INFO-VAX Mon, 28 Apr 2008 Volume 2008 : Issue 237 Contents: Re: 8.3 Alpha Upgrade Tips Re: 8.3 Alpha Upgrade Tips DEC-BASIC Capablities Re: DEC-BASIC Capablities Re: DEC-BASIC Capablities Re: DEC-BASIC Capablities Re: DEC-BASIC Capablities Odd backup corruption Re: scripting a telnet session to VMS Re: scripting a telnet session to VMS ssh hostkey file location Re: ssh hostkey file location Re: ssh hostkey file location Re: ssh hostkey file location Re: ssh hostkey file location Re: ssh hostkey file location Re: Time synchronization ---------------------------------------------------------------------- Date: Mon, 28 Apr 2008 10:15:10 +0100 From: Mike Subject: Re: 8.3 Alpha Upgrade Tips Message-ID: On Sun, 27 Apr 2008, bradhamilton wrote: > Mike wrote: >> Upgrading from Alpha 7.3 to 8.3... any special hints/tips? >> > Without knowing any more detail about your environment, I would take the > "virgin" DS10L and do a fresh V8.3 install on it. Hi Brad, but which type of install - standalone/non-clustered/clustered? > > Your post implies that there is another Alpha system with some version of > V7.3-N. The existing DS10L, the "live" referred to, is running 7.3 period and 7.3 to 8.3 is not a supported migration pair. > If N=2, I *think* you can cluster the two systems without difficulty, > and then upgrade to V8.3 at your leisure The virgin DS10L will be 7.3..7.3-2 so could conceivably be clustered to the existing live one running 7.3 but would defeat the object of making use of an intermediate non-live system to go from 7.3 to 8.3. Rephrasing the original question, if you had a choice, would you upgrade 7.3 to 8.3 (possibly requiring an intermediate upgrade) or re-build live onto 8.3? > (or alternatively, create another system root on the DS10L system disk, > and boot the other machine into that root, .. The disks aren't big, 9GB COMPAQ BB009222B5s, albeit only 1/3 full, but would prefer a less risky strategy. Julie Altswitch detailed a cloned If using a second disk made it so much easier, I'd certainly consider it, though it's not like the capacity's actually needed. > My suppositions assume that you might have "other" disks on the systems, > and have segregated your applications and their associated data from > the system disks. If the system disks are the only disks, your task > becomes more complicated, but still possible. Different approaches > might be needed, depending on your scheme. Exactly, which is why I'm asking here to seek the benefit of experience. Each DS10L is single-disked with the OS and "applications" co-resident. Its probably more trouble than its worth to migrate the freeware, and the approach taken recently on another OS upgrade was simply to install new packages of the freeware onto the new box running the later OS. There's only one licenced app to truly migrate 7.3 to 8.3, but even that will be a reinstall. Data is elsewhere... I put-off the other-OS upgrade untill I had a spare, intermediate, box and used the fresh install migrate stuff over approach which never involves actually doing an OS upgrade. I found I abused the leisurely approach it makes possible. The last 10% of stuff on old "live" never got migrated so the old "live" still hasn't been switched off, wiped, been given a fresh install of the latest OS and made a spare/test - an approach advocated here in c.o.v. recently. With the other OS, the "upgrade" was a migration to bigger hardware running a fresh install of the later OS. Here, both boxes are identical which is why I raised the additional question/complication of clustering. Its not a "must-have". Certainly processing power is not an issue. Resilience/redundancy is. ------------------------------ Date: Mon, 28 Apr 2008 16:40:31 GMT From: =?ISO-8859-1?Q?Jan-Erik_S=F6derholm?