Manualshelf

HP-UX Secure Shell A.05.00.012, A.05.00.013, and A.05.00.014 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i Secure Shell Software
12345678910
Known Problems and Workarounds
Following are the known problems and workarounds in HP-UX Secure Shell A.05.00.012,
A.05.00.013, and A.05.00.014:
OpenSSH 5.0p1 (on which the HP-UX Secure Shell versions A.05.00.012, A.05.00.013,
and A.05.00.014 are based) uses server alive messages to determine whether the
server is alive. However, this feature does not work properly. If
ServerAliveCountMax and ServerAliveInterval is set, the connection
does not disconnect if the threshold is reached.
Do not specify user specific information during configuration of hostbased
authentication. Host-based authentication supports only authentication of hosts.
It does not allow user-specific authentication. When a user configures host-based
authentication with the following commands:
# cat /etc/hosts.equiv
myhost.mydomain.com specificuser
It allows the specificuser@myhost.mydomain.com to login into any local
account on the remote machine.
OpenSSH 5.0p1 base code supports logging of sftp transactions. LogFacility
and LogLevel options are added to sftp-server as command-line options to log
these transactions. As a result, the following directives are not supported in this
release of HP-UX Secure Shell:
#LogSftp no
#SftpLogFacility AUTH
#SftpLogLevel INFO
The following SMSE behavior is seen in this version of HP-UX Secure Shell:
Audit log messages show repeated entries for a user. This occurs because bad login
attempts are logged in the audit file. For example, a user trying Public key
authentication with bad RSA and DSA keys results in a bad login attempt for each
key type. In such a scenario, the audit log has the following entries:
SELF-AUDITING TEXT: User= root uid=0 ssh authentication method PUBKEY - failed
SELF-AUDITING TEXT: User= root uid=0 ssh authentication success - user logged in
SELF-AUDITING TEXT: User= root uid=0 ssh session open
For more information on HP-UX SMSE, see
http://www.docs.hp.com/en/internet.html#Security%20Containment
HP-UX Secure Shell user authentication using public-key fails in a server
environment if UsePAM is set to YES and pam.conf is set to PAM_LDAP.
Workaround: HP recommends the PAM_AUTHZ mechanism for HP-UX Secure
Shell environments that use public-key authentication with PAM_LDAP-based
account management.
On some systems, the following messages appears in the syslog.log file, when
a user logs out of a Secure Shell session:
Known Problems and Workarounds 9