Klaus Have you patched your SLES 11 SP1 system to current patch levels? I believe there were patches published for this condition. I had encountered the same issue when SP1 went GA.
Before it is patched, it will work fine for a while, then out of the blue new ssh connections hang, however an existing connection will continue to work fine. Regards Richard G. Young 777 E Wisconsin Ave IT Architect Milwaukee, 53202-5302 IBM Systems & Technology Group USA z/VM and Linux for System z Team Lead Phone: +1-414-921-4276 Mobile: +1-262-893-8662 e-mail: ryou...@us.ibm.com From: Klaus Johansen <klu...@gmx.net> To: LINUX-390@vm.marist.edu, Date: 02/13/2012 03:36 AM Subject: HW crypt OpenSSH – new ssh login hangs Sent by: Linux on 390 Port <LINUX-390@vm.marist.edu> Hello everybody, It some times since I followed this list with care, but I think it is a good place to start in this case. We currently running some zLinux tests and a POC using SLES11SP1 on a z196. We have enabled HW crypt offload for OpenSSH according to the "SLES11SP1 Cookbook": That is, installed: - openssl-ibmca-1.0.0-141.6.12 - libica-2_0_2-32bit-2.0.2-0.6.3 - openssl-ibmca-32bit-1.0.0-141.6.12 - libica-2_0_2-2.0.2-0.6.3 And made changes to /etc/ssl/openssl.cnf; added /usr/share/doc/packages/openssl-ibmca/openssl.cnf.sample and moved the “openssl_conf = openssl_def” line up. The effect is truly impressive. Unfortunately we have experienced that our guests using this feature suddenly become unresponsive for NEW ssh logins: The ssh-login just hangs. Already open ssh-connections keep working. As soon as the “openssl_conf = openssl_def” is removed (using IUCV, 3270 or an existing ssh connection) the server can be accessed again. New ssh logins hang as soon as I reactivate HW crypt by adding the conf line again. Apparently the situation can be repaired by restarting sshd – but I’m not complete sure about this - or if it just a matter of time. Have some of you experience something similar? and do you know a fix? Is this a supported feature and where should create a support case? IBM or SuSE? Hope you can help. Best regards, Klaus Johansen, KMD Denmark -- Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
<<image/gif>>
