|
|
|
|
|||||||
| UNIX for Advanced & Expert Users Advanced UNIX and Linux questions go here. Expert-to-Expert. |
More UNIX and Linux Forum Topics You Might Find Helpful
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| File Locks | vijaykrc | HP-UX | 5 | 05-11-2008 01:41 PM |
| Change Account to not lock account if password expires | stringzz | UNIX for Dummies Questions & Answers | 1 | 04-04-2008 02:31 PM |
| Checking/ Releasing File Locks in Solaris | teenu18 | SUN Solaris | 0 | 01-09-2008 11:47 PM |
| Setting an account to be a non-login account automatically? | LordJezo | UNIX for Dummies Questions & Answers | 0 | 06-16-2006 06:28 AM |
| Read/write locks within and between processes. Can you help? | adamb | High Level Programming | 3 | 02-13-2006 08:35 AM |
 |
|
|
Submit Tools | LinkBack | Thread Tools | Display Modes |
03-26-2008
|
|||
|
|||
|
SCP / SFTP successful but locks out target account
Hi,
We have an interesting problem with F-Secure SSH (v 3.1.0) running on HP-UX. It seems that when scp or sftp commands are issued they are successful but it counts as a 'strike' against the target user locking the account out after 3 attempts. When the user is re-enabled in SAM - it reports that the user was locked for too any unsuccessful login attempts. This is strange as the password is being accepted and the scp/sftp command successful. An error is written to the syslog - "ssh-pam-client returned packet SSH_PAM_OP_ERROR. (err_num: 32, err_msg  General Comercial Security error"Is this a "feature" of my now outdated SSH client? The problem is not present after SSH keys are set-up. Also it is only apparent in SCP & SFTP but not in straightforward SSH or FTP. Has anyone seen this before? Cheers. 
|
| Forum Sponsor | ||
|
|
|
03-26-2008
|
|||
|
|||
|
Googling for this error message brings up at least the following very vague possiblities
* known bug with privilege separation, try turning off privsep? See https://bugzilla.mindrot.org/show_bug.cgi?id=423 * PAM problem, see if you can find a PAM guru?
|
|
03-27-2008
|
||||
|
||||
|
"General Comercial Security error" - I really liked that - I guess "Comercial" has to be "Commercial" ? Pretty funny error message.
And seriously, sorry that I can't help either, my suggestion is to contact the vendor.
|
|
03-27-2008
|
|||
|
|||
|
If you run SSH on HP-UX
I wonder why you didn't install the HPs' own port of OpenSSH that is neatly bundled into an easy to install and run SD depot, and freely available for download in a pretty recent release Hewlett-Packard Co. If the provided URL isn't reachable go to Hewlett-Packard Co. and search for secure shell. As you mention that the client gets locked out after 3 failed authorize attempts, have you converted your HP-UX box to trusted system? You can recognize if the following directory exists, /tcb/files/auth/ Also, how is your sshd configured? Have you set MaxAuthTries in your sshd_config?
|
|
03-27-2008
|
|||
|
|||
|
We have the HP-UX port of OpenSSH on there too. Reason we put F-Secure on there is beyond me - probably because we use their PC desktop client too.
Canning F-Secure and firing up the OpenSSH sshd isn't really an option as all our SSH2 keys and scripts would fail. Tried all sorts to resolve this. OS is in trusted mode, tried turning privsep off, maxauthtries is at default 3 (same as OS). Tried setting up a new user, modding groups, modding permissions .... I'm putting this one down to a bug, or perhaps a PAM error. Oh, and to be fair to them, the error msg does say 'commercial' rather than 'comercial' (only i couldnt copy/paste it).
|
|||
| Google UNIX.COM |
|
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
