HPUX Secure Shell Help (2290 Views)
Reply
Frequent Advisor
Jonathan Grymes
Posts: 80
Registered: ‎09-23-2004
Message 1 of 6 (2,290 Views)

HPUX Secure Shell Help

I just installed the latest Secure Shell (HP-UX_11i_v2_T1471AA_A.05.90.002_HP-UX_B.11.23_IA_PA.depot). The Install completed with errors. See the output below.

 

Summary of Analysis Phase:
       * 2 of 2 filesets had no Errors or Warnings.
       * The Analysis Phase succeeded.


       * Beginning the Install Execution Phase.
       * Filesets:         2
       * Files:            631
       * Kbytes:           30711
       * Installing bundle "T1471AA,r=A.05.90.002" .
       * Installing fileset "Secure_Shell.SECSH-CMN,r=A.05.90.002" (1
         of 2).
NOTE:    A new version of "/etc/rc.config.d/sshd" has been placed on
         the system. The new version is located at
         "/opt/ssh/newconfig/etc/rc.config.d/sshd".
         The existing version of "/etc/rc.config.d/sshd" is not being
         overwritten since it appears that it has been modified by the
         administrator since it was delivered.
       * Installing fileset "Secure_Shell.SECURE_SHELL,r=A.05.90.002"
         (2 of 2).
       * Running install clean command /usr/lbin/sw/install_clean.
NOTE:    tlinstall is searching filesystem - please be patient
NOTE:    Successfully completed

       * Beginning the Configure Execution Phase.
Could not obtain seed from PRNGd^M
ERROR:   could not start sshd
ERROR:   The "configure" script for "Secure_Shell.SECSH-CMN" failed
         (exit code "1"). The script location was
         "/var/tmp/BAAa21690/catalog/Secure_Shell/SECSH-CMN/configure".
       * This script had errors and the execution of this fileset
         cannot proceed until the problem is fixed.  Check the above
         output from the script for further details.
Could not obtain seed from PRNGd^M
ERROR:   could not start sshd
ERROR:   The "configure" script for "Secure_Shell.SECURE_SHELL" failed
         (exit code "1"). The script location was
         "/var/tmp/BAAa21690/catalog/Secure_Shell/SECURE_SHELL/configure".

       * This script had errors and the execution of this fileset
         cannot proceed until the problem is fixed.  Check the above
         output from the script for further details.

       * Summary of Execution Phase:
ERROR:       Installed     Secure_Shell.SECSH-CMN,r=A.05.90.002
ERROR:       Installed     Secure_Shell.SECURE_SHELL,r=A.05.90.002

Acclaimed Contributor
Torsten.
Posts: 23,451
Registered: ‎10-02-2001
Message 2 of 6 (2,284 Views)

Re: HPUX Secure Shell Help

This is probably the key message:

Could not obtain seed from PRNGd^M

Do you see the ^M?

Most of the times this is caused by a wrong FTP transfer of the depot file (ascii instead of binary) - this corrupts the depot!


Transfer again in binary mode, the install again.

Hope this helps!
Regards
Torsten.

__________________________________________________

There are only 10 types of people in the world -
those who understand binary, and those who don't.

__________________________________________________

No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
Acclaimed Contributor
Dennis Handly
Posts: 25,290
Registered: ‎03-06-2006
Message 3 of 6 (2,280 Views)

Re: HPUX Secure Shell Help

>caused by a wrong FTP transfer of the depot file (ascii instead of binary) - this corrupts the depot!

 

Hmm, I would have thought if the depot was corrupted, the checksums would all be bad and wouldn't even get to the configure stage.

Frequent Advisor
Jonathan Grymes
Posts: 80
Registered: ‎09-23-2004
Message 4 of 6 (2,270 Views)

Re: HPUX Secure Shell Help

I downloaded the depot again using the HP download manager. I got the same results on the install.

Frequent Advisor
Jonathan Grymes
Posts: 80
Registered: ‎09-23-2004
Message 5 of 6 (2,268 Views)

Re: HPUX Secure Shell Help

The ^M did not show up this time.

 

       * Installing bundle "T1471AA,r=A.05.90.002" .
       * Installing fileset "Secure_Shell.SECSH-CMN,r=A.05.90.002" (1
         of 2).
NOTE:    A new version of "/etc/rc.config.d/sshd" has been installed on
         the system.
NOTE:    A new version of "/opt/ssh/etc/ssh_config" has been installed
         on the system.
NOTE:    A new version of "/opt/ssh/etc/sshd_config" has been installed
         on the system.
NOTE:    A new version of "/opt/ssh/etc/moduli" has been installed on
         the system.
NOTE:    A new version of "/opt/ssh/etc/ssh_prng_cmds" has been
         installed on the system.
       * Installing fileset "Secure_Shell.SECURE_SHELL,r=A.05.90.002"
         (2 of 2).
       * Running install clean command /usr/lbin/sw/install_clean.
NOTE:    tlinstall is searching filesystem - please be patient
NOTE:    Successfully completed

       * Beginning the Configure Execution Phase.
Could not obtain seed from PRNGd
ERROR:   could not start sshd
ERROR:   The "configure" script for "Secure_Shell.SECSH-CMN" failed
         (exit code "1"). The script location was
         "/var/tmp/BAAa09782/catalog/Secure_Shell/SECSH-CMN/configure".
       * This script had errors and the execution of this fileset
         cannot proceed until the problem is fixed.  Check the above
         output from the script for further details.
Could not obtain seed from PRNGd
ERROR:   could not start sshd
ERROR:   The "configure" script for "Secure_Shell.SECURE_SHELL" failed
         (exit code "1"). The script location was
         "/var/tmp/BAAa09782/catalog/Secure_Shell/SECURE_SHELL/configure".

Honored Contributor
Bill Hassell
Posts: 14,225
Registered: ‎05-29-2000
Message 6 of 6 (2,265 Views)

Re: HPUX Secure Shell Help

[ Edited ]

This is the problem:

 

Could not obtain seed from PRNGd
ERROR:   could not start sshd

 

This exact failure had me running around in circles. The kernel random number generator is not running. If I ran kcmodule to load the rng module manually (kcmodule rng=loaded), sshd would start normally. The root cause was very obscure. There were bad options for /stand (tranflush,mincache=dsync) which were not valid. In syslog:

 

UX:vxfs mount: ERROR: V-3-21262: option not supported on this version of vxfs.
Unable to mount /stand - please check entries in /etc/fstab
Skipping KRS database initialization - /stand can't be mounted

This means that none of the DLKM items were loaded included rng, the random number generator. After I fixed the /stand options in fstab:

/sbin/krs_sysinit:
       * The module 'rng' has been loaded.
       * The module 'gvid_info' has been loaded.
       * The module 'fdd' has been loaded.

 and sshd started normally after a reboot. Here are some factoids about the rng module:

 

rng is a dynamically loadable kernel module (DLKM). It is significantly faster and more efficient than previous RNG code. PRNGd is the classic Pseudo Random Number Generator daemon that used to be fueled by various commands that tried to generate entropy. The rng module eliminates all that overhead. In 11.11, the KRNG product helped a lot but was not a kernel module. rng first appeared at 11.23 and provides a data stream for /dev/random and /dev/urandom. init starts the DLKM load steps by running the directives in inittab which includes ioinitrc. Then ioinitrc starts krs_sysinit which loads the DLKM modules.

 

Most of the time, DLKM errors will be logged in syslog.log

 

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.