HP-UX Trusted Computing Services A.02.00 Administrator's Guide
If you do not see similar start up messages, verify the following items:
• The HP-UX Secure Shell version. You must have version A.05.00.029, or later.
• The sshd configuration file. At a minimum, this file must include the EngineHostRSAKey
keyword with the path to the key blob created using tpmcreate. For more information,
see “Step 3: Modifying the sshd Configuration File” (page 57).
• The OpenSSL configuration file. By default, sshd will attempt to use /opt/ssh/etc/
server.cnf as the OpenSSL configuration file. The file must contain the directives described
in “Step 4: Installing and Modifying the OpenSSL Configuration File” (page 58).
Message: Bad configuration option
If the sshd daemon does not support the keywords needed for TCS, it displays messages similar
to the following:
sshd_config: line 99: Bad configuration option: EngineHostRSAKey
sshd_config: terminating, 1 bad configuration options
Action
Use the what utility to verify the HP-UX Secure Shell version. You must have version A.05.00.029,
or later.
Message: Could not load host key
This message indicates that sshd could not load the host key. The problem might be caused by
a problem with the key file specification, the key file, or problems configuring the TPM OpenSSL
engine. To determine the specific cause, start the sshd daemon in the foreground (-D option)
and debug level 2 or 3 enabled (-d -d or -d -d -d). You can also specify the -e option to send
the debugging output to STDOUT. The following list contains some common error messages.
• 14940:error:02001002:system library:fopen:No such file or directory:bss_file.c:)
14940:error:2006D080:BIO routines:func(109):reason(128):bss_file.c:107:
14940:error:8006F07B:tpm engine:TPM_ENGINE_LOAD_KEY:file to load not found:/ux/:
14940:error:26096080:engine routines:func(150):reason(128):eng_pkey.c:116:
debug1: ENGINE_load_private_key failed
debug1: key_load_engine_private() done: type <unknown>
debug1: engine key load attempted, index: #0
Could not load host key: /home/ltam/badblob
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available -- exiting.
The text tpm engine:TPM_ENGINE_LOAD_KEY indicates that the TPM OpenSSL engine
loaded properly. In this context, the text fopen:No such file or directory indicates
that the key file specified in the EngineHostRSAKey parameter in the sshd configuration
file does not exist.
• 14992:error:8006F06D:tpm engine:TPM_ENGINE_LOAD_KEY:request failed:/ux/core/isu:
14992:error:26096080:engine routines:func(150):reason(128):eng_pkey.c:116:
debug1: ENGINE_load_private_key failed
debug1: key_load_engine_private() done: type <unknown>
debug1: engine key load attempted, index: #0
Could not load host key: /home/ltam/badblob
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available -- exiting.
The text tpm engine:TPM_ENGINE_LOAD_KEY indicates that the TPM OpenSSL engine
loaded properly. In this case, the key file specified in the EngineHostRSAKey parameter
in the sshd configuration file was not valid. Verify the file name and that the contents were
created using tpmcreate as specified in “Step 1: Creating a TCS RSA Key Pair for SSH”
(page 56).
• 12116:error:02001002:lib(2):func(1):reason(2):bss_file.c:104:fopen('/opt/openssl/foo','rb')
12116:error:2006D080:lib(32):func(109):reason(128):bss_file.c:107:
12116:error:0E064072:lib(14):func(100):reason(114):conf_def.c:197:
Engine configuration failed
Troubleshooting TCS Operation with HP-UX Secure Shell 83