= Subject: Re: 8.3 Alpha Upgrade Tips Message-ID: <36nRj.6680$R_4.5297@newsb.telia.net> Mike wrote: > Rephrasing the original question, if you had a choice, would you > upgrade 7.3 to 8.3 (possibly requiring an intermediate upgrade) or > re-build live onto 8.3? That's highly dependant on what's on the sys-disk ! Note that by doing an "Upgrade" you keep not only any applications on the disk, but also all users, queues and other OS-setups. *I* would probably do two upgrades (if needed, and if I had access to the medias needed). If it was an newly installed never-used 7.3 system, that one could just install 8.3 over it. Jan-Erik. ------------------------------ Date: Mon, 28 Apr 2008 07:21:34 -0700 (PDT) From: Steve Pisani Subject: DEC-BASIC Capablities Message-ID: <60abd1e3-674d-452f-ad33-2e0ffa83907b@y38g2000hsy.googlegroups.com> Hi, I'm relatively new to this environment, so I'm hoping to get some info from this forum. On one side I have an application running on OpenVMS written in DEC- BASIC which maintains RMS files. On the other side I have a relational DB (Cache from InterSystems) The relational DB allows me to extract/update information into it via a number of methods, namely, via ODBC calls, or programs written in C, C++, Java, .NET... and other technologies. The task is to modify the DEC-BASIC information such that I can send data to the relational Database. Whilst I know the capabilities afforded to me by the rdbms side, I do not knwo what capabilities DEC- BASIC has. so - 1/ Does DEC-BASIC have commands that allow me to make ODBC calls ? If so - what do I need to set this up? 2/ Can a DEC-BASIC program call a C++ program ? If so - does this need to be "linked" in with the BASIC object. 3/ Can a DEC-BASIC program call a Java program ? Any feedback appreciated.. Thanks Steve ------------------------------ Date: Mon, 28 Apr 2008 11:46:04 -0400 From: "Richard B. Gilbert" Subject: Re: DEC-BASIC Capablities Message-ID: Steve Pisani wrote: > Hi, > > I'm relatively new to this environment, so I'm hoping to get some info > from this forum. > > On one side I have an application running on OpenVMS written in DEC- > BASIC which maintains RMS files. > On the other side I have a relational DB (Cache from InterSystems) > > The relational DB allows me to extract/update information into it via > a number of methods, namely, via ODBC calls, or programs written in C, > C++, Java, .NET... and other technologies. > > The task is to modify the DEC-BASIC information such that I can send > data to the relational Database. Whilst I know the capabilities > afforded to me by the rdbms side, I do not knwo what capabilities DEC- > BASIC has. > > so - > > 1/ Does DEC-BASIC have commands that allow me to make ODBC calls ? If > so - what do I need to set this up? Yes. Just call your ODBC routine as you would any other BASIC subroutine. You will need to link with the library containing it. Never done it. You may need to tell the linker where to find it. > 2/ Can a DEC-BASIC program call a C++ program ? Yes > If so - does this need > to be "linked" in with the BASIC object. Yes. > 3/ Can a DEC-BASIC program call a Java program ? I don't think so but I'm not really an expert on anything to do with Java. You would probably have to call LIB$SPAWN to create a process to run the Java interpreter. ------------------------------ Date: Mon, 28 Apr 2008 16:16:28 GMT From: =?ISO-8859-1?Q?Jan-Erik_S=F6derholm?