We have an interesting problem with F-Secure SSH (v 3.1.0) running on HP-UX. It seems that when scp or sftp commands are issued they are successful but it counts as a 'strike' against the target user locking the account out after 3 attempts.
When the user is re-enabled in SAM - it reports that the user was locked for too any unsuccessful login attempts. This is strange as the password is being accepted and the scp/sftp command successful.
An error is written to the syslog - "ssh-pam-client returned packet SSH_PAM_OP_ERROR. (err_num: 32, err_msg:) General Comercial Security error"
Is this a "feature" of my now outdated SSH client? The problem is not present after SSH keys are set-up. Also it is only apparent in SCP & SFTP but not in straightforward SSH or FTP.
"General Comercial Security error" - I really liked that - I guess "Comercial" has to be "Commercial" ? Pretty funny error message.
And seriously, sorry that I can't help either, my suggestion is to contact the vendor.
If you run SSH on HP-UX
I wonder why you didn't install the HPs' own port of OpenSSH that is neatly bundled into an easy to install and run SD depot,
and freely available for download in a pretty recent release Hewlett-Packard Co.
If the provided URL isn't reachable go to Hewlett-Packard Co.
and search for secure shell.
As you mention that the client gets locked out after 3 failed authorize attempts,
have you converted your HP-UX box to trusted system?
You can recognize if the following directory exists, /tcb/files/auth/
Also, how is your sshd configured?
Have you set MaxAuthTries in your sshd_config?
We have the HP-UX port of OpenSSH on there too. Reason we put F-Secure on there is beyond me - probably because we use their PC desktop client too.
Canning F-Secure and firing up the OpenSSH sshd isn't really an option as all our SSH2 keys and scripts would fail.
Tried all sorts to resolve this. OS is in trusted mode, tried turning privsep off, maxauthtries is at default 3 (same as OS). Tried setting up a new user, modding groups, modding permissions ....
I'm putting this one down to a bug, or perhaps a PAM error.
Oh, and to be fair to them, the error msg does say 'commercial' rather than 'comercial' (only i couldnt copy/paste it).