Re: issues with SSH on HP-UX 11.23 (643 Views)
Posts: 36
Registered: ‎05-04-2010
Message 1 of 3 (857 Views)
Accepted Solution

issues with SSH on HP-UX 11.23

I have an old HP-UX 11.23 box I am supporting, and recently had to upgrade the openssl to fix several OpenSSL vulnerabilities.  After updating I am getting weird errors in the syslog everytime someone logs in:


error: PAM: pam_open_session(): Can not make/remove entry for session



It does not appear to prevent the sessions or cause problems.  The versions of the software I have installed:



# swlist | grep -i ssl
  OpenSSL                               A.00.09.08w.002 Secure Network Communications Protocol
  openssl                               0.9.8k         openssl





- Sean

Honored Contributor
Posts: 1,748
Registered: ‎06-23-2000
Message 2 of 3 (792 Views)

Re: issues with SSH on HP-UX 11.23

Have a look at your /etc/pam.conf, you could be missing an entry for session management... if there are no "sshd" entries, then ssh will use "other" for auth, account, session and password management when using pam.


If you aren't sure what to look for in your pam.conf, post it here or at the very least post the output from:


   grep -i -E 'sshd|other' /etc/pam.conf


You could also review the /usr/newconfig/etc/pam.conf file paying close attention to any 'sshd' or 'other' entries and comparing those to your /etc/pam.conf file.


Was anything else updated at the time you updated openssl?  Maybe SecureShell?







Posts: 36
Registered: ‎05-04-2010
Message 3 of 3 (643 Views)

Re: issues with SSH on HP-UX 11.23

I ended up waiting until the next release of OpenSSL was available and installed "A.00.09.08y.002" on the affected server.  I also removed the 0.9.8k version, as that appears to be an old version.  After updating/removing depots, the errors being generated stopped appearing in syslog.log.


I went back and did an md5 on the old openssl package and it appers to be a corrupt download.

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.