Login or Register to Ask a Question and Join Our Community


UNIX for Advanced & Expert Users

SCP / SFTP successful but locks out target account

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users SCP / SFTP successful but locks out target account
# 1  
Old 03-26-2008
SCP / SFTP successful but locks out target account
Hi,

We have an interesting problem with F-Secure SSH (v 3.1.0) running on HP-UX. It seems that when scp or sftp commands are issued they are successful but it counts as a 'strike' against the target user locking the account out after 3 attempts.
When the user is re-enabled in SAM - it reports that the user was locked for too any unsuccessful login attempts. This is strange as the password is being accepted and the scp/sftp command successful.

An error is written to the syslog - "ssh-pam-client returned packet SSH_PAM_OP_ERROR. (err_num: 32, err_msgSmilie General Comercial Security error"

Is this a "feature" of my now outdated SSH client? The problem is not present after SSH keys are set-up. Also it is only apparent in SCP & SFTP but not in straightforward SSH or FTP.

Has anyone seen this before?

Cheers.
# 2  
Old 03-26-2008
Googling for this error message brings up at least the following very vague possiblities

* known bug with privilege separation, try turning off privsep? See https://bugzilla.mindrot.org/show_bug.cgi?id=423

* PAM problem, see if you can find a PAM guru?
# 3  
Old 03-27-2008
"General Comercial Security error" - I really liked that - I guess "Comercial" has to be "Commercial" ? Pretty funny error message.
And seriously, sorry that I can't help either, my suggestion is to contact the vendor.
# 4  
Old 03-27-2008
If you run SSH on HP-UX
I wonder why you didn't install the HPs' own port of OpenSSH that is neatly bundled into an easy to install and run SD depot,
and freely available for download in a pretty recent release
Hewlett-Packard Co.
If the provided URL isn't reachable go to
Hewlett-Packard Co.
and search for secure shell.

As you mention that the client gets locked out after 3 failed authorize attempts,
have you converted your HP-UX box to trusted system?
You can recognize if the following directory exists, /tcb/files/auth/

Also, how is your sshd configured?
Have you set MaxAuthTries in your sshd_config?
# 5  
Old 03-27-2008
We have the HP-UX port of OpenSSH on there too. Reason we put F-Secure on there is beyond me - probably because we use their PC desktop client too.
Canning F-Secure and firing up the OpenSSH sshd isn't really an option as all our SSH2 keys and scripts would fail.

Tried all sorts to resolve this. OS is in trusted mode, tried turning privsep off, maxauthtries is at default 3 (same as OS). Tried setting up a new user, modding groups, modding permissions ....

I'm putting this one down to a bug, or perhaps a PAM error.


Oh, and to be fair to them, the error msg does say 'commercial' rather than 'comercial' (only i couldnt copy/paste it).
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

How to check the status of sftp connection is successful or not in Linux?

Hi All, We are working on linux with putty terminal for file transferring using SFTP server... here we want to know /We have Urgent Requirement If SFTP connection is successfull then we should get .txt log file in target locaton as "Success/Failure" Please provide batch script for above... (7 Replies)
Discussion started by: sravanreddy
7 Replies

2. Shell Programming and Scripting

How to check whether the sftp script is successful??

hi, how can i check whether the sftp connectivity is successful or not?? i am using expect script to connect to sftp.. sftp_script spawn /usr/bin/sftp abc@ftp.xyz.com expect "abc@ftp.xyz.com's password:" send "password\r" expect "sftp>" send "mput *.txt\r" expect "sftp>" send "bye\r"... (8 Replies)
Discussion started by: Little
8 Replies

3. Shell Programming and Scripting

rm files after testing for successful scp

First off, I know this is sort of a rehash of similar questions that have been asked in other closed threads, but I haven't been able to figure out how to apply the answers provided in those threads to my scenario and make it work. I am working on a script in KSH on AIX 5.1 that will do a bulk... (1 Reply)
Discussion started by: derndingle
1 Replies

4. Shell Programming and Scripting

SFTP / SCP using password

Hi, I was provided with sftp servername, user and password and the requirement is to connect to sftp server using credentials provided and drop the file. Manually i am able to connect with commands like sftp user@servername and after clicking enter, i was asked for a password and entering... (4 Replies)
Discussion started by: forums123456
4 Replies

5. Shell Programming and Scripting

SFTP and SCP help

Hi All, I have to make an automated script that needs to do SFTP or SCP from my Unix server to another Unix server. I have gone through search of this website for sftp and scp. I really get confused when it talk about ssh key or rsh key and sftp -b thing I would really appreciate if... (4 Replies)
Discussion started by: pinnacle
4 Replies

6. Shell Programming and Scripting

For loop scp transfers check if all iterations successful

All, I am using a for loop to SCP a bunch of files in a directory. I am having it then drop a .ready file name. Is there a way to check for the success of all iterations and then email upon fail or success? Example of part of my script: for file in $ORIGLOC/* do ] &&... (2 Replies)
Discussion started by: markdjones82
2 Replies

7. Solaris

SFTP is successful but still shows timeout error

Hi, I am doing sftp from remote server1 to remote server2. This is done through a script. This script was working fine. But if i am tranfer files of 120 MB only some part of the file gets transferred (around 9 MB). Incase i put the same file manually it gets uploaded successfully. Can... (1 Reply)
Discussion started by: subiksha
1 Replies

8. AIX

what to use sftp or scp

hi, i have a weird problem i have to copy the file with caret(^) in it. but when i tries to copy with scp. It(scp) says that it cant use ^file_name scp mohit^narang user@machine/mohit^narang the error comes in the second parameter.if i used user@machine/mohit_narang(under score) instead... (2 Replies)
Discussion started by: narang.mohit
2 Replies

9. Shell Programming and Scripting

scp script for doing sftp

Hi, I have to do SFTP from Linux machine to Salaries SFTP folder. Using psftp I got the following fingur print and I know using scp I can go the sftp transfer. But I believe I need public key file generated. Can some one pls let me know how to generate the public file using following finger... (1 Reply)
Discussion started by: iamakshay
1 Replies

10. UNIX for Advanced & Expert Users

sftp vs scp

My transmit rates are waaay faster using scp over sftp....anyone know why scp is faster than sftp? I am using solaris 8 for my unix systems. -S (2 Replies)
Discussion started by: Sowser
2 Replies
Login or Register to Ask a Question