Originally posted by: igalvarez

Hi,
I have an AIX 5.3 and 6.1 with opeenssh 4.7, see:

1. oslevel -s

6100-04-04-1014

1. lslpp -L|grep ssh

openssh.base.client 4.7.0.5300 C F Open Secure Shell Commands
openssh.base.server 4.7.0.5300 C F Open Secure Shell Server
openssh.license 4.7.0.5300 C F Open Secure Shell License
openssh.man.en_US 4.7.0.5300 C F Open Secure Shell
openssh.msg.en_US 4.7.0.5300 C F Open Secure Shell

With this configuration I get sshd's this events on audit:
SSH_failnone = printf "%s"
SSH_failpasswd = printf "%s"
SSH_failkbdint = printf "%s"
SSH_failpubkey = printf "%s"
SSH_failhstbsd = printf "%s"
SSH_failgssapi = printf "%s"
SSH_invldusr = printf "%s"
SSH_nologin = printf "%s"
SSH_connclose = printf "%s"
SSH_auditknwn = printf "%s"
SSH_authsuccess = printf "%s"
SSH_rootdned = printf "%s"
SSH_exceedmtrix = printf "%s"
SSH_connabndn = printf "%s"

BUT, when I update openssh to 5.2, see:

1. oslevel -s

6100-05-01-1016

1. lslpp -L|grep ssh

openssh.base.client 5.2.0.5301 C F Open Secure Shell Commands
openssh.base.server 5.2.0.5301 C F Open Secure Shell Server
openssh.license 4.7.0.5300 C F Open Secure Shell License
openssh.man.en_US 5.2.0.5300 C F Open Secure Shell
openssh.msg.en_US 5.2.0.5300 C F Open Secure Shell

I don't get those sshd events. Same server, same OS, same configuration. Do you know why?

Thanks
#AIX-Forum

Originally posted by: MisterX

Hmmm...that's interesting. Several years ago i corresponded with the only IBM SSH developer and she (i think) stated that they take Darren Tuckers' code from openssh.org (the only guy developing ssh for AIX)and adds NLS and now auditing.

My beef with IBM has been they dont do a good job of keeping up with the openssh team when a security issues/bug surfaces. At least they added auditing.
#AIX-Forum