= Subject: Re: DEC-BASIC Capablities Message-ID: Steve Pisani wrote: > Hi, > > I'm relatively new to this environment, so I'm hoping to get some info > from this forum. > > On one side... What is a "side" ??? > I have an application running on OpenVMS written in DEC- > BASIC which maintains RMS files. > On the other side I have a relational DB (Cache from InterSystems) > > The relational DB allows me to extract/update information into it via > a number of methods, namely, via ODBC calls, or programs written in C, > C++, Java, .NET... and other technologies. > > The task is to modify the DEC-BASIC information... Are you talking about the RMS files ? That isn't "DEC-BASIC information" as such, it just RMS files... > such that I can send > data to the relational Database. Whilst I know the capabilities > afforded to me by the rdbms side, I do not knwo what capabilities DEC- > BASIC has. > > so - > > 1/ Does DEC-BASIC have commands that allow me to make ODBC calls ? If > so - what do I need to set this up? Are you talking about ODBC calls from say a Windows environment ? Or local ODBC calls on the VMS system ? There is (was?) some kind of driver that would let you make ODBC calls from a PC to RMS files just as to any other "database". It *might* have been throught the "Transparent Gateway For RMS" that once was part of Rdb. I think that you should have less focus on DEC-BASIC and look closer at your RMS files instead. Is this a one-time conversion ? Or what functionality do you need? Transactions? 2PC between RMS and Caché? Jan-Erik. > 2/ Can a DEC-BASIC program call a C++ program ? If so - does this need > to be "linked" in with the BASIC object. > 3/ Can a DEC-BASIC program call a Java program ? > > Any feedback appreciated.. > > Thanks > > Steve ------------------------------ Date: Mon, 28 Apr 2008 09:38:20 -0700 (PDT) From: k.rollman@gmail.com Subject: Re: DEC-BASIC Capablities Message-ID: <778014a8-c77a-40ef-bccf-28e40a6cdcc6@c58g2000hsc.googlegroups.com> On Apr 28, 8:21 am, Steve Pisani wrote: > Hi, > > I'm relatively new to this environment, so I'm hoping to get some info > from this forum. > > On one side I have an application running on OpenVMS written in DEC- > BASIC which maintains RMS files. > On the other side I have a relational DB (Cache from InterSystems) > > The relational DB allows me to extract/update information into it via > a number of methods, namely, via ODBC calls, or programs written in C, > C++, Java, .NET... and other technologies. > > The task is to modify the DEC-BASIC information such that I can send > data to the relational Database. Whilst I know the capabilities > afforded to me by the rdbms side, I do not knwo what capabilities DEC- > BASIC has. > > so - > > 1/ Does DEC-BASIC have commands that allow me to make ODBC calls ? If > so - what do I need to set this up? No, at least not natively. There may be some third party software available that gives the capability. > 2/ Can a DEC-BASIC program call a C++ program ? If so - does this need > to be "linked" in with the BASIC object. Yes. You can CHAIN to another program, or call modules written in c/c+ +. See http://h71000.www7.hp.com/doc/82final/5973/5973PRO.HTML. > 3/ Can a DEC-BASIC program call a Java program ? Yes. See answer to 1. If you are going to call JAVA modules, you will need to write c/c++ wrapper(s) to expose the JAVA functions in a way Basic can pass any arguments needed. With the WSIT toolkit you can go JAVA->Basic, but the last time I looked at it, it did not provide any help going the other way. ------------------------------ Date: 28 Apr 2008 13:20:42 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: DEC-BASIC Capablities Message-ID: In article <60abd1e3-674d-452f-ad33-2e0ffa83907b@y38g2000hsy.googlegroups.com>, Steve Pisani writes: > > 1/ Does DEC-BASIC have commands that allow me to make ODBC calls ? If > so - what do I need to set this up? I might be possible that the ODBC API was written in such a way as not to be directly callable form BASIC, but I doubt it. > 2/ Can a DEC-BASIC program call a C++ program ? If so - does this need > to be "linked" in with the BASIC object. Yes, you can mix all native languages on VMS. All the objects must be linked together no matter what language(s) the source is in. > 3/ Can a DEC-BASIC program call a Java program ? Yes. The JNI for calling Java from native languages and the tools that support it are for C, but you