Re: SSH Server goes South (243 Views)
Reply
Frequent Advisor
Clark Powell
Posts: 106
Registered: ‎02-24-2005
Message 1 of 3 (243 Views)

SSH Server goes South

HP TCP/IP Services for OpenVMS Alpha Version V5.6 - ECO 5 on an AlphaServer ES40 running OpenVMS V8.3

One day, out of the blue, the SSH server on one of the nodes quits working. Logins rejected immediately. The run log only has this message:

%DCL-E-NOCMDPROC, error opening captive command procedure - access denied

Protections on those files that get run, TCPIP$SSH_DEVICE:LOGIN.COM & TCPIP$SYSTEM:TCPIP$SSH_RUN.COM, are
(RWED,RWED,RE,RE)

If we remove the restricted from the account that runs SSH, we can log in and the log indicates that LOGIN.COM does get run first and then TCPIP$SYSTEM:TCPIP$SSH_RUN.COM. Both files are executed without error so they are readable by the SSH account but there is something that makes OpenVMS reject the LOGIN.COM when the account is restricted.

I almost forgot to mention, the other node in the cluster has no problem with SSH. Both nodes use the same SSH account but have separate system disks with separate SSH files. We can find no differences in the files especially in protection.

any ideas?

thanks
Clark Powell
Please use plain text.
Trusted Contributor
Shriniketan Bhagwat
Posts: 308
Registered: ‎07-01-2009
Message 2 of 3 (243 Views)

Re: SSH Server goes South

[ Edited ]

Hi,

The similar topic was discussed in the below thread.

http://h30499.www3.hp.com/t5/System-Management/dcl-e-nocmdproc-error/m-p/5002618#M34143


Also refer the online help for the error message DCL-E-NOCMDPROC.

NOCMDPROC, error opening captive command procedure - access denied

Facility: CLI, Command Language Interpreter (DCL)

Explanation: When you attempted to log in, you failed because you have a
captive account and DCL received an error during the login.
For example, DCL could not find your LOGIN.COM file. You
may also have incorrect protection on the system's SYLOGIN
file (SYS$MANAGER:SYLOGIN.COM or /SYSTEM/EXEC logical). The
system's SYLOGIN file must be protected with at least WORLD:E
access to the file and the directory that contains it.

User Action: See your system manager.


Regards,
Ketan

Please use plain text.
Frequent Advisor
Clark Powell
Posts: 106
Registered: ‎02-24-2005
Message 3 of 3 (243 Views)

Re: SSH Server goes South

One might overlook the SYLOGIN.COM file if there are no other indications of a protection error and there wasn't but, in this case, it seems that the SYLOGIN.COM with no world access was the problem.

thanks
Clark Powell
Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation