IBM Support

IBM AIX: ssh connections to or from AIX fail if EFS is enabled

Troubleshooting


Problem

If EFS is enabled, connecting to or from an AIX® system that uses ssh, sftp, or scp fails.  Connecting from AIX prints "Unsupported protocol sequence".

Symptom

With ssh verbose logging enabled, the connection fails soon after it prints the message "Sent ALLOW_PKCS12_KEYSTORE_CLIENT_FLAG packet".
With sshd debug logging enabled, the connection fails soon after it logs the message "Packet sent SSH_EFS_KEYSTORE_OPEN".

Cause

By default, when EFS is enabled on AIX, the AIX version of OpenSSH sends a request to the remote system for EFS support.  Most SSH implementations end the connection because they do not recognize this type of request.

Resolving The Problem

Add this option to the /etc/ssh/ssh_config file when AIX is the client or /etc/ssh/sshd_config when AIX is the server.
AllowPKCS12KeystoreAutoOpen no
If AIX is the server, sshd must be stopped and restarted with these commands.
stopsrc -s sshd
startsrc -s sshd

SUPPORT:

If the instructions in this document do not lead to resolution of the problem, follow these instructions to open a case.  The product must be under warranty or have an active and valid support contract.

a.  Document or take screen captures of all symptoms, errors, or messages.

b.  Capture any logs or data relevant to the issue.

c.  Contact IBM to open a case.

   -For electronic support, visit the IBM Support Community:
     https://www.ibm.com/mysupport
   -If you require telephone support, visit this web page:
      https://www.ibm.com/planetwide/

d.  Provide a detailed description of the issue and reference this technote.

e.  Upload all of the details and data to the case.

   -You can attach files to the case in the IBM Support Community, or
   -Upload data to IBM test case server analysis at this URL:

    http://www.ibm.com/support/docview.wss?uid=ibm10733581

f.  Click here to submit feedback for this document.

Document Location

Worldwide

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG10","label":"AIX"},"Component":"","Platform":[{"code":"PF002","label":"AIX"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]

Document Information

Modified date:
24 September 2019

UID

ibm11074720

Page Feedback