can interface between C and BASIC. What you won't find is the tools or API definitions for working directly in BASIC. There is a VMS document on modular programming, and sections of each compiler's Users Guide which will help you with everything except the JNI. The JNI documentation is downloadable with the JDK documnetion. ------------------------------ Date: Mon, 28 Apr 2008 16:01:06 +0100 From: Tom Wade Subject: Odd backup corruption Message-ID: Greetings, I've seen the following bizarre situation with BACKUP on an Alpha PS 433au. OpenVMS7.3-2 with UPDATE 12 (which includes BACKUP 7). $ copy temp-input.ps temp-copy.ps $ diff temp-input.ps temp-copy.ps Number of difference sections found: 0 Number of difference records found: 0 DIFFERENCES /IGNORE=()/MERGED=1- DKA0:[TEMP]TEMP-INPUT.PS;1- DKA0:[TEMP]TEMP-COPY.PS;2 SO far so good. Similar result for CONVERT. Now for BACKUP $ backup temp-input.ps temp-backup.ps $ diff temp-input.ps temp-backup.ps File DKA0:[TEMP]TEMP-INPUT.PS;1 119 GetPageDeviceName @ type @/nametype ne ~/stringtype ne and{!/none}if(.)5 120 -1 1{^ length add}for string 6 1 $ 5 ^ 5{~ 1 ^ cvs length 1 ^ length 1 ^ ****** File DKA0:[TEMP]TEMP-BACKUP.PS;1 119 GetPageD @/nametype ne ~/stringtype ne and{!/none}if(.)5 120 -1 1{^ length add}for string 6 1 $ 5 ^ 5{~ 1 ^ cvs length 1 ^ length 1 ^ ************ ************ File DKA0:[TEMP]TEMP-INPUT.PS;1 300 ex cy flipXY -1 eq {exch} if itransform pop 301 x2 sub /eShift exch def ****** File DKA0:[TEMP]TEMP-BACKUP.PS;1 300 eeviceName @ typeq {exch} if itransform pop 301 x2 sub /eShift exch def ************ %DIFF-F-READERR, error reading DKA0:[TEMP]TEMP-BACKUP.PS;1 -RMS-W-RTB, 26988 byte record too large for user's buffer The file produced is the same size, and has the same RMS attributes File Organization: sequential Record Format: variable Record Attributes: carriage-return Maximum Record Size: 0 Longest Record: 153 Blocks Allocated: 600, Default Extend Size: 0 End-of-File VBN: 542, Offset: %X'008A' File Monitoring: disabled File Length Hint (Record Count): -1 (invalid) File Length Hint (Data Byte Count): -1 (invalid) Global Buffer Count: 0 However, the file is corrupted. I also noticed the following: 1. The problem arises when trying to copy a file (as above), or extracting a file from a Backup saveset. Writing a backup saveset is OK, as I can move the newly created saveset to another machine, and unpack the file successfully there. 2. The problem occurs irrespective of which disk (there are two) is used. 3. I tried copying over the BACKUP.EXE and BACKUPSHR.EXE from another 7.3-2 machine (with UPDATE 4) and the same thing happens. The problem does not occur on this second machine (I remembered to INSTALL REPLACE). 4. SHOW ERROR produces NOERRORS (no device errors found). I am somewhat perplexed. Silent corruption from BACKUP is not something I would have expected. Has anyone seen anything like this ? --------------------------------------------------------- Tom Wade | EMail: tee dot wade at eurokom dot ie EuroKom | Tel: +353 (1) 296-9696 A2, Nutgrove Office Park | Fax: +353 (1) 296-9697 Rathfarnham | Disclaimer: This is not a disclaimer Dublin 14 | Tip: "Friends don't let friends do Unix !" Ireland ------------------------------ Date: Mon, 28 Apr 2008 14:09:14 +0000 (UTC) From: david20@alpha2.mdx.ac.uk Subject: Re: scripting a telnet session to VMS Message-ID: In article <4814d72c$0$90263$14726298@news.sunsite.dk>, =?ISO-8859-1?Q?Arne_Vajh=F8j?= writes: >david20@alpha2.mdx.ac.uk wrote: >> In article <480169ae$0$90272$14726298@news.sunsite.dk>, =?ISO-8859-1?Q?Arne_Vajh=F8j?= writes: >>> david20@alpha1.mdx.ac.uk wrote: >>>> In article <47ec1994$0$90276$14726298@news.sunsite.dk>, =?ISO-8859-1?Q?Arne_Vajh=F8j?