Re: issues with SSH on HP-UX 11.23 (483 Views)
Reply
Advisor
Sean M.
Posts: 36
Registered: ‎05-04-2010
Message 1 of 3 (697 Views)
Accepted Solution

issues with SSH on HP-UX 11.23

I have an old HP-UX 11.23 box I am supporting, and recently had to upgrade the openssl to fix several OpenSSL vulnerabilities.  After updating I am getting weird errors in the syslog everytime someone logs in:

 

error: PAM: pam_open_session(): Can not make/remove entry for session

 

 

It does not appear to prevent the sessions or cause problems.  The versions of the software I have installed:

 

 

# swlist | grep -i ssl
  OpenSSL                               A.00.09.08w.002 Secure Network Communications Protocol
  openssl                               0.9.8k         openssl

 

Thanks,

 

 

- Sean

Honored Contributor
Denver Osborn
Posts: 1,749
Registered: ‎06-23-2000
Message 2 of 3 (632 Views)

Re: issues with SSH on HP-UX 11.23

Have a look at your /etc/pam.conf, you could be missing an entry for session management... if there are no "sshd" entries, then ssh will use "other" for auth, account, session and password management when using pam.

 

If you aren't sure what to look for in your pam.conf, post it here or at the very least post the output from:

 

   grep -i -E 'sshd|other' /etc/pam.conf

 

You could also review the /usr/newconfig/etc/pam.conf file paying close attention to any 'sshd' or 'other' entries and comparing those to your /etc/pam.conf file.

 

Was anything else updated at the time you updated openssl?  Maybe SecureShell?

 

-denver

 

 

 

 

Advisor
Sean M.
Posts: 36
Registered: ‎05-04-2010
Message 3 of 3 (483 Views)

Re: issues with SSH on HP-UX 11.23

I ended up waiting until the next release of OpenSSL was available and installed "A.00.09.08y.002" on the affected server.  I also removed the 0.9.8k version, as that appears to be an old version.  After updating/removing depots, the errors being generated stopped appearing in syslog.log.

 

I went back and did an md5 on the old openssl package and it appers to be a corrupt download.

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.