OpenSSH may get unquiet for 3000's users
July 15, 2013
Savvy HP 3000 managers who need to move files securely are finding that SFTP works under MPE/iX. But OpenSSH, the root of the open source service for encrypted communication sessions over a computer network, is still short of being fully operational for the HP 3000's environment.
Brian Edminster, the senior consultant at Applied Technologies, explains that "with a bit of work, you could get OpenSSH v 3.7.1p2 working. If I recall correctly, the issue is that 'select' is busted under MPE/iX, and that's what's required for ssh to work correctly."
The fact remains: ssh cannot connect to a remote system and execute commands that produce any output. Ken Hirsch did the original port, but he only really needed the SFTP client -- so the issue with ssh wasn't addressed.
Ken also posted on the 3000-L newsgroup in 2008, asking if there was any interest in getting an ssh and sshd/sftp-server working (server daemon) -- so the 3000 could do port forwarding, act as a SFTP server, receive inbound ssh connections, and so on. Apparently he didn't get enough response to carry forward.
Back in 2005, Hirsch posted his goal.
I could get an interactive ssh client to work on MPE/iX. I don't know how, but I know it's possible! It would not be possible to get an ssh server working in such as way that an ssh client could run any program. But it would be possible to get enough of the server running so that you could use the server to do port forwarding.
In 2008, he added the note which Edminster referenced. "If anybody knows a way to actually write to a terminal while there is a read pending, I could use OpenSSH as a server on the HP 3000. Apparently there are undocumented MPE/iX sendio() and rendezvousio() calls, of which I know nothing. There are also tread()/twrite() routines in libbsd.a that I think are intended for this, but there's no documentation for these, either."
There is another way to let SSH speak up on MPE, however.
Edminster, who keeps a repository of open source tools available for the community at his MPE-OpenSource website, said "OpenSSH isn't the only implementation of the ssh/sftp/scp protocol, although it is arguably the definitive open source one." He said he's looking for a client or two to help underwrite his R&D to port across this key encryption utility.
That said, in my 'copious' spare time, I'm working on porting the 'dropbear' ssh application. It's much simpler, and much more restrictive -- but it appears to have a much greater chance of success than having to significantly rework OpenSSH to make it work under MPE/iX.
Unfortunately, the current OpenSSH v 3.7.1p2 port meets my client's needs -- so if I want to spend any significant time on the dropbear (or other) ssh packages, I'll need a benefactor or two.
As always, if you have questions, don't be afraid to ask. If you have some spare time, try putting up SFTP (from Allegro or MPE-OpenSource) on your HP 3000. You'll find it suprisingly easy.
Hirsch said that with an interactive SSH client, an enterprising IT manager could tunnel a telnet connection over the SSH connection.
So on your PC, you would run:
ssh -L 9999:hp3k.yourcorp.com:23 [email protected]
Then connect Reflection (or other terminal emulator) to localhost::9999
You can do this with an ssh server running on some computer other than the HP 3000, of course. Just set up a PC or Linux system as an ssh host. There would be a secure connection between the PC and sshhost.yourcorp.com and an unencrypted connection between sshhost and the HP 3000 (presumably both behind the same firewall).