<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2653.12">
<TITLE>RE: openssh on HPUX 11i</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=2>I'm curious as to why OpenSSH would require IPV6?</FONT>
</P>
<P><FONT SIZE=2>Here is the error I get when trying to SSH from an HP-UX 11i system to an HP-UX 11.00 system. Both systems are running OpenSSH 3.4p1.</FONT></P>
<P><FONT SIZE=2>[hhlablu3:/home/lovelanm] ssh -v -v -v -p 22 hhlablu5.tnt.agedwards.com </FONT>
<BR><FONT SIZE=2>OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090603f</FONT>
<BR><FONT SIZE=2>debug1: Reading configuration data /opt/openssh/etc/ssh_config</FONT>
<BR><FONT SIZE=2>debug1: Applying options for *</FONT>
<BR><FONT SIZE=2>debug3: cipher ok: aes192-cbc [aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc,aes128-cbc]</FONT>
<BR><FONT SIZE=2>debug3: cipher ok: aes256-cbc [aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc,aes128-cbc]</FONT>
<BR><FONT SIZE=2>debug3: cipher ok: blowfish-cbc [aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc,aes128-cbc]</FONT>
<BR><FONT SIZE=2>debug3: cipher ok: 3des-cbc [aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc,aes128-cbc]</FONT>
<BR><FONT SIZE=2>debug3: cipher ok: aes128-cbc [aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc,aes128-cbc]</FONT>
<BR><FONT SIZE=2>debug3: ciphers ok: [aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc,aes128-cbc]</FONT>
<BR><FONT SIZE=2>debug3: Seeding PRNG from /opt/openssh/libexec/ssh-rand-helper</FONT>
<BR><FONT SIZE=2>debug1: Rhosts Authentication disabled, originating port will not be trusted.</FONT>
<BR><FONT SIZE=2>debug1: ssh_connect: needpriv 0</FONT>
<BR><FONT SIZE=2>ssh: hhlablu5.tnt.agedwards.com: host nor service provided, or not known</FONT>
</P>
<P><FONT SIZE=2>There don't appear to be any issues with sshd running on the 11i server. I can ssh/scp/sftp to it normally.</FONT>
</P>
<P><FONT SIZE=2>I really don't want to have to put the IPV6 package on all my boxes, so if someone knows of a workaround, that would be great.</FONT></P>
<P><FONT SIZE=2>Thanks,</FONT>
<BR><FONT SIZE=2>Matt Loveland</FONT>
<BR><FONT SIZE=2>Unix Architect, NetEffects, Inc.</FONT>
</P>
<P><FONT SIZE=2> -----Original Message-----</FONT>
<BR><FONT SIZE=2>From: Tom Lieuallen [<A HREF="mailto:toml@engr.orst.edu">mailto:toml@engr.orst.edu</A>] </FONT>
<BR><FONT SIZE=2>Sent: Monday, August 05, 2002 10:25 AM</FONT>
<BR><FONT SIZE=2>To: openssh-unix-dev@mindrot.org</FONT>
<BR><FONT SIZE=2>Subject: openssh on HPUX 11i</FONT>
</P>
<BR>
<P><FONT SIZE=2>In case this hasn't already been reported or discussed...</FONT>
</P>
<P><FONT SIZE=2>It took some doing for me to get openssh working on HPUX 11i.</FONT>
<BR><FONT SIZE=2>The fixes are quite simple. First, one must have the IPV6</FONT>
<BR><FONT SIZE=2>package installed:</FONT>
</P>
<P><FONT SIZE=2>em 512# swlist -l product | grep IPV6</FONT>
<BR><FONT SIZE=2> IPV6AA A.01.01.5D IPv6 11i product </FONT>
</P>
<P><FONT SIZE=2>Second, I have to edit config.h to undefine HAVE_GETADDRINFO.</FONT>
</P>
<P><FONT SIZE=2>Without IPV6, ssh can't connect to remote hosts. I don't recall,</FONT>
<BR><FONT SIZE=2>but sshd might still function. Without undefining HAVE_GETADDRINFO,</FONT>
<BR><FONT SIZE=2>X11 doesn't work. It won't setup the virtual display and set DISPLAY.</FONT>
</P>
<P><FONT SIZE=2>On a different note, our /usr/local is in NFS, and as we absolutely</FONT>
<BR><FONT SIZE=2>depend on SSH (no telnet or rsh), we install ssh locally in /usr.</FONT>
<BR><FONT SIZE=2>But, our openssl is installed in /usr/local. Every time I compile</FONT>
<BR><FONT SIZE=2>openssh I have to remember to edit the Makefile and set options so</FONT>
<BR><FONT SIZE=2>that libcrypto (and libz on solaris) are linked staticly. This is</FONT>
<BR><FONT SIZE=2>really an environment issue/challenge, but I wouldn't be surprised if</FONT>
<BR><FONT SIZE=2>others encounter it as well. It might be a nice addition to a howto</FONT>
<BR><FONT SIZE=2>or readme if people don't feel it is worth addressing with configure. :-)</FONT>
</P>
<P><FONT SIZE=2>I don't read this list, so if there is any desire to mail back,</FONT>
<BR><FONT SIZE=2>do so separately. :-)</FONT>
</P>
<P><FONT SIZE=2>Thank you</FONT>
</P>
<P><FONT SIZE=2>Tom Lieuallen</FONT>
<BR><FONT SIZE=2>Oregon State University</FONT>
<BR><FONT SIZE=2>_______________________________________________</FONT>
<BR><FONT SIZE=2>openssh-unix-dev@mindrot.org mailing list</FONT>
<BR><FONT SIZE=2><A HREF="http://www.mindrot.org/mailman/listinfo/openssh-unix-dev" TARGET="_blank">http://www.mindrot.org/mailman/listinfo/openssh-unix-dev</A></FONT>
</P>
<CODE><FONT SIZE=3><BR>
<BR>
***********************************************************************************<BR>
WARNING: All e-mail sent to and from this address will be received or<BR>
otherwise recorded by the A.G. Edwards corporate e-mail system and is<BR>
subject to archival, monitoring or review by, and/or disclosure to,<BR>
someone other than the recipient.<BR>
************************************************************************************<BR>
</FONT></CODE></BODY>
</HTML>