= writes: >>>>> VAXman- @SendSpamHere.ORG wrote: >>>>>> Cygwin is a Weendoze terminal emulator? >>>>> Cygwin is a *nix shell + utilities + libraries for Windows. >>>>> >>>>>> I can't believe you'd be so lax >>>>>> with system security to have username and password to a VMS machine hard- >>>>>> coded into a script that any hacker who gets into the Weendoze box could >>>>>> exploit. >>>>> The risk of hacking is probably lower than for most OS'es. >>>>> >>>> Well I suppose you could argue that there are so many unpatched badly mismanaged >>>> Windows systems out there that you have to be unlucky for someone to pick on >>>> your machine to hack into. >>> Most desktop Windows systems are not running a >>> telnet/FTP/SSH/HTTP/whatever server. >>> >>> As a result they are for all practical purposes never hacked. >>> >> Lots of malware opens up backdoor ports and some of those run public-domain >> ftp server software on those ports. > >That is not hacking unless the malware is targeted against a >specific PC. > I've seen tons of desktop "classroom" PCs which were infected with backdoor programs by students so that they could show off by ejecting the CD or controlling the machine in some otherway remotely. These were definitely targeted at the machines in those particular classrooms and used programs such as B02K, Sub7 etc etc That was obviously sometime ago and those particular backdoors would be picked up by modern anti-virus scanners. We also put in place software which resets the classroom PCs back to a default state on reboot which rather reduced the period during which such tricks could be played hence the students haven't been bothering with that for a while. From a hacker perspective installing a RAT on a user's PC and recording his keystrokes whilst he logs in through the company firewall would definitely be a better option than directly attacking the firewall. >> Also wormable vulnerabilities (ie those where no user intervention is >> necessary and the patch states that it may allow remote code execution >> are just as vulnerable to hackers as they are to having a worm written >> for them). > >Sure. > >It is definitely possible. But it just never seems to happen in >real life. > Just because you haven't heard of it happening does mean that it never happens. As referred to above a user's desktop PC may be a great route for hacking other systems. There have also been a number of cases where after a court case involving pornography the defendent has been declared innocent since the computer involved had backdoor programs installed on it which could have been used to plant the pictures. "A landmark trial recently found that illegal pornography had been placed on an innocent man's computer by a trojan program..." From BEWARE TROJAN'S BEARING GIFS by NEIL BARRETT, IT WEKK 03 JUN 2003 Mark Rasch of SecurityFocus has pointed out "In late December 2003, companies around the world began to report a new kind of cyber-attack that had been apparently going on for about a year. Cyber extortionists (reportedly from Eastern Europe) threatened to "plant" child pornography on their computers and then call the cops if they didn't agree to pay a small fee." David Webb Security team leader CCSS Middlesex University >Arne ------------------------------ Date: Mon, 28 Apr 2008 15:20:15 +0000 (UTC) From: david20@alpha2.mdx.ac.uk Subject: Re: scripting a telnet session to VMS Message-ID: In article , david20@alpha2.mdx.ac.uk writes: >In article <4814d72c$0$90263$14726298@news.sunsite.dk>, =?ISO-8859-1?Q?Arne_Vajh=F8j?= writes: >>david20@alpha2.mdx.ac.uk wrote: >>> In article <480169ae$0$90272$14726298@news.sunsite.dk>, =?ISO-8859-1?Q?Arne_Vajh=F8j?= writes: >>>> david20@alpha1.mdx.ac.uk wrote: >>>>> In article <47ec1994$0$90276$14726298@news.sunsite.dk>, =?ISO-8859-1?Q?Arne_Vajh=F8j?