On some systems we have recently encountered syslog error messages when logging in with ssh (or also with /bin/su) of the following type:
Mar 15 10:43:47 aix01 auth|security:err|error sshd: Crypto library (CLiC) error: Wrong object type Mar 15 11:08:42 aix01 auth|security:err|error su: Crypto library (CLiC) error: Wrong signature
Login and also the su command worked without problems. However, the many error messages, one with each login, were annoying.
The reference to the Crypto Library (CLiC), which is actually needed only when using EFS, was already an indication in the investigation. EFS is not in use on these systems. A check with the command “efskeymgr -V” resulted in the following:
$ efskeymgr -V There is no key loaded in the current process. $
Here an error message should have resulted, with the hint that EFS is not activated. A look into the directory /var revealed that the directory /var/efs (in which the EFS keys are stored) exists:
$ ls -l /var/efs total 24 drwx------ 2 root system 256 Apr 25 2017 efs_admin/ -rw-r--r-- 1 root system 0 Apr 25 2017 efsenabled drwx------ 51 root system 4096 Mar 17 10:40 groups/ drwx------ 123 root system 8192 Mar 17 05:15 users/ $
So EFS was activated, even though it is not used. To disable EFS, a reboot is actually necessary. However, as it is not really used in our case, and probably turned on only because of an oversight or error, we use the following workaround to rename the /var/efs directory:
$ mv /var/efs /var/efs.orig $
A short test with the command “efskeymgr -V” shows, that EFS is not currently active from view of AIX:
$ efskeymgr -V Problem initializing EFS framework. Please check EFS is installed and enabled (see efsenable) on you system. Error was: (EFS was not configured) $
A test login via ssh confirms that no error message is logged any more when logging in.
Note: Please make sure that EFS is not used!