Dan Foster
2004-09-02 06:55:25 UTC
I'm seeing a behavior that I don't quite understand with Multinet v5.0
on an OpenVMS/Alpha 7.3-1 system.
I can't call this one in to support, and it isn't really that critical
since things work. :) So it's just more of a curiosity, really.
If I do a ssh v2 login to SYSTEM on my VMS box, dubhe... it says there's
a login failure since last login and at the same time, the following
OPCOM message appears on OPA0:
%%%%%%%%%%% OPCOM 1-SEP-2004 23:38:47.52 %%%%%%%%%%%
Message from user AUDIT$SERVER on DUBHE
Security alarm (SECURITY) and security audit (SECURITY) on DUBHE, system id: 1025
Auditable event: Network login failure
Event time: 1-SEP-2004 23:38:47.52
PID: 0000021A
Process name: SSHD 0000
Username: system
Remote nodename: <a remote IP address>
Remote node id: <a remote node ID>
Remote username: SSH:SYSTEM
Status: %LOGIN-F-USERAUTH, error accessing authorization record
Yet I don't see either message when I do a ssh v1 login.
I'm not sure I understand what exactly is special about ssh v2 vs v1 for
%LOGIN-F-USERAUTH such that ssh v1 logins don't trigger this? Is it
something to do with password lifetime/expiration checks?
Is there a way to pin down what exactly ssh v2 is trying to do with
respect to the user authentication information?
I know it's trying to access a record, but it's not clear which record
nor why the access attempt failed.
Of note: the system is freshly installed, and right now, the only
modifications to it are:
a) It has five key 7.3-1 ECOs applied (and rebooted after each)
Latest version of each ECO: RMS, UPDATE, PCSI, XFC, LAN.
b) Multinet 5.0 is the only third party layered product installed.
No add'l LPs has been installed for the base system, either.
c) No modifications has been made to the base install other than
for starting Multinet, DECnet, and SYS$BATCH... defining key
systemwide logicals (eg SYSUAF), as well as adding a single
user account.
d) No DECwindows running, and system has already been AUTOGEN'd
for proper Multinet operation.
-Dan
on an OpenVMS/Alpha 7.3-1 system.
I can't call this one in to support, and it isn't really that critical
since things work. :) So it's just more of a curiosity, really.
If I do a ssh v2 login to SYSTEM on my VMS box, dubhe... it says there's
a login failure since last login and at the same time, the following
OPCOM message appears on OPA0:
%%%%%%%%%%% OPCOM 1-SEP-2004 23:38:47.52 %%%%%%%%%%%
Message from user AUDIT$SERVER on DUBHE
Security alarm (SECURITY) and security audit (SECURITY) on DUBHE, system id: 1025
Auditable event: Network login failure
Event time: 1-SEP-2004 23:38:47.52
PID: 0000021A
Process name: SSHD 0000
Username: system
Remote nodename: <a remote IP address>
Remote node id: <a remote node ID>
Remote username: SSH:SYSTEM
Status: %LOGIN-F-USERAUTH, error accessing authorization record
Yet I don't see either message when I do a ssh v1 login.
I'm not sure I understand what exactly is special about ssh v2 vs v1 for
%LOGIN-F-USERAUTH such that ssh v1 logins don't trigger this? Is it
something to do with password lifetime/expiration checks?
Is there a way to pin down what exactly ssh v2 is trying to do with
respect to the user authentication information?
I know it's trying to access a record, but it's not clear which record
nor why the access attempt failed.
Of note: the system is freshly installed, and right now, the only
modifications to it are:
a) It has five key 7.3-1 ECOs applied (and rebooted after each)
Latest version of each ECO: RMS, UPDATE, PCSI, XFC, LAN.
b) Multinet 5.0 is the only third party layered product installed.
No add'l LPs has been installed for the base system, either.
c) No modifications has been made to the base install other than
for starting Multinet, DECnet, and SYS$BATCH... defining key
systemwide logicals (eg SYSUAF), as well as adding a single
user account.
d) No DECwindows running, and system has already been AUTOGEN'd
for proper Multinet operation.
-Dan