HP-UX Secure Shell A.04.50.003, A.04.50.004, and A.04.50.005 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i Secure Shell Software

• Fixed a bug in the sshd privilege separation monitor that weakened its verification of

successful authentication.

• Fixed a bug where ssh connections to a Solaris machine were dropped if a process started

in the 1st ssh session was terminated in the 2nd session. Instead of terminating only the

process, the first session was also terminated.

For more information on these defect fixes, see the Bugzilla Website at: http://bugzilla.mindrot.org.

Defects Fixed in HP-UX Secure Shell A.04.50.003, A.04.50.004, and

A.04.50.005

The following defect has been fixed in this version of HP-UX Secure Shell:

• IPv6 connection fails for 64–bit sshd on PA-RISC operating systems in HP-UX 11i v2 and

HP-UX 11i v3.

Known Problems and Workarounds

Following are the known problems and workarounds in HP-UX Secure Shell A.04.50.003,

A.04.50.004, and A.04.50.005:

• JAGaf46251: If a server environment has UsePAM set to YES and pam.conf set to PAM_LDAP,

then, ssh user authentication through public key fails. HP recommends that administrators

use the PAM_AUTHZ mechanism for users whose Secure Shell environments use public key

authentication together with PAM_LDAP-based account management.

• Do not specify user specific information during configuration of hostbased authentication.

Host-based Authentication supports only authentication of hosts. It does not allow

user-specific authentication. When, user configures the hostbased authentication with the

following commands:

# cat /etc/hosts.equiv

myhost.mydomain.com specificuser

It allows the specificuser@myhost.mydomain.com to login into any local account on

the remote machine.

• OpenSSH 4.5p1 base code has functionality to support logging of sftp transactions.

LogFacility and LogLevel options are added to sftp-server as command-line options

to log these transactions. As a result, the following directives are not supported in this release

of Secure Shell:

— #LogSftp no

— #SftpLogFacility AUTH

— #SftpLogLevel INFO

• JAGaf59448: The following SMSE behavior is seen in this version of HP-UX Secure Shell:

Audit log messages show repeated entries for a user. This occurs because bad login attempts

are logged in the audit file. For example, a user trying Public key authentication with bad

RSA and DSA keys results in a bad login attempt for each key type. In such a scenario, the

audit log has the following entries:

SELF-AUDITING TEXT: User= root uid=0 ssh authentication method PUBKEY - failed

SELF-AUDITING TEXT: User= root uid=0 ssh authentication success - user logged in

SELF-AUDITING TEXT: User= root uid=0 ssh session open

• HP-UX Secure Shell user authentication through the public-key will fail in a server

environment if the UsePAM is set to YES and pam.conf is set to PAM_LDAP.

Workaround: HP recommends the PAM_AUTHZ mechanism for HP-UX Secure Shell

environments that use public-key authentication with PAM_LDAP-based account

management.

• On some systems, the following message appears in the syslog.logfile, when a user logs

out of a Secure Shell session:

8 HP-UX Secure Shell A.04.50.003, A.04.50.004, and A.04.50.005