HP-UX Secure Shell A.05.10.006,A.05.10.007, and A.05.10.008 Release Notes HP-UX 11i v1, 11i v2, and 11i v3

ManualsBrandsHP ManualsSoftwareHP-UX 11i Secure Shell Software

Defects Fixed in HP-UX Secure Shell A.05.10

HP-UX Secure Shell versions A.05.10.006, A.05.10.007, and A.05.10.008 include the following

defect fixes:

QXCR1000828125 Enhancement to include a global umask setting. Default umask value for

sshd can be set via changing SSHD_UMASK variable in

/etc/rc.config.d/sshd.

No QXCR Enhancement to add TcpRcvBuf directive in sshd_config. Default

TcpRcvBuf for sshd is 128K bytes.

No QXCR

Cannot get IP address for X11 DISPLAY because gethostbyname() in

sshd fails. libwrap.a static library overrides the

"yp_get_default_domain" API of libnsl.so. Built a new libwrap.a

which use the "yp_get_default_domain" of libnsl.so.

Known Problems and Workarounds

Following are the known problems and workarounds in HP-UX Secure Shell A.05.10:

• Do NOT specify user specific information during configuration of host-based authentication.

Host-based authentication supports only authentication of hosts. It does not allow

user-specific authentication. When, user configures the host-based authentication with the

following, # cat /etc/hosts.equiv myhost.mydomain.com specificuser, it

allows the specificuser@myhost.mydomain.com to login into any local account on the

remote machine.

• The base code of OpenSSH 5.1p1 and above supports logging of sftp transactions.

LogFacility and LogLevel options are added to sftp-server as command-line options

to log these transactions. As a result, the following directives are not supported in this release

of HP-UX Secure Shell:

— #LogSftp no

— #SftpLogFacility AUTH

— #SftpLogLevel INFO

• The following SMSE behavior is seen in this version of HP-UX Secure Shell:

Audit log messages show repeated entries for a user. This occurs because bad login attempts

are logged in the audit file. For example, a user trying Public key authentication with bad

RSA and DSA keys results in a bad login attempt for each key type. In such a scenario, the

audit log has the following entries:

SELF-AUDITING TEXT: User= root uid=0 ssh authentication method PUBKEY - failed

SELF-AUDITING TEXT: User= root uid=0 ssh authentication success - user logged in

SELF-AUDITING TEXT: User= root uid=0 ssh session open

For more information on HP-UX SMSE, see http://www.docs.hp.com/en/

internet.html#Security%20Containment

• HP-UX Secure Shell user authentication using public-key fails in a server environment if

UsePAM is set to YES and pam.conf is set to PAM_LDAP.

Workaround: HP recommends the PAM_AUTHZ mechanism for HP-UX Secure Shell

environments that use public-key authentication with PAM_LDAP-based account

management.

• On some systems, the following messages appears in the syslog.log file, when a user

logs out of a Secure Shell session:

pam_setcred: error Authentication failed

pam_setcred: error Permission denied

These messages appears only when the daemon is running in debug mode. These messages

are not relevant to (and does not affect) HP-UX Secure Shell operations. The PAM function

Defects Fixed in HP-UX Secure Shell A.05.10 9