Manualshelf

HP-UX Secure Shell A.04.70.009, A.04.70.010, and A.04.70.011 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i Secure Shell Software
78910111213141516
Table 1-3 Scenarios where pam_setcred Generates Error Messages (continued)
Error MessagesKeyServ RunningUsePrivUser
No messageyesyesnon-root
Permission deniedyesnoroot
Permission deniedyesnonon-root
A Kerberos ticket on a Secure Shell server system gets inadvertently deleted in the
following scenarios:
1. User U1 creates a Kerberos ticket file on a Secure Shell server system, S1.
2. The SSH server on S1 is set up for PAM_KERBEROS authentication.
3. User U1 now remotely connects to the SSH instance on S1 using public-key
authentication.
4. User U1 exits.
The kinit-generated ticket file created in Step 1 gets deleted when the user exits
the Secure Shell session.
Workaround: Create the Kerberos ticket file (Step 1) in a non-default location and
selectively communicate this file name to Secure Shell processes using the
KRB5CCNAME environment variable.
The chroot functionality does not work if the UseLogin configuration directive
in sshd_config is set to YES.
In a chroot-ed environment, users do not see a subset of syslog messages. HP-UX
Secure Shell writes syslog messages at the time of authentication and when the
session is terminated. The syslogd daemon reads the syslog messages written
by all subsystems and reports it to the /dev/log file. In a chroot-ed environment,
the sshd daemon writes its syslog messages to <newroot>/dev/log. It is not
possible to link the <newroot>/dev/log file to the /dev/log file, resulting in
users not being able to view the subset of syslog messages.
Workaround: There is no workaround for this problem. Users of chroot-ed HP-UX
Secure Shell environments must be aware that a subset of messages written by the
sshd daemon will not show up in syslog.
HP-UX Secure Shell and the Strong Random Number Generator
HP-UX Secure Shell requires that a random number generator be located on the system.
It searches for /dev/urandom and /dev/random (in that sequence) on the system
and uses the first device it finds. If it fails to locate these two devices, HP-UX Secure
Shell uses its own internal random number generator program. The /dev/urandom
and /dev/random devices are available by default on HP-UX 11i v2 and HP-UX 11i
v3 systems. These devices can also be obtained for HP-UX 11i v1 by downloading and
installing the HP-UX Strong Random Number Generator from http://software.hp.com.
HP-UX Secure Shell and the Strong Random Number Generator 11