Mailing List Archive

Conserver on Solaris 11.4
Hi,

I'm trying to run conserver 8.2.4 on Solaris 11.4 (I have it working on
Solaris 10)

I use ssh and telnet to connect to different machine ILOM's using the
exec command.

Telnet works fine but I'm having issues with ssh.

# console smex32a
[Enter `^Ec?' for help]
Permission denied (publickey,keyboard-interactive).

"/bin/ssh smex32a-sp -l root" on its own from the command line, connects
and lets me input the password.

info from conserver.cf
console smex32a { type exec; exec /bin/ssh smex32a-sp -l root; }

If I do a truss and try to connect I see the following error accessing
/dev/tty

28759 ./conserver -d -i -o -E
27480 /bin/ssh smex32a-sp -l root


# truss -fae -p 28759
<snip>
26858: openat(AT_FDCWD, "/dev/tty", O_RDWR) Err#6 ENXIO
26858: openat(AT_FDCWD, "/dev/tty", O_RDWR) Err#6 ENXIO

also adding -vv to the exec ssh shows this

debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
debug1: read_passphrase: can't open /dev/tty: No such device or address

I've attached the config.h file with some locations and hostnames ommited.

Its worth noting that the solaris 10 box uses

Sun_SSH_1.1.5, SSH protocols 1.5/2.0, OpenSSL 0x0090704f

While the Solaris 11.4 box uses

OpenSSH_7.7p1, OpenSSL 1.0.2r  26 Feb 2019

Many Thanks

Ciaran

--
<http://www.oracle.com/>
*Ciaran McGirl*
Senior Software Engineer, Software Maintenance Engineering

Hardware and Software, Engineered to Work Together <http://www.oracle.com>
Re: Conserver on Solaris 11.4 [ In reply to ]
> "/bin/ssh smex32a-sp -l root" on its own from the command line, connects and lets me input the password.

You’ll need to get key-based authentication working. There’s no place for ssh to ask for a password from a user (it wants to bypass stdin/stdout).

I believe that’s the root of the problem. How that may be different than your Solaris 10 setup is a bit of a mystery, but could that be bypassing a password prompt? Or I’m totally misinterpreting all this and I’m totally off base. ;-)

Bryan
_______________________________________________
users mailing list
users@conserver.com
https://www.conserver.com/mailman/listinfo/users
Re: Conserver on Solaris 11.4 [ In reply to ]
Ho,

FWIW here's what we use on ILOMs:

default ilom {
break 1;
exec /opt/conserver/ilom/sol.ilom Z;
execsubst Z=cs;
motd "ILOM. Use \"Ctrl+E c ?\" for help, \"Esc (\" to reinit";
options !ondemand;
type exec;
}

And here's the exec script:

https://gist.github.com/faxm0dem/d026d9e0c6178eb6c8e23a51f0012903
Re: Conserver on Solaris 11.4 [ In reply to ]
Hi,

Thanks for the response, I managed to workaround this by using Fabien's
expect scripts to call ssh that he mentioned in another mail.

It's strange that calling /bin/telnet directly from conserver works yet
ssh doesn't.

One other thing I did notice was that Solaris 10 uses pty.h to compile
but Solaris 11.4 used openpty, for anyone comes across this and decides
to dig deeper :)

Thanks for the help Bryan and Fabien.

Ciaran

On 18/02/2020 16:57, Bryan Stansell via users wrote:
>
>> "/bin/ssh smex32a-sp -l root" on its own from the command line, connects and lets me input the password.
> You’ll need to get key-based authentication working. There’s no place for ssh to ask for a password from a user (it wants to bypass stdin/stdout).
>
> I believe that’s the root of the problem. How that may be different than your Solaris 10 setup is a bit of a mystery, but could that be bypassing a password prompt? Or I’m totally misinterpreting all this and I’m totally off base. ;-)
>
> Bryan
> _______________________________________________
> users mailing list
> users@conserver.com
> https://urldefense.com/v3/__https://www.conserver.com/mailman/listinfo/users__;!!GqivPVa7Brio!MdzqEVoGv60Aqqvo8-kW39Y7WAD25jYMMKoCNztRjA9z3RsEzt-Ob_Hda4IpIzzDXw$
--
<http://www.oracle.com/>
*Ciaran McGirl*
Senior Software Engineer, Software Maintenance Engineering


Hardware and Software, Engineered to Work Together <http://www.oracle.com>