= writes: >>>>>> VAXman- @SendSpamHere.ORG wrote: >>>>>>> Cygwin is a Weendoze terminal emulator? >>>>>> Cygwin is a *nix shell + utilities + libraries for Windows. >>>>>> >>>>>>> I can't believe you'd be so lax >>>>>>> with system security to have username and password to a VMS machine hard- >>>>>>> coded into a script that any hacker who gets into the Weendoze box could >>>>>>> exploit. >>>>>> The risk of hacking is probably lower than for most OS'es. >>>>>> >>>>> Well I suppose you could argue that there are so many unpatched badly mismanaged >>>>> Windows systems out there that you have to be unlucky for someone to pick on >>>>> your machine to hack into. >>>> Most desktop Windows systems are not running a >>>> telnet/FTP/SSH/HTTP/whatever server. >>>> >>>> As a result they are for all practical purposes never hacked. >>>> >>> Lots of malware opens up backdoor ports and some of those run public-domain >>> ftp server software on those ports. >> >>That is not hacking unless the malware is targeted against a >>specific PC. >> >I've seen tons of desktop "classroom" PCs which were infected with backdoor >programs by students so that they could show off by ejecting the CD or >controlling the machine in some otherway remotely. These were definitely >targeted at the machines in those particular classrooms and used programs such >as B02K, Sub7 etc etc > >That was obviously sometime ago and those particular backdoors would be picked >up by modern anti-virus scanners. We also put in place software which resets >the classroom PCs back to a default state on reboot which rather reduced the >period during which such tricks could be played hence the students haven't been >bothering with that for a while. > >From a hacker perspective installing a RAT on a user's PC and recording his >keystrokes whilst he logs in through the company firewall would definitely >be a better option than directly attacking the firewall. > > >>> Also wormable vulnerabilities (ie those where no user intervention is >>> necessary and the patch states that it may allow remote code execution >>> are just as vulnerable to hackers as they are to having a worm written >>> for them). >> >>Sure. >> >>It is definitely possible. But it just never seems to happen in >>real life. >> >Just because you haven't heard of it happening does mean that it never >happens. That should obviously have been " Just because you haven't heard of it happening doesn't mean that it never happens. " David Webb Security team leader CCSS Middlesex University >As referred to above a user's desktop PC may be a great route for hacking other >systems. > >There have also been a number of cases where after a court case involving >pornography the defendent has been declared innocent since the computer >involved had backdoor programs installed on it which could have been used to >plant the pictures. > >"A landmark trial recently found that illegal pornography had been placed on an >innocent man's computer by a trojan program..." > >From >BEWARE TROJAN'S BEARING GIFS by NEIL BARRETT, IT WEKK 03 JUN 2003 > > >Mark Rasch of SecurityFocus has pointed out > >"In late December 2003, companies around the world began to report a new kind >of cyber-attack that had been apparently going on for about a year. Cyber >extortionists (reportedly from Eastern Europe) threatened to "plant" child >pornography on their computers and then call the cops if they didn't agree to >pay a small fee." > > > > > >David Webb >Security team leader >CCSS >Middlesex University > > >>Arne ------------------------------ Date: Mon, 28 Apr 2008 14:18:54 +0100 From: Anton Shterenlikht Subject: ssh hostkey file location Message-ID: <20080428131854.GA79278@mech-aslap33.men.bris.ac.uk> How can I find the SSH2 hostkey of a VMS node, i.e. the one that is being copied to known_hosts when you first connect? I'd like to share the hostkey between all nodes in a VMS cluster. At present I've a problem with failsafe IP, because the key in known_hosts doesn't match after a node goes down and its IP fails over to another node. I cannot see any