HP-UX Secure Shell A.05.10.006, A.05.10.007, and A.05.10.
Legal Notices Copyright 2008 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice.
Table of Contents 1 HP-UX Secure Shell A.05.10.006, A.05.10.007, and A.05.10.008..........................5 Announcement.......................................................................................................................................5 Secure Shell Versions on HP-UX............................................................................................................5 Support Notice.....................................................................................................
List of Tables 1-1 1-2 1-3 1-4 1-5 1-6 4 Availability of Secure Shell Versions on HP-UX ............................................................................5 Defects Fixed in OpenSSH5.1p1......................................................................................................7 Scenarios where pam_setcred Generates Error Messages.........................................................10 System Requirements for Installing HP-UX Secure Shell A.05.10.006, A.05.10.007, and A.05.10.008....
1 HP-UX Secure Shell A.05.10.006, A.05.10.007, and A.05.10.008 This document discusses the most recent product information for HP-UX Secure Shell Versions A.05.10.006, A.05.10.007, and A.05.10.008 that are supported on HP-UX 11i v1, HP-UX 11i v2, and HP-UX 11i v3. This document addresses the following topics: • • • • • • • • • • • • “Secure Shell Versions on HP-UX” (page 5) “New Features” (page 5) “Defects Fixed in OpenSSH5.1p1” (page 7) “Defects Fixed in HP-UX Secure Shell A.05.
• • • • • • • • • • • • • • • • • • • 6 rejection of changed host keys. sshd_config(5) now supports CIDR address/masklen matching in "Match address" blocks, with a fallback to classic wildcard matching. sshd(8) now supports CIDR matching in ~/.ssh/authorized_keys from="..." restrictions, also with a fallback to classic wildcard matching. sshd_config(5) now supports CIDR address/masklen matching in "Match address" blocks, with a fallback to classic wildcard matching.
• • Multiplexed ssh(1) sessions now support a subset of the ~ escapes that are available to a primary connection. ssh(1) connection multiplexing will now fall back to creating a new connection in most error cases. Support for the Sftpfilecontrol Patch HP-UX Secure Shell supports the Sftpfilecontrol patch. This patch enables administrators to set the umask on sftp sessions and to control whether the client may issue chown and chmod commands in an sftp session.
Table 1-2 Defects Fixed in OpenSSH5.1p1 (continued) Defect Identifier Defect Fix Bugzilla #1432 https://bugzilla.mindrot.org/show_bug.cgi?id=1432 Background Information: Fix MaxAuthTries tests to disallow a free authentication try to clients that skipped the protocol 2 "none" authentication method. Bugzilla #1433 https://bugzilla.mindrot.org/show_bug.
Defects Fixed in HP-UX Secure Shell A.05.10 HP-UX Secure Shell versions A.05.10.006, A.05.10.007, and A.05.10.008 include the following defect fixes: QXCR1000828125 Enhancement to include a global umask setting. Default umask value for sshd can be set via changing SSHD_UMASK variable in /etc/rc.config.d/sshd. No QXCR Enhancement to add TcpRcvBuf directive in sshd_config. Default TcpRcvBuf for sshd is 128K bytes. No QXCR Cannot get IP address for X11 DISPLAY because gethostbyname() in sshd fails. libwrap.
pam_setcred generates this message. These error messages appear during the scenarios listed in Table 1-3.
HP-UX Secure Shell Resources For more information about Secure Shell, read the following: • • • • HTML and pdf versions at http://docs.hp.com ( Internet and Security Solutions) A README text version in the software at: /opt/ssh/README.hp The HP Instant Information CD OpenSSH at http://www.openssh.com — FAQs, Mail List Archives, Security pages, manpages • • • • IETF at http://www.ietf.org/ (go to Working Groups > Security) The HP book HP-UX 11i Security by Chris Wong. Secure Shell FAQs at: http://www.
1. 2. 3. 4. 5. Go to the IT Resource Center (ITRC): http: //www.itrc.hp.com Choose the appropriate site: Americas/Asia-Pacific or European. Select maintenance and support for hp products. Select standard patch bundles - find patch bundles. Select HP-UX patch bundles. The standard HP-UX patch bundles index page lists the release dates for the current patch bundles. Selecting a specific release date provides you with a list of all the patch bundles released on that particular date.
3. 4. 5. 6. 7. 8. Run $ swinstall -s at the command prompt. In the Source Depot Path field, enter the drive mount point and click OK. Change theSource Host Name, if needed. Select T1471AA (for HP-UX 11i v1 or HP-UX 11i v2) or SecureShell (for HP-UX 11i v3) from the list of available software, and click Mark for Install on the Actions menu. Click Install on the Actions menu. Click OK in the Install Analysis window when the Status field displays a Ready message. Click Yes.
Yes, the libwrap.a archive library consisting of tcp_wrapper version 7.6-ipv6.4, is linked to HP-UX Secure Shell. You only need to configure hosts.allow and hosts.deny to use the access control provided by tcp_wrapper. 4 Is HP-UX Secure Shell vulnerable to the reported double free bug in the zlib compression algorithm documented at http://www.cert.org/advisories/CA-2002-07.html? All versions of HP-UX Secure Shell starting from A.03.10 are built with support for zlib-1.1.4 or later.
