Wednesday, September 26, 2018

Establish SSH connection to OpenVMS Alpha 8.3 + TCP/IP Services 5.6 on DEC AlphaServer | Getting Past diffie-hellman-group1-sha1 and ssh-dss for Legacy Operating Systems

1.558 (RAPTOR) - OpenVMS Alpha: MONITOR SYSTEM

This post falls in the "don't reinvent the wheel" category.

One of my toys is RAPTOR, an emulated AlphaServer ES40 running OpenVMS Alpha 8.3 operating system. It connects to HECnet over DECnet Phase IV, and to the internet using Digital TCP/IP Services for OpenVMS. It runs an internet-facing web-server (OSU DECthreads HTTP Server for OpenVMS), effortlessly handling legitimate and spam traffic serving http://sanyal.duckdns.org.

Digital/Compaq/HP TCP/IP Services for OpenVMS Alpha 5.6 includes a SSH server allowing network access using SSL from SSH clients.

$ TCPIP SHOW VERSION

  HP TCP/IP Services for OpenVMS Alpha Version V5.6
  on an AlphaServer ES40 833 MHz running OpenVMS V8.3

Due to the age of TCP/IP Services for OpenVMS Alpha Version V5.6, modern implementations of SSH clients do not directly establish a secure communications channel with RAPTOR. Ubuntu 17 Linux, for example, provides the following contemporary SSH client:

someuser@moksha:~$ ssh -V
OpenSSH_7.5p1 Ubuntu-10ubuntu0.1, OpenSSL 1.0.2g  1 Mar 2016

and attempting to ssh directly to RAPTOR produces the following error:

someuser@moksha:~$ ssh vmsuser@10.42.2.12
Unable to negotiate with 10.42.2.12 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

Looking at the OpenSSH Legacy Options page, I created a ~/.ssh/config file with the following contents:

Host 10.42.2.12
        KexAlgorithms +diffie-hellman-group1-sha1

I set the file permissions for ~/.ssh/config to owner-read/write only (not sure if it is needed), and tried again. But this time, a different error showed up:

someuser@moksha:~$ chmod 600 ~/.ssh/config
someuser@moksha:~$ ls -l ~/.ssh/config
-rw------- 1 someuser somegroup 88 Sep 26 02:17 /home/someuser/.ssh/config

someuser@moksha:~$ ssh vmsuser@10.42.2.12
Unable to negotiate with 10.42.2.12 port 22: no matching host key type found. Their offer: ssh-dss

Looking more at the OpenSSH Legacy Options page, I added another line to ~/.ssh/config file so that the ~/.ssh/config now has a total of three lines in it:

Host 10.42.2.12
        KexAlgorithms +diffie-hellman-group1-sha1
        HostKeyAlgorithms +ssh-dss

And presto, I am able to ssh from Ubuntu 17 into OpenVMS Alpha!

someuser@moksha:~$ ssh vmsuser@10.42.2.12
The authenticity of host '10.42.2.12 (10.42.2.12)' can't be established.
DSA key fingerprint is SHA256:somestring/somestring.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.42.2.12' (DSA) to the list of known hosts.
vmsuser@10.42.2.12's password:

Welcome to OpenVMS (TM) Alpha Operating System, Version V8.3

System: RAPTOR, AlphaServer ES40 833 MHz
CPU 0    State: RUN                CPUDB: 81C16000     Handle: * None *
       Process: VMSUSER              PID: 000000B9

Product:  DECNET        Node:  RAPTOR               Address(es):  1.558
Product:  TCP/IP        Node:  raptor.sanyalnet.lan Address(es):  10.42.2.12

  26-SEP-2018 02:07:25

$
$
$ lo

Connection to 10.42.2.12 closed.SEP-2018 02:09:35.51

someuser@moksha:~$


Saturday, September 22, 2018

Running AIX x86 on Laptop | IBM AIX PS/2 1.3 for Intel i386 in Virtual Box

Supratim Sanyal's Blog: IBM AIX PS/2 1.3 for Intel i386 running X11 X Windows Motif Desktop in Virtual Box


AIX 1.3 for PS/2 is unique in that it is the only AIX release that runs on the Intel i386 processor architecture. IBM's announcement letter is still available online and starts off by describing AIX 1.3 for PS/2 as "AIX PS/2 Operating System Version 1.3 and its associated Conditions of Use Products (COUs) provide full hardware support and exploitation for all models of IBM PS/2 system units based on the 32-bit INTEL 386sx-16MHz up through the INTEL 486DX2-66MHz, utilizing both IBM Microchannel or IBM AT-Bus architectures."

As a DEC alumnus, the only IBM operating system I had ever used was PC DOS. This was by choice at the very beginning of my tryst with computing. DEC hardware and operating systems were being used in all sorts of interesting factory shop floor real-time systems, SCADAs, Nuclear Power Plants, Space technologies, Telecommunications etc. while IBM mainframes and minicomputers were more popular in (boring!) banking and financial systems.

I have since come to regret that unfounded bias, and when my favorite blogger posted an article on running AIX 1.3 inside VirtualBox I jumped on it and got it to work on my Lenovo Legion Y720 gaming laptop.

And, I also learned "AIX" actually stands for "Advanced Interactive Executive".


Supratim Sanyal's Blog: Running IBM AIX Operating System on PC Virtual Box - Graphical Desktop X11 X-Windows Motif

AIX for PS/2 supports a X Windows Motif based graphical desktop. A quick way to check the X11 desktop is to type in "xinit" which launches a X11/Motif graphical interface with a terminal, and then type in "xdt" to launch the IBM Graphical Desktop. The complete AIX for PS/2 X Windows Users' Guide is still available online.

The virtual machine boots up from floppy disks. Two boot floppy disks are needed. Booting from the first floppy disk loads the boot loader (IBM AIX PS/2 Bootstrap) itself:

SANYALnet Labs | IBM AIX boot sequence in VirtualBox

SANYALnet Labs | IBM AIX PS/2 PC Intel i386 Boot

On the next "LOAD A SYSTEM FROM THE DISKETTE" screen, the correct operating system choices need to be made:


Supratim Sanyal's Blog: IBM AIX PS/2 Intel i386 PC Boot


Module to be loaded: unix.gen
System mode: Multi User
Run system from hard disk: Yes

Proceeding from here, the Bootstrap will ask for the 2nd floppy disk to be inserted and continue booting AIX from there.

Supratim Sanyal's Blog: IBM AIX PS/2 PC Virtual Box Boot
Soon, a IBM AIX PS/2 Operating System login prompt is presented.

Supratim Sanyal's Blog: IBM AIX PS/2 PC i386 Intel Operating System Login
The X Windows/Motif graphical desktop can be launched using the "xinit" command after logging in. This launches the GUI desktop with a shell command prompt window. Issuing "xdt" launches the IBM AIX PS/2 AIXwindows Desktop.

In addition to the X Windows programs in /usr/bin/X11, additional AIXwindows software applications like "aixterm" are included. 

Unfortunately I have not been able to get networking to work yet. The AIX PS/2 announcement lists the following communication adapters as supported:

IBM PS/2 Adapter/A for Ethernet Networks (#0789)(6451233)
IBM Token Ring Network 16/4 Adapter/A (#1049)(74F9410)
IBM Token Ring Network 16/4 Adapter II
IBM Token Ring Network 16/4 Busmaster Server Adapter/A (#4041)(74F4140)

I have been unable to present any of this to AIX PS/2 in the VirtualBox hypervisor and will gladly welcome ideas to put AIX on the network in comments you can leave below.

Download

You can download the Oracle VirtualBox appliance for hobbyist use only from my google drive.