Contents
Parameters
logfile
Full path to the log file that will be used to log the script output.
Example:
logfile=C:\Charon\myds20vms_shutdown.log
windowsevent
Defines which message levels will create a new entry in the Windows Application Events (Source="CHARON")
Can be either "none" or any combination of S, W and E. 'S' for Success, 'W' for Warning and 'E' for Error. Default is 'SE' so Success and Error only.
Example:
windowsevent=SWE
waitbeforestop
Number of seconds to wait before stopping the service once the guest operating system no longer responds to 'ping'. If not set, default value = 60.
Example:
waitbeforestop=10
servicename
CHARON instance service name
Example:
servicename=myds20vms
guestsystem
Server name or IP address
Example:
guestsystem=10.0.0.3
os
VMS or Tru64
Example:
os=VMS
mode
ssh
Example:
mode=ssh
sshbin
Defines the location of the "ssh.exe" program.
Example:
sshbin=C:\Program Files (x86)\OpenSSH\ssh.exe
username
Defines the remote username that will be used to connect to the guest operating system via rsh.
Example:
username=system
identityfile
Identity file that stores the Key infrastructure.
Example:
identityfile=C:\Charon\win2008bm
identityfsys
Identity file that stores the Key infrastructure for the "system" account. Used in case of integration with Windows shutdown.
If not specified, identityfile is used
Example:
identityfsys=C:\Charon\win2008bm_sys
openconsolecmd
Optional parameter used to open the console program while executing the script. This parameter must contain the full path to the software used to connect to the console. In case putty is going to be used, it is possible to set it to 'putty' without any path. Doing so, the script will look for the latest version available in the Charon installation folder.
It is recommended to define this parameter in case of integration with Windows shutdown
Example 1:
openconsolecmd=C:\Program Files\CHARON\Build_20203\x64\putty
Example 2:
openconsolecmd=putty
openconsolearg
Optional parameter defining the parameters of the openconsolecmd parameter above.
Example:
openconsolearg=-load OPA0 -P 10003
commandparams
"ssh" command optional parameters. Most of the time necessary to enable connection to old versions of "ssh" running on OpenVMS or Tru64
Example:
commandparams=-o Ciphers=+3des-cbc -o KexAlgorithms=+diffie-hellman-group1-sha1 -o HostKeyAlgorithms=+ssh-dss
windowwidth and windowheight
Optional parameters used to resize the window when running with service user ("system" account).
Useful during Windows shutdown to check operations executed.
Width = 132 and Height = 32 by default. BufferHeight set 2000 lines by default.
Example:
windowwidth=120
windowheight=50
ssh Key Infrastructure
The examples provided use a Windows Server 2008 R2 machine named WIN2008BM. This name will be used for the files created for the key pair.
OpenVMS - Windows pair
On the Windows server – create the key pair and export the public key to be readable by OpenVMS:
c:\Charon>"C:\Program Files (x86)\OpenSSH\ssh-keygen" -f c:\charon\win2008bmrsa -t rsa -b 2048
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase): ← do not specify any passphrase
Enter same passphrase again:
Your identification has been saved in c:\charon\win2008bmrsa.
Your public key has been saved in c:\charon\win2008bmrsa.pub.
The key fingerprint is:
SHA256:DmB9rFQYeGlzM6uL51Y4EVR8XoCEb+SXFrw7ZD0Khv4 administrateur@WIN2008BM
The key's randomart image is:
+---[RSA 2048]----+
(truncated)
+----[SHA256]-----+
c:\Charon>"C:\Program Files (x86)\OpenSSH\ssh-keygen" -f c:\charon\win2008bmrsa -e
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "2048-bit RSA, converted by administrateur@WIN2008BM from Ope"
(truncated)
---- END SSH2 PUBLIC KEY ----
|
Depending on OpenSSH version used, the installation folder could be "C:\Program Files (x86)\OpenSSH for Windows" and executables in the "bin" child folder
The public key (text above in dark grey marked by the BEGIN SHS2 and END SSH2 labels) will have to be copied to the OpenVMS system in a later step.