better way than to delete known_hosts (or edit) in this case. If I've identical hostkeys for all nodes in the cluster, this wouldn't happen, right? And I cannot seea any downsides of this approach. I just cannot find the location of the hostkey. many thanks anton -- Anton Shterenlikht Room 2.6, Queen's Building Mech Eng Dept Bristol University University Walk, Bristol BS8 1TR, UK Tel: +44 (0)117 928 8233 Fax: +44 (0)117 929 4423 ------------------------------ Date: Mon, 28 Apr 2008 08:41:49 -0500 (CDT) From: sms@antinode.org (Steven M. Schweda) Subject: Re: ssh hostkey file location Message-ID: <08042808414987_2020CE0A@antinode.org> From: Anton Shterenlikht > How can I find the SSH2 hostkey of a VMS node, i.e. the one that is being > copied to known_hosts when you first connect? SYS$MANAGER:TCPIP$SSH_RUN.COM suggests tcpip$ssh_device:[tcpip$ssh]. I suspect that the SSH manual would also mention it. ------------------------------------------------------------------------ Steven M. Schweda sms@antinode.org 382 South Warwick Street (+1) 651-699-9818 Saint Paul MN 55105-2547 ------------------------------ Date: Mon, 28 Apr 2008 16:25:28 +0100 From: Anton Shterenlikht Subject: Re: ssh hostkey file location Message-ID: <20080428152528.GA87716@mech-aslap33.men.bris.ac.uk> On Mon, Apr 28, 2008 at 08:41:49AM -0500, Steven M. Schweda wrote: > From: Anton Shterenlikht > > > How can I find the SSH2 hostkey of a VMS node, i.e. the one that is being > > copied to known_hosts when you first connect? > > SYS$MANAGER:TCPIP$SSH_RUN.COM suggests tcpip$ssh_device:[tcpip$ssh]. > > I suspect that the SSH manual would also mention it. Steven, thank you, found it. I think I was misled by M.D.Duffy "Getting Started with OpenVMS, A Guide for New Users", Digital Press 2003, who gives the following examples on p. 88 in section Wildcards for Directory Operations "To search all directories on the disk for any files called ERROR.LOG: $ DIRECTORY [*...]ERROR.LOG ! Excludes MFD $ DIRECTORY [000000...]ERROR.LOG ! Includes MFD" So I presumed that $DIRECTORY [*...]hostskey*.*, would search all of the disk, but it didn't. I have to do $DIRECTORY sys$sysdevice:[*...]hostkey*.* instead. I guess "*" in directory operations means "any subdirectory immediately below the default directory"? Also, I cannot find any ssh manual at hp.com/go/openvms/doc and HELP SSH is very limited. What ssh manual did you mean? thanks anton -- Anton Shterenlikht Room 2.6, Queen's Building Mech Eng Dept Bristol University University Walk, Bristol BS8 1TR, UK Tel: +44 (0)117 928 8233 Fax: +44 (0)117 929 4423 ------------------------------ Date: Mon, 28 Apr 2008 16:30:00 GMT From: Rob Brown Subject: Re: ssh hostkey file location Message-ID: On Mon, 28 Apr 2008, Anton Shterenlikht wrote: > On Mon, Apr 28, 2008 at 08:41:49AM -0500, Steven M. Schweda wrote: >> From: Anton Shterenlikht >> >>> How can I find the SSH2 hostkey of a VMS node, i.e. the one that >>> is being copied to known_hosts when you first connect? >> >> SYS$MANAGER:TCPIP$SSH_RUN.COM suggests >> tcpip$ssh_device:[tcpip$ssh]. >> >> I suspect that the SSH manual would also mention it. > > Steven, thank you, found it. > > I think I was misled by M.D.Duffy "Getting Started with OpenVMS, A > Guide for New Users", Digital Press 2003, who gives the following > examples on p. 88 in section Wildcards for Directory Operations > > "To search all directories on the disk for any files > called ERROR.LOG: > > $ DIRECTORY [*...]ERROR.LOG ! Excludes MFD > $ DIRECTORY [000000...]ERROR.LOG ! Includes MFD" > > So I presumed that $DIRECTORY [*...]hostskey*.*, > would search all of the disk, but it didn't. > I have to do $DIRECTORY sys$sysdevice:[*...]hostkey*.* instead. The difference between "[*...]hostskey*.*", and "sys$sysdevice:[*...]hostkey*.