HP-UX Secure Shell A.05.00.012, A.05.00.013, and A.05.00.
Legal Notices Copyright 2008 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice.
Table of Contents 1 HP-UX Secure Shell A.05.00.012, A.05.00.013, and A.05.00.014..................................................5 Announcement.....................................................................................................................5 Secure Shell Versions on HP-UX..........................................................................................5 Support Notice................................................................................................................
List of Tables 1-1 1-2 1-3 1-4 1-5 1-6 Availability of Secure Shell Versions on HP-UX ..........................................................5 Defects Fixed in OpenSSH5.0p1...................................................................................7 Scenarios where pam_setcred Generates Error Messages......................................10 System Requirements for Installing HP-UX Secure Shell A.05.00.012, A.05.00.013, and A.05.00.014...............................................................
1 HP-UX Secure Shell A.05.00.012, A.05.00.013, and A.05.00.014 This document discusses the most recent product information for HP-UX Secure Shell Versions A.05.00.012, A.05.00.013 and A.05.00.014 that are supported on HP-UX 11i v1, HP-UX 11i v2, and HP-UX 11i v3. This document addresses the following topics: • “Secure Shell Versions on HP-UX” (page 5) • “New Features” (page 6) • “Defects Fixed in OpenSSH5.0p1” (page 7) • “Defects Fixed in HP-UX Secure Shell A.05.00.012, A.05.00.013, and A.05.00.
New Features The following new features are introduced in OpenSSH5.0p1. HP-UX Secure Shell versions A.05.00.012, A.05.00.013, and A.05.00.014 are based on OpenSSH5.0p1 and include these new features: • • • • • • • • • • Added chroot support for the sshd daemon. This feature can be configured using the new ChrootDirectory option in the sshd_config file. Linked sftp-server with the sshd daemon.
server configuration directives (/opt/ssh/etc/sshd_config) related to Sftpfilecontrol are supported in this release: • #SftpUmask • #SftpPermitChmod yes • #SftpPermitChown yes This patch supersedes the sftplogging patch for HP-UX Secure Shell versions A.04.50 and higher. Defects Fixed in OpenSSH5.0p1 This section lists the defects fixed in OpenSSH5.0p1. HP-UX Secure Shell versions A.05.00.012, A.05.00.013, and A.05.00.014 are based on OpenSSH5.0p1 and include these defect fixes.
Table 1-2 Defects Fixed in OpenSSH5.0p1 (continued) Defect Identifier Defect Fix Bugzilla #1377 Clobbering of struct passwd from multiple getpwid calls, results in fatal errors inside tilde_expand_filename Bugzilla #1378 When using port forwarding, as long as one port is correct, the port forwarding operation works. This is incorrect behavior and occurs only when root uses ssh.
Known Problems and Workarounds Following are the known problems and workarounds in HP-UX Secure Shell A.05.00.012, A.05.00.013, and A.05.00.014: • OpenSSH 5.0p1 (on which the HP-UX Secure Shell versions A.05.00.012, A.05.00.013, and A.05.00.014 are based) uses server alive messages to determine whether the server is alive. However, this feature does not work properly. If ServerAliveCountMax and ServerAliveInterval is set, the connection does not disconnect if the threshold is reached.
pam_setcred: error Authentication failed pam_setcred: error Permission denied These messages appears only when the daemon is running in debug mode. These messages are not relevant to (and does not affect) HP-UX Secure Shell operations. The PAM function pam_setcred generates this message. These error messages appear during the scenarios listed in Table 1-3.
possible to link the /dev/log file to the /dev/log file, resulting in users not being able to view the subset of syslog messages. Workaround: There is no workaround for this problem. Users of chroot-ed HP-UX Secure Shell environments must be aware that a subset of messages written by the sshd daemon will not show up in syslog. HP-UX Secure Shell and the Strong Random Number Generator HP-UX Secure Shell requires that a random number generator be located on the system.
Table 1-4 System Requirements for Installing HP-UX Secure Shell A.05.00.012, A.05.00.013, and A.05.00.014. Component Requirement Operating System • HP-UX 11i v1 • HP-UX 11i v2 • HP-UX 11i v3 Hardware • HP/9000 servers • HP Integrity servers Disk Space Approximately 32MB of disk space Software Availability in Native Languages English only Patch Requirements HP has tested HP-UX Secure Shell A.05.00.012, A.05.00.013, and A.05.00.014 with the Support Plus patches listed in Table 1-5.
NOTE: The standard HP-UX patch bundles are cumulative. If you do not find an older bundle, you can select the latest 11.11 release and use the latest version of the particular patch bundle. HP recommends that you install the libc, PAM and pthreads patches listed in Table 1-6 with HP-UX Secure Shell A.05.00.012, A.05.00.013, and A.05.00.014.
1. 2. 3. 4. 5. 6. 7. 8. Log in as superuser. Insert the software CD into the appropriate drive if installing from the Application Release CD. If installing from http://software.hp.com, download the depot and use the swinstall directions provided on the Installation page where you downloaded the software. Run $ swinstall -s at the command prompt. In the Source Depot Path field, enter the drive mount point and click OK. Change theSource Host Name, if needed.
OpenSSH 5.0p1 is a free version of the SSH protocol suite of network connectivity tools that increasing numbers of people on the Internet are coming to rely on. OpenSSH supports SSH protocol versions 1.3, 1.5, and 2.0. HP-UX Secure Shell is a binary package compiled with support for PAM, gssapi, krb5, libwrap, and no support for Smartcard. HP-UX Secure Shell is built to install and un-install using the SD-UX utility and includes all required pre-requisites.
