In case this hasn't already been reported or discussed... It took some doing for me to get openssh working on HPUX 11i. The fixes are quite simple. First, one must have the IPV6 package installed: em 512# swlist -l product | grep IPV6 IPV6AA A.01.01.5D IPv6 11i product Second, I have to edit config.h to undefine HAVE_GETADDRINFO. Without IPV6, ssh can't connect to remote hosts. I don't recall, but sshd might still function. Without undefining HAVE_GETADDRINFO, X11 doesn't work. It won't setup the virtual display and set DISPLAY. On a different note, our /usr/local is in NFS, and as we absolutely depend on SSH (no telnet or rsh), we install ssh locally in /usr. But, our openssl is installed in /usr/local. Every time I compile openssh I have to remember to edit the Makefile and set options so that libcrypto (and libz on solaris) are linked staticly. This is really an environment issue/challenge, but I wouldn't be surprised if others encounter it as well. It might be a nice addition to a howto or readme if people don't feel it is worth addressing with configure. :-) I don't read this list, so if there is any desire to mail back, do so separately. :-) Thank you Tom Lieuallen Oregon State University
I'm curious as to why OpenSSH would require IPV6? Here is the error I get when trying to SSH from an HP-UX 11i system to an HP-UX 11.00 system. Both systems are running OpenSSH 3.4p1. [hhlablu3:/home/lovelanm] ssh -v -v -v -p 22 hhlablu5.tnt.agedwards.com OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090603f debug1: Reading configuration data /opt/openssh/etc/ssh_config debug1: Applying options for * debug3: cipher ok: aes192-cbc [aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc,aes128-cbc] debug3: cipher ok: aes256-cbc [aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc,aes128-cbc] debug3: cipher ok: blowfish-cbc [aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc,aes128-cbc] debug3: cipher ok: 3des-cbc [aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc,aes128-cbc] debug3: cipher ok: aes128-cbc [aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc,aes128-cbc] debug3: ciphers ok: [aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc,aes128-cbc] debug3: Seeding PRNG from /opt/openssh/libexec/ssh-rand-helper debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: ssh_connect: needpriv 0 ssh: hhlablu5.tnt.agedwards.com: host nor service provided, or not known There don't appear to be any issues with sshd running on the 11i server. I can ssh/scp/sftp to it normally. I really don't want to have to put the IPV6 package on all my boxes, so if someone knows of a workaround, that would be great. Thanks, Matt Loveland Unix Architect, NetEffects, Inc. -----Original Message----- From: Tom Lieuallen [mailto:toml at engr.orst.edu] Sent: Monday, August 05, 2002 10:25 AM To: openssh-unix-dev at mindrot.org Subject: openssh on HPUX 11i In case this hasn't already been reported or discussed... It took some doing for me to get openssh working on HPUX 11i. The fixes are quite simple. First, one must have the IPV6 package installed: em 512# swlist -l product | grep IPV6 IPV6AA A.01.01.5D IPv6 11i product Second, I have to edit config.h to undefine HAVE_GETADDRINFO. Without IPV6, ssh can't connect to remote hosts. I don't recall, but sshd might still function. Without undefining HAVE_GETADDRINFO, X11 doesn't work. It won't setup the virtual display and set DISPLAY. On a different note, our /usr/local is in NFS, and as we absolutely depend on SSH (no telnet or rsh), we install ssh locally in /usr. But, our openssl is installed in /usr/local. Every time I compile openssh I have to remember to edit the Makefile and set options so that libcrypto (and libz on solaris) are linked staticly. This is really an environment issue/challenge, but I wouldn't be surprised if others encounter it as well. It might be a nice addition to a howto or readme if people don't feel it is worth addressing with configure. :-) I don't read this list, so if there is any desire to mail back, do so separately. :-) Thank you Tom Lieuallen Oregon State University _______________________________________________ openssh-unix-dev at mindrot.org mailing list http://www.mindrot.org/mailman/listinfo/openssh-unix-dev *********************************************************************************** WARNING: All e-mail sent to and from this address will be received or otherwise recorded by the A.G. Edwards corporate e-mail system and is subject to archival, monitoring or review by, and/or disclosure to, someone other than the recipient. ************************************************************************************ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20020805/16ddfe3e/attachment.html