On OpenVMS – enable the SSH server by executing the TCPIP$CONFIG script (depending on the OpenVMS version, the script could also be called UCX$CONFIG):
VMS084> @tcpip$config
Checking TCP/IP Services for OpenVMS configuration database files.
HP TCP/IP Services for OpenVMS Configuration Menu
Configuration options:
1 - Core environment
2 - Client components
3 - Server components
4 - Optional components
5 - Shutdown HP TCP/IP Services for OpenVMS
6 - Startup HP TCP/IP Services for OpenVMS
7 - Run tests
A - Configure options 1 - 4
[E] - Exit configuration procedure
Enter configuration option: 3
HP TCP/IP Services for OpenVMS Server Components Configuration Menu
Configuration options:
1 - BIND Disabled Stopped 12 - NTP Disabled Stopped
2 - BOOTP Disabled Stopped 13 - PC-NFS Disabled Stopped
3 - DHCP Disabled Stopped 14 - POP Disabled Stopped
4 - FINGER Disabled Stopped 15 - PORTMAPPER Disabled Stopped
5 - FTP Disabled Stopped 16 - RLOGIN Enabled Started
6 - IMAP Disabled Stopped 17 - RMT Disabled Stopped
7 - LBROKER Disabled Stopped 18 - SNMP Disabled Stopped
8 - LPR/LPD Disabled Stopped 19 - SSH Disabled Stopped
9 - METRIC Disabled Stopped 20 - TELNET Enabled Started
10 - NFS Disabled Stopped 21 - TFTP Disabled Stopped
11 - LOCKD/STATD Disabled Stopped 22 - XDM Disabled Stopped
A - Configure options 1 - 22
[E] - Exit menu
Enter configuration option: 19
SSH Configuration
Service is defined in the SYSUAF.
Service is defined in the TCPIP$SERVICE database.
Service is not enabled.
Service is stopped.
SSH configuration options:
1 - Enable service on this node
2 - Enable & Start service on this node
[E] - Exit SSH configuration
Enter configuration option: 2
* Create a new default server host key? [NO]:
%TCPIP-I-INFO, image SYS$SYSTEM:TCPIP$SSH_SSHD2.EXE installed
%TCPIP-I-INFO, image SYS$SYSTEM:TCPIP$SSH_SFTP-SERVER2.EXE installed
%TCPIP-I-INFO, logical names created
%%%%%%%%%%% OPCOM 8-JUL-2016 03:50:16.47 %%%%%%%%%%%
Message from user INTERnet on VMS084
INTERnet ACP Activate SSH Server
%TCPIP-I-INFO, service enabled
%TCPIP-S-STARTDONE, TCPIP$SSH startup completed
Press <ENTER> key to continue ...
The SSH CLIENT is not enabled.
* Do you want to configure SSH CLIENT [NO]:
HP TCP/IP Services for OpenVMS Server Components Configuration Menu
Configuration options:
1 - BIND Disabled Stopped 12 - NTP Disabled Stopped
2 - BOOTP Disabled Stopped 13 - PC-NFS Disabled Stopped
3 - DHCP Disabled Stopped 14 - POP Disabled Stopped
4 - FINGER Disabled Stopped 15 - PORTMAPPER Disabled Stopped
5 - FTP Disabled Stopped 16 - RLOGIN Enabled Started
6 - IMAP Disabled Stopped 17 - RMT Disabled Stopped
7 - LBROKER Disabled Stopped 18 - SNMP Disabled Stopped
8 - LPR/LPD Disabled Stopped 19 - SSH Enabled Started
9 - METRIC Disabled Stopped 20 - TELNET Enabled Started
10 - NFS Disabled Stopped 21 - TFTP Disabled Stopped
11 - LOCKD/STATD Disabled Stopped 22 - XDM Disabled Stopped
A - Configure options 1 - 22
[E] - Exit menu
Enter configuration option: e
HP TCP/IP Services for OpenVMS Configuration Menu
Configuration options:
1 - Core environment
2 - Client components
3 - Server components
4 - Optional components
5 - Shutdown HP TCP/IP Services for OpenVMS
6 - Startup HP TCP/IP Services for OpenVMS
7 - Run tests
A - Configure options 1 - 4
[E] - Exit configuration procedure
Enter configuration option: e
VMS084>
|
Copy the public key created above to OpenVMS (either with 'scp' or with copy/paste).