*" is that the latter specifies a device name and the former does not. Do you have more than one disk drive and your default device was not SYS$SYSDEVICE? Type SHOW DEFAULT. Then type SHOW LOGICAL SYS$SYSDEVICE. Or were you logged into an account who's default device was a rooted logical, such as SYSTEM? (Duffy's target audience was probably not "new users who are logged in as SYSTEM". ;-) ) When a rooted logical is used as the device specifier, file system searches do not extend beyond the domain of the rooted logical. > I guess "*" in directory operations means "any subdirectory > immediately below the default directory"? No that's what "[.*" means. "[*" really does search the entire device, but either of the two explanations above can explain your results. If you are coming from a UNIX-like background where all disk drives are hidden from the user and the entire directory tree is under "/", you will find this part of VMS different. On VMS each disk drive is presented to the user separately, as they are in popular Microsoft operating systems. On UNIX, you can search all disk drives for a file with a single command. On VMS, you must repeat the command for each disk drive. hth - Rob -- Rob Brown b r o w n a t g m c l d o t c o m G. Michaels Consulting Ltd. (780)438-9343 (voice) Edmonton (780)437-3367 (FAX) http://gmcl.com/ ------------------------------ Date: Mon, 28 Apr 2008 16:35:08 GMT From: =?ISO-8859-1?Q?Jan-Erik_S=F6derholm?= Subject: Re: ssh hostkey file location Message-ID: <01nRj.6679$R_4.5103@newsb.telia.net> Rob Brown wrote: > On UNIX, you can search all disk drives for a file > with a single command. On VMS, you must repeat the command for each > disk drive. Or create a logical name that is a search-path to all disks and use a single command... Jan-Erik. ------------------------------ Date: 28 Apr 2008 13:14:05 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: ssh hostkey file location Message-ID: In article <20080428152528.GA87716@mech-aslap33.men.bris.ac.uk>, Anton Shterenlikht writes: > I guess "*" in directory operations means "any subdirectory > immediately below the default directory"? No. * in [*...] means all top level directories except the MFD on the current device, all all thier subdirectories. If a logical name is used to create a rooted device it acts like a real device in this manner, it even will simulate the MFD if you specify [000000]. If your default directory is not at the top of a real or rooted device then [*...] will pack up directory levels closer to the MFD than your current default. ------------------------------ Date: Sun, 27 Apr 2008 23:58:25 -0700 (PDT) From: "Bart.Zorn@gmail.com" Subject: Re: Time synchronization Message-ID: <2d16d63c-df92-499e-aeb9-5e484aab6c74@m44g2000hsc.googlegroups.com> Marc, Because of the "if it ain't broken, don't fix it" theorem, we run DTSS on all nodes. In each datacenter, two of the nodes are configured as server, the rest is clerk. Also, in each datacenter, one server also runs the DTSS$PROVIDER_NTP as found in SYS$COMMON: [SYSHLP.EXAMPLES.DTSS]. The only problem is that there is no automatic detection of ntp servers (although I do not know if there is such functionality in ntp at all). When the the network team saw it fit to replace the ntp servers they did not bother to tell us. Regards, Bart Zorn On Apr 25, 3:46 pm, Marc Van Dyck wrote: > What is the most sensible way to synchronize the time in a mid-size > OpenVMS farm today ? > > - Use NTP everywhere and forget the rest ? > - Use DTSS with an NTP time provider ? > - Synchronize time on internet time server ? > - Use a radio time source ? > - ... > > The installation I speak about is made of about 20 systems, some > clustered, some not. Mix Alpha/Itanium. And surrounded by a much > larger population of Unix and Windows systems. > > What are other people over here doing ? > > -- > Marc Van Dyck ------------------------------ End of INFO-VAX 2008.237 ************************