On Mon, Aug 05, 2002 at 08:25:28AM -0700, Tom Lieuallen wrote:> In case this hasn't already been reported or discussed... > > It took some doing for me to get openssh working on HPUX 11i. > The fixes are quite simple. First, one must have the IPV6 > package installed: > > em 512# swlist -l product | grep IPV6 > IPV6AA A.01.01.5D IPv6 11i productThat should not be true. see: http://bugzilla.mindrot.org/show_bug.cgi?id=239 HP created a lot of frustration for its customers by releasing a libc patch that added getaddrinfo() and friends but does not work unless ipv6 is installed. I informed Mike Huey at HP about all this back in May. I do not know if there are patches to fix the issues and was not provided any defect IDs. You need to talk to HP support.> Second, I have to edit config.h to undefine HAVE_GETADDRINFO. > > Without IPV6, ssh can't connect to remote hosts. I don't recall, > but sshd might still function. Without undefining HAVE_GETADDRINFO, > X11 doesn't work. It won't setup the virtual display and set DISPLAY.It sounds like even with ipv6 the HP getaddrinfo() is not working.> On a different note, our /usr/local is in NFS, and as we absolutely > depend on SSH (no telnet or rsh), we install ssh locally in /usr. > But, our openssl is installed in /usr/local. Every time I compile > openssh I have to remember to edit the Makefile and set options so > that libcrypto (and libz on solaris) are linked staticly. This is > really an environment issue/challenge, but I wouldn't be surprised if > others encounter it as well. It might be a nice addition to a howto > or readme if people don't feel it is worth addressing with configure. :-)Or just don't build shared versions, that is what I do: http://www.atomicgears.com/papers/osshhpux.html
What are the consequences of doing the undefine HAVE_GETADDRINFO? I also saw this in the HP Forums so I'll post a follow-up message there as well as logging a support call with HP. Thanks, Matt Matt Loveland TS/Unix Architecture E4-C-36R 314.955.9218 -----Original Message----- From: Kevin Steves [mailto:kevin at atomicgears.com] Sent: Monday, August 05, 2002 1:01 PM To: Tom Lieuallen Cc: openssh-unix-dev at mindrot.org; stevesk at pobox.com Subject: Re: openssh on HPUX 11i On Mon, Aug 05, 2002 at 08:25:28AM -0700, Tom Lieuallen wrote:> In case this hasn't already been reported or discussed... > > It took some doing for me to get openssh working on HPUX 11i. > The fixes are quite simple. First, one must have the IPV6 > package installed: > > em 512# swlist -l product | grep IPV6 > IPV6AA A.01.01.5D IPv6 11i productThat should not be true. see: http://bugzilla.mindrot.org/show_bug.cgi?id=239 HP created a lot of frustration for its customers by releasing a libc patch that added getaddrinfo() and friends but does not work unless ipv6 is installed. I informed Mike Huey at HP about all this back in May. I do not know if there are patches to fix the issues and was not provided any defect IDs. You need to talk to HP support.> Second, I have to edit config.h to undefine HAVE_GETADDRINFO. > > Without IPV6, ssh can't connect to remote hosts. I don't recall, > but sshd might still function. Without undefining HAVE_GETADDRINFO, > X11 doesn't work. It won't setup the virtual display and set DISPLAY.It sounds like even with ipv6 the HP getaddrinfo() is not working.> On a different note, our /usr/local is in NFS, and as we absolutely > depend on SSH (no telnet or rsh), we install ssh locally in /usr. > But, our openssl is installed in /usr/local. Every time I compile > openssh I have to remember to edit the Makefile and set options so > that libcrypto (and libz on solaris) are linked staticly. This is > really an environment issue/challenge, but I wouldn't be surprised if > others encounter it as well. It might be a nice addition to a howto > or readme if people don't feel it is worth addressing with configure. :-)Or just don't build shared versions, that is what I do: http://www.atomicgears.com/papers/osshhpux.html _______________________________________________ openssh-unix-dev at mindrot.org mailing list http://www.mindrot.org/mailman/listinfo/openssh-unix-dev *********************************************************************************** WARNING: All e-mail sent to and from this address will be received or otherwise recorded by the A.G. Edwards corporate e-mail system and is subject to archival, monitoring or review by, and/or disclosure to, someone other than the recipient. ************************************************************************************ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20020805/33d540bc/attachment.html