On OpenVMS – make the key available to the system and authorize it for use:
$ SET DEF SYS$LOGIN
If needed: $ CREATE /DIR [.SSH2]
$ SET DEF [.SSH2]
$ EDIT WIN2008BMRSA.PUB
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "2048-bit RSA, converted by administrateur@WIN2008BM from Ope"
(truncated)
---- END SSH2 PUBLIC KEY ----
|
$ EDIT AUTHORIZATION.
$
|
On the Windows server – check that the key pair works:
Do not forget to specify the identity file using the "-i" parameter.
c:\Charon>"C:\Program Files (x86)\OpenSSH\ssh" -i c:\charon\win2008bmrsa -l system 10.0.0.3 ^
More? "show system/noprocess"
Welcome to OpenVMS (TM) Alpha Operating System, Version V8.4
OpenVMS V8.4 on node VMS084 8-JUL-2016 04:10:47.57 Uptime 0 00:24:13
|
On first connection attempt you will have to answer "yes" to the "Are you sure you want to continue connecting" question.
If you encounter a "cygwin warning" error message and/or a message like: Could not create directory '/home/<user>/.ssh' , please see Managing CYGWIN and ssh error messages chapter.
If you encounter an error message related to diffie-hellman-group1-sha1 , please see Managing ciphers, hashes and key-exchange algorithms chapter.
Tru64 - Windows pair
On the Windows server – create the key pair and export the public key to be readable by Tru64:
c:\Charon>"C:\Program Files (x86)\OpenSSH\ssh-keygen" -f c:\charon\win2008bmrsa -t rsa -b 2048
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase): ← do not specify any passphrase
Enter same passphrase again:
Your identification has been saved in c:\charon\win2008bmrsa.
Your public key has been saved in c:\charon\win2008bmrsa.pub.
The key fingerprint is:
SHA256:DmB9rFQYeGlzM6uL51Y4EVR8XoCEb+SXFrw7ZD0Khv4 administrateur@WIN2008BM
The key's randomart image is:
+---[RSA 2048]----+
(truncated)
+----[SHA256]-----+
c:\Charon>"C:\Program Files (x86)\OpenSSH\ssh-keygen" -f c:\charon\win2008bmrsa -e
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "2048-bit RSA, converted by administrateur@WIN2008BM from Ope"
(truncated)
---- END SSH2 PUBLIC KEY ----
|
Depending on OpenSSH version used, the installation folder could be "C:\Program Files (x86)\OpenSSH for Windows" and executables in the "bin" child folder
Copy the public key (text above in dark gray marked by the BEGIN SSH2 and END SSH2 labels) to the Tru64 system (either with 'scp' or with copy/paste).
On Tru64 – make the key available to the system and authorize it for use:
# cd /.ssh2
# vi win2008bmrsa.pub
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "2048-bit RSA, converted by administrateur@WIN2008BM from Ope"
(truncated)
---- END SSH2 PUBLIC KEY ----
|
# echo "Key win2008bmrsa.pub" >> authorization
|
On the Windows server – check that the key pair works:
Do not forget to specify the identity file using the "-i" parameter.
c:\Charon>"C:\Program Files (x86)\OpenSSH\ssh" -i c:\charon\WIN2008BM_RSA -l root 10.0.0.2 "uname -a"
OSF1 pluto.localdomain V5.1 2650 alpha
|
On first connection attempt you will have to answer "yes" to the "Are you sure you want to continue connecting" question.
