ship = a dummy image that is used when the actual product isn't present, but = use the actual images when they are present.  At least that's the = goal; sometimes things don't get started up exactly right.  Try = installing SYS$LIBRARY:KRB$RTL, and see if that resolves the = problem.  The newer SSH patch may also fix your problem, as there = have been problems in the past with coordinating the startup, and work = was done to resolve it.

I don't know when HP released Kerberos V2.1-72, so I = don't know if was available at the time the patch was made.

The SSH_V562P050 patch was removed due to some = problems with properly detecting that it was licensed that some = customers were having with it.  While not all customers experienced = these problems, enough did that we felt it was necessary to remove the = kit until it is resolved.  If it works for you, fine, otherwise we = recommend that you use the SSH_V562P040 kit.

Richard Whalen
Process Software

-----Original Message-----
From: Peter 'EPLAN' LANGSTOEGER [mailto:peter@langstoeger.at]
Sent: Monday, February 28, 2005 9:06 AM
To: info-tcpware@process.com
Subject: [TCPware V5.6-2] SSH Client and Server = Problem


I just noted that I have problems with SSH on my = system (OpenVMS Alpha V7.3-2)

1) I can't login with SSH to my system (no useful info = in the logs)
2) I can't login with SSH to other systems getting = the following:

 %DCL-W-ACTIMAGE, error activating image = KRB$RTL
 -CLI-E-IMGNAME, image file = DSA0:[SYS0.SYSCOMMON.][SYSLIB]KRB$RTL.EXE;1
 -SYSTEM-F-PRIVINSTALL, shareable images must be = installed to run privileged image

And indeed, last change was, I installed KERBEROS = V2.1-72 (instead of V2.0-6).
I wasn't aware that TCPware SSH relies on HP = KERBEROS. Is this the case ?

I also saw KERBEROS Startup mentioning V2.0 instead of = V2.1 (so the product
is not that good as it could be).

I also saw that I use SSH_V562P032, while there are = newer ones.
Will they eventually fix this my problem ?

I also saw that I downloaded SSH_V562P050 some weeks = ago, while now there
is only a SSH_V562P040 online. What is the story = behind this ECO change ?


TIA

--
Peter "EPLAN" LANGSTOEGER
Network and OpenVMS system specialist
E-mail  peter@langstoeger.at
A-1030 VIENNA  = AUSTRIA           =    I'm not a pessimist, I'm a realist

------_=_NextPart_001_01C51DA7.A594CF92-- ================================================================================ Archive-Date: Mon, 28 Feb 2005 10:30:30 -0400 Date: Mon, 28 Feb 2005 16:24:19 +0100 From: "Kurt A. Schumacher" Reply-To: Info-TCPware@process.com Subject: RE: [TCPware V5.6-2] SSH Client and Server Problem In-Reply-To: To: info-tcpware@process.com Message-ID: <000001c51da9$956722d0$eb010a0a@home.schumi.ch> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Hallo Peter, Still on V7.3, we had no chance to hit the Kerberos issue, as V.2.1-71 = can't be installed here. Matter of fact you can use Kerberos tickets for authenticating ssh sessions. Good stuff if you have Kerberos = deployed. Here some information sent to PSC mid January on the P050 issues: ---- To conclude the problems with the ssh_master.exe (P050): 1. Does not start as the "SSH Master" process without a PSC MULTINET-SSH = license. 2. Unable to launch the respective service process for ssh2 sessions (at = least). Release Notes: 3. Wrong source for the new sshd2_config.master Loss of control when restarting SSH or running a shutdown over a SSH = session: 4. It's no longer possible to restart ssh over a ssh2 session by = @tcpware:restart ssh - could be related to the wrong combination of wrapper and service images. The actual terminal process must _not_ be = shut on a process restart. 5. As above, it's no longer possible to reboot the OpenVMS system over = the ssh2 session - the terminal PTD and the SSH2D process in charge is killed with all the other sessions and the ssh wrapper. 6. Have not tried to restart TCPware over the ssh session, but assuming = the ssh shutdown killing the ssh terminal PTD and the SSH2D process will prohibit the shutdown process.=20 We can be wrong, but have been under the impression this was possible up = to P031. By the way, the same problem existed some years back with the TCPware telnetd; the code has been customized since so = telnet sessions can be used to restart TCPware completely or properly shutdown a system. ---- Either keep your fingers off P050 - or replace the ssh_master.exe image = with one of a previous verison! No clue how it was possible to release P050, tough. Nuff' said? -Kurt. ------------------------------------- Kurt A. Schumacher H=E4rdlenstrasse 116 CH-8302 Kloten=20 E-Mail: Kurt.Schumacher@decus.ch Phone +41 44 881 37 87 Fax +41 44 881 37 88 Mobile +41 79 330 45 15 ------------------------------------- -----Original Message----- From: Peter 'EPLAN' LANGSTOEGER [mailto:peter@langstoeger.at]=20 Sent: Monday, February 28, 2005 3:06 PM To: info-tcpware@process.com Subject: [TCPware V5.6-2] SSH Client and Server Problem ================================================================================ Archive-Date: Mon, 28 Feb 2005 16:26:22 -0400 Resent-Date: Mon, 28 Feb 2005 16:20:53 -0500 Date: Mon, 28 Feb 2005 20:44:21 +0000 (UTC) Resent-From: Geoff Bryant From: peter@langstoeger.at (Peter 'EPLAN' LANGSTOEGER) Subject: Re: [TCPware V5.6-2] SSH Client and Server Problem Resent-To: info-tcpware@process.com To: info-tcpware@process.com Reply-To: Info-TCPware@process.com Resent-Message-ID: <01LLCEH1DE0IB0BLDV@PROCESS.COM> Message-ID: In article , Brad Hamilton writes: >In January, I downloaded SSH_V562P050, and applied it; I noted a problem >with SSHD master, which I reported here on the list. Since I'm a >hobbyist, I expected and received no direct reply; perhaps if 050 is >pulled, it might be a result of my report? I saw your posting, but I saw no answer so far (but a lot of SPAM). I do however expect PSC to jump into the thread as usual. They do not differentiate (at least it used to be so) between postings from hobbyist and contract customers (contract customers have an additional support channel which has more priority of course). I also saw in the meantime HP KERBEROS V5 mentioned in the SSH ECO notes but I do not see it related to my problem. I haven't yet configured SSH for KERBEROS (how to ?), nor have I configured KERBEROS at all, yet. I only installed it (the older V2.0 version with V7.3-2, the newer V2.1 version now) to sometimes (=RSN) start playing with. I didn't configure V2.0 either. I might deinstall KERBEROS again, and/or run SSH with a higher debug level. -- Peter "EPLAN" LANGSTOEGER Network and OpenVMS system specialist E-mail peter@langstoeger.at A-1030 VIENNA AUSTRIA I'm not a pessimist, I'm a realist