HP-UX Secure Shell A.04.70.009, A.04.70.010, and A.04.70.
Legal Notices Copyright 2007 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice.
Table of Contents 1 HP-UX Secure Shell A.04.70.009, A.04.70.010, and A.04.70.011..................................................7 Announcement.....................................................................................................................7 Secure Shell Versions on HP-UX..........................................................................................7 Support Notice................................................................................................................
List of Tables 1-1 1-2 1-3 1-4 1-5 1-6 Availability of Secure Shell Versions on HP-UX ..........................................................7 Defects Fixed in OpenSSH4.7p1...................................................................................8 Scenarios where pam_setcred Generates Error Messages......................................10 System Requirements for Installing HP-UX Secure Shell A.04.70.009, A.04.70.010, and A.04.70.011...............................................................
1 HP-UX Secure Shell A.04.70.009, A.04.70.010, and A.04.70.011 This document discusses the most recent product information for HP-UX Secure Shell Versions A.04.70.009, A.04.70.010, and A.04.70.011 that are supported on HP-UX 11i v1, HP-UX 11i v2, and HP-UX 11i v3. This document addresses the following topics: • • • • • • • • • • • • “Secure Shell Versions on HP-UX” (page 7) “New Features” (page 8) “Defects Fixed in OpenSSH4.7p1” (page 8) “Defect Fixed in HP-UX Secure Shell A.04.70.009, A.04.70.010, and A.
Support Notice HP provides software technical support for HP-UX Secure Shell for the latest, currently shipping version and the immediately prior version of the product. New Features The following new features are introduced in OpenSSH4.7p1. HP-UX Secure Shell versions A.04.70.009, A.04.70.010, and A.04.70.011 are based on OpenSSH4.7p1 and include these new features: • The sshd daemon defaults to SSH Protocol 2 in new installations. There are no changes to existing installations.
Table 1-2 Defects Fixed in OpenSSH4.7p1 (continued) Defect Identifier Defect Fix Bugzilla #1196 Enabled SIGINT in the sshd daemon's privilege separation child process to ensure that wtmp and lastlog records are correctly updated. Bugzilla #1220 Provided better error messages for scenarios where GSSAPI libraries support multiple mechanisms. Bugzilla #1224 Provided a better description for the -d option in the ssh-add((1)) manpage.
It allows the specificuser@myhost.mydomain.com to login into any local account on the remote machine. • OpenSSH 4.7p1 base code supports logging of sftp transactions. LogFacility and LogLevel options are added to sftp-server as command-line options to log these transactions.
Table 1-3 Scenarios where pam_setcred Generates Error Messages (continued) • User UsePriv KeyServ Running Error Messages non-root yes yes No message root no yes Permission denied non-root no yes Permission denied A Kerberos ticket on a Secure Shell server system gets inadvertently deleted in the following scenarios: 1. User U1 creates a Kerberos ticket file on a Secure Shell server system, S1. 2. The SSH server on S1 is set up for PAM_KERBEROS authentication. 3.
If you are using HP-UX Secure Shell on HP-UX 11i v1, HP recommends that you install the Strong Random Number Generator product as it significantly speeds up program initialization and execution time for some commands. HP-UX Secure Shell Resources For more information about Secure Shell, read the following: • • • • HTML and pdf versions at http://docs.hp.com ( Internet and Security Solutions) A README text version in the software at: /opt/ssh/README.hp The HP Instant Information CD OpenSSH at http://www.
Patch Requirements HP has tested HP-UX Secure Shell A.04.70.009, A.04.70.010, and A.04.70.011 with the Support Plus patches listed in Table 1-5. HP mandates that HP-UX 11i v1 customers must install these Support Plus patches.
NOTE: The PHCO_33215 patch fixes a PAM-related issue. Without this patch, pam_acct_mgmt returned success messages on locked accounts. With this patch, account management fails for locked accounts (this is the appropriate behavior). In order to log in using ssh, users must unlock their accounts. HP-UX Secure Shell Software Availability HP-UX Secure Shell is available on the following: • • • • • HP Software Depot at: http://www.software.hp.
8. Click Yes. The swinstall command loads the HP-UX Secure Shell files on the system in approximately 3 to 5 minutes. NOTE: The sshd daemon is preconfigured, and it is started after installation. The swinstall command installs HP-UX Secure Shell in the /opt/ssh/ directory. HP-UX Secure Shell and chroot Environments HP-UX Secure Shell versions A.04.70.009, A.04.70.010, and A.04.70.011 support chroot functionality for the ssh, sftp, and scp commands.
3 Is libwrap.a linked in HP-UX Secure Shell? Must I only configure hosts.allow and hosts.deny to use the access control provided by tcp_wrapper? Yes, thelibwrap.a archive library consisting of tcp_wrapper version 7.6-ipv6.4, is linked to HP-UX Secure Shell. You only need to configure hosts.allow and hosts.deny to use the access control provided by tcp_wrapper. 4 Is HP-UX Secure Shell vulnerable to the reported double free bug in the zlib compression algorithm documented at http://www.cert.