If you encounter a "cygwin warning" error message and/or a message like: Could not create directory '/home/<user>/.ssh' while executing this command, please see Managing CYGWIN and ssh error messages.
If you encounter an error message related to diffie-hellman-group1-sha1 , please see Managing ciphers, hashes and key-exchange algorithms chapter.
Managing CYGWIN and ssh error messages
cygwin warning
You can ignore the "cygwin warning" message or define the environment variable (see how-to) "CYGWIN" to "nodosfilewarning" as explained in the displayed text if it appears. This warning message will not be displayed while running the Powershell script as this environment variable is set inside the script.
Example:
cygwin warning:
MS-DOS style path detected: c:\charon\WIN7BM_DSA
Preferred POSIX equivalent is: /cygdrive/c/charon/WIN7BM_DSA
CYGWIN environment variable option "nodosfilewarning" turns off this warning.
Consult the user's guide for more details about POSIX paths:
http://cygwin.com/cygwin-ug-net/using.html#using-pathnames |
To remove this message you can set the "CYGWIN" Windows environment variable or use this DOS command before running the 'ssh' test command ( the following command will not set a permanent variable ):
c:\Charon>set CYGWIN=nodosfilewarning |
Could not create directory ssh error
If you encounter an error message like: Could not create directory '/home/<user>/.ssh', please create the "HOME" Windows environment variable (see how-to) and set it to your home folder, for example.
Please note: this variable will be set on the next login. So if you need it immediately, use the following DOS command before running the 'ssh' test command ( the following command will not set a permanent variable ):
c:\Charon>set HOME=%userprofile% |
To view or change environment variables
Using the Windows GUI
Either right-click on "My Computer" and then click on "Properties" and "Advanced tab" or press the Windows key+R and enter "systempropertiesadvanced"
Click on "Environment variables".
Click on one of the following options, for either a user or a system variable:
Click on New to add a new variable name and value.
Click on an existing variable, and then click on Edit to change its name or value.
Click on an existing variable, and then click on Delete to remove it.
Using Powershell
Powershell can be used to define user environment variables. Please refer to the examples below:
c:\Charon> powershell
PS c:\Charon> [Environment]::SetEnvironmentVariable("CYGWIN", "nodosfilewarning", "User")
PS c:\Charon> [Environment]::SetEnvironmentVariable("HOME", "$env:userprofile", "User")
PS c:\Charon> exit
|
Managing ciphers, hashes and key-exchange algorithms
Starting with OpenSSH version 7.0, ciphers, hashes and key-exchange algorithms are disabled by default. This means that for newer versions of OpenSSH, connecting to Tru64 or OpenVMS systems can be a problem.
To solve this problem:
- Set the "
commandparams" value in the .ini file as shown below:
commandparams=-o Ciphers=+3des-cbc -o KexAlgorithms=+diffie-hellman-group1-sha1 -o HostKeyAlgorithms=+ssh-dss
or
- create a file named "
config" (no extension) in the user's folder C:\Users\<user>\.ssh (create the .ssh folder if it does not exist) and add the following lines:
Host 10.0.0.3
Hostname myds20vms
KexAlgorithms +diffie-hellman-group1-sha1
HostKeyAlgorithms +ssh-dss
Ciphers +3des-cbc
|
If the hostname is known to the system, replace the IP address in the 1st line by hostname or add it at the end of the line (blank separated). Example: "Host 10.0.0.3 ds20vms"
Example - OpenVMS
Configuration file
#-----------------------------------------
# myds20 OpenVMS 8.4 machine
#-----------------------------------------
logfile=C:\Charon\myds20vms_shutdown.log
waitbeforestop=10
guestsystem=10.0.0.3
servicename=myds20vms
os=VMS
mode=ssh
sshbin=C:\Program Files (x86)\OpenSSH\ssh.exe
username=system
identityfile=C:\Charon\win2008bm_dsa
|
Script execution
Check mode
c:\Windows\system32>C:\charon\charon_cleanshutdown.ps1 -config C:\charon\myds20vms.ini -check
Charon clean shutdown
Name Value
---- -----
os VMS
waitbeforestop 10
windowwidth 132
servicename ds20vms
openconsolecmd C:\Program Files\CHARON\Build_20203\x64\putty
username system
identityfile C:\Charon\win2008system
commandparams -o Ciphers=+3des-cbc -o KexAlgorithms=+diffie-hellman-group1-sha1 -o HostKeyAlgorithms=+...
