AIX ssh 报错 Failed to open /dev/pkcs11

5020阅读 0评论2011-08-25 phanx
分类:系统运维

========phanx.com========
Author:   phanx
Updated: 2011-8-25
转载请保留作者信息
=========================

AIX6.1 上安装OpenSSL和OpenSSH后发现使用ssh命令报错:
 
  1. # ssh localhost

  3. ***********************************
  4. Error stack trace (1 frames):
  5. ((01)) [C_Initialize] failed at c_init_fini.c:152, rc = 2 (0x2), reason: [Failed to open /dev/pkcs11, reason : No such file or directory
  6. ]

  8. ***********************************

  10. ***********************************
  11. Error stack trace (1 frames):
  12. ((01)) [C_Initialize] failed at c_init_fini.c:152, rc = 2 (0x2), reason: [Failed to open /dev/pkcs11, reason : No such file or directory
  13. ]

  15. ***********************************
  16. root@localhost's password:
 
原来安装的时候装了 PKCS 的包。
 
# lslpp -l | grep pkcs
  security.pkcs11            6.1.5.2  COMMITTED  PKCS11 Device Driver
  security.pkcs11.tools      6.1.5.0  COMMITTED  PKCS11 Key Management Tool
  security.pkcs11            6.1.5.2  COMMITTED  PKCS11 Device Driver
 
用 smit remove 删除 security.pkcs11 和 security.pkcs11.tools 后,恢复。
 
 
 
附 IT Toolbox 上的帖子。
 
I hit the same problem, and the solution is as follows:
Check if you have this:
root@rac14 / > ls -l /dev/pkcs*
cr--r--r-T 1 root system 35, 0 Feb 3 14:49 /dev/pkcs11

root@rac14 / > lslpp -l | grep pkcs
security.pkcs11 7.1.0.1 COMMITTED PKCS11 Device Driver
security.pkcs11 7.1.0.0 COMMITTED PKCS11 Device Driver

Remove the security.pkcs11 package as follows:
installp -u security.pkcs11

Once its installed, startup sshd:
startsrc -s sshd

This should get it working!!

I don't know why the existence of /dev/pkcs11 makes sshd crash, except that it takes a different code path if it exists (I checked with truss output). Anyway, looks like a sshd bug.

- Suriyan

I hit the same issue, but got it working by doing the following:

Somehow sshd is taking a different code path if you have the security.pkcs11 package installed. (truss sshd)
root@rac14 / > lslpp -l | grep pkcs
security.pkcs11 7.1.0.1 COMMITTED PKCS11 Device Driver
security.pkcs11 7.1.0.0 COMMITTED PKCS11 Device Driver

root@rac14 / > ls -l /dev/pkcs11
cr--r--r-T 1 root system 35, 0 Feb 3 14:49 /dev/pkcs11

root@rac14 / > strings /etc/objrepos/Config_Rules | grep pkcs
/usr/sbin/mkdev -l pkcs11

If you uninstall this package: installp -u security.pkcs11
then sshd runs without hitting that illegal instruction.
startsrc -s sshd

Hope this helps!
- Suriyan
上一篇:Informix 无法访问,报mail_close, nsf error:localfd
下一篇:金山词霸“划译”会干扰复制粘贴的内容