windowheight 50
openconsolearg -load OPA0 -P 10003
guestsystem 10.0.0.3
mode ssh
sshbin C:\Program Files (x86)\OpenSSH\ssh.exe
logfile C:\Charon\myds20vms_shutdown.log
17:34:11 [INFO ] Using 'C:\Charon\myds20vms_shutdown.log' as log file / append
17:34:11 [INFO ] Execution date : 27-avr.-2020 17:34:11
17:34:11 [INFO ] Script version : 27-Apr-20 V2.0 (MD5: 4BA97792A105C9E0E484850B88B866F8 )
17:34:11 [INFO ] Powershell version : 5.1.14409.1018
17:34:11 [INFO ] Computer name : WIN2008BM
17:34:11 [INFO ] Username : Administrateur
17:34:11 [INFO ] Windows version : Microsoft Windows Server 2008 R2 Standard
17:34:11 [INFO ] Administrator mode : True
17:34:11 [INFO ]
17:34:11 [INFO ] Check mode enabled.
17:34:11 [INFO ] 'ssh' will be used
17:34:11 [INFO ] Using 'C:\Charon\win2008system' as identity file.
17:34:11 [INFO ] Service 'ds20vms' is Running (Display name: ds20vms)
17:34:11 [INFO ] Testing guest system '10.0.0.3' response
17:34:15 [INFO ] Opening console.
17:34:15 [INFO ] Invoking 'ssh' command and executing check command as Administrateur ...
17:34:15 [INFO ] C:\Program Files (x86)\OpenSSH\ssh.exe -i C:\Charon\win2008system -q -l system -o BatchMode=yes -o Ciphers
=+3des-cbc -o KexAlgorithms=+diffie-hellman-group1-sha1 -o HostKeyAlgorithms=+ssh-dss 10.0.0.3 '@SYS$MANAGER:CHARON_SHUTDOW
N.COM CHECK SSH'
17:34:16 [INFO ] Output results:
17:34:16 [INFO ]
17:34:16 [INFO ] SSH was successful
17:34:16 [INFO ]
17:34:16 [INFO ] Checking command results...
17:34:16 [INFO ] Command successfully completed.
17:34:16 [INFO ] Check mode enabled: no connection test to be performed.
17:34:16 [INFO ] Check mode enabled: no wait / stop service.
17:34:16 [INFO ] Check mode enabled: the service ds20vms will not be stopped
17:34:16 [INFO ] Service ds20vms is Running
17:34:16 [INFO ] Script ended.
|
Shutdown execution
c:\Windows\system32>C:\charon\charon_cleanshutdown.ps1 -config C:\charon\myds20vms.ini
Charon clean shutdown
Name Value
---- -----
os VMS
waitbeforestop 10
windowwidth 132
servicename ds20vms
openconsolecmd C:\Program Files\CHARON\Build_20203\x64\putty
username system
identityfile C:\Charon\win2008system
commandparams -o Ciphers=+3des-cbc -o KexAlgorithms=+diffie-hellman-group1-sha1 -o HostKeyAlgorithms=+...
windowheight 50
openconsolearg -load OPA0 -P 10003
guestsystem 10.0.0.3
mode ssh
sshbin C:\Program Files (x86)\OpenSSH\ssh.exe
logfile C:\Charon\myds20vms_shutdown.log
17:41:40 [INFO ] Using 'C:\Charon\myds20vms_shutdown.log' as log file / append
17:41:40 [INFO ] Execution date : 27-avr.-2020 17:41:40
17:41:40 [INFO ] Script version : 27-Apr-20 V2.0 (MD5: 5CA44D034529A2BF7E868463F1B7A93C )
17:41:40 [INFO ] Powershell version : 5.1.14409.1018
17:41:40 [INFO ] Computer name : WIN2008BM
17:41:40 [INFO ] Username : Administrateur
17:41:40 [INFO ] Windows version : Microsoft Windows Server 2008 R2 Standard
17:41:40 [INFO ] Administrator mode : True
17:41:40 [INFO ]
17:41:41 [INFO ] 'ssh' will be used
17:41:41 [INFO ] Using 'C:\Charon\win2008system' as identity file.
17:41:41 [INFO ] Service 'ds20vms' is Running (Display name: ds20vms)
17:41:41 [INFO ] Testing guest system '10.0.0.3' response
17:41:44 [INFO ] Killing putty sessions...
17:41:45 [INFO ] Done.
17:41:45 [INFO ] Opening console.
17:41:45 [INFO ] Invoking 'ssh' command and executing shutdown as Administrateur ...
17:41:45 [INFO ] C:\Program Files (x86)\OpenSSH\ssh.exe -i C:\Charon\win2008system -q -l system -o BatchMode=yes -o Ciphers=+3des-cbc -o KexAlgorithms=+diffie-hellman-group1-sha1 -o HostKeyAlgorithms=+ssh-dss 10.0.0.3 '@SYS$MANAGER:CHARON_SHUTDOWN.COM'
17:41:46 [INFO ] Output results:
17:41:46 [INFO ]
17:41:46 [INFO ] $ PURGE /KEEP=20 SYS$MANAGER:CHARON_SHUTDOWN.LOG
17:41:46 [INFO ] $ RUN /DETACH SYS$SYSTEM:LOGINOUT.EXE /INPUT=SYS$MANAGER:CHARON_SHUTDOWN -
17:41:46 [INFO ] /OUTPUT=SYS$MANAGER:CHARON_SHUTDOWN.LOG /UIC=[1,4]
17:41:46 [INFO ] %RUN-S-PROC_ID, identification of created process is 00000122
17:41:46 [INFO ] $ ENDIF
17:41:46 [INFO ] $ ENDIF
17:41:46 [INFO ] $ EXIT
17:41:46 [INFO ] $
17:41:46 [INFO ] $ !
17:41:46 [INFO ] $ ! Force any output to the standard output device.
17:41:46 [INFO ] $ ! Most useful when client is Un*x.
17:41:46 [INFO ] $ !
17:41:46 [INFO ] $ ! V5.4-03
17:41:46 [INFO ] $ ! WRITE SYS$OUTPUT -
17:41:46 [INFO ] $ ! "ssh-rcmd 'f$getjpi("","USERNAME")' logged out at 'f$time()'" ! V5.4-02
17:41:46 [INFO ]
17:41:46 [INFO ] $ WRITE SYS$OUTPUT ""
17:41:46 [INFO ]
17:41:46 [INFO ] $
17:41:46 [INFO ] $ IF (SSHD$ERROR .NES. SSHD$INPUT_OUTPUT)
17:41:46 [INFO ] $ ENDIF
17:41:46 [INFO ] $
17:41:46 [INFO ] $ ! SS_NORMAL, SSH was succcessful, command should send its error over net.
17:41:46 [INFO ] $ EXIT 1
17:41:46 [INFO ] Checking command results...
17:41:46 [INFO ] Command successfully completed.
17:41:49 [INFO ] Testing connection to '10.0.0.3' = True
17:42:12 [INFO ] Testing connection to '10.0.0.3' = False
17:42:22 [INFO ] Sleeping for 10 seconds...
17:42:32 [INFO ] Stopping service ds20vms
17:42:33 [INFO ] Service ds20vms is Stopped
17:42:33 [INFO ] Script ended.
|