HP-UX Secure Shell A.05.10.045, A.05.10.046, and A.05.10.
Legal Notices Copyright 2009 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice.
Table of Contents 1 HP-UX Secure Shell A.05.10.045, A.05.10.046, and A.05.10.047.........................5 Announcement.......................................................................................................................................5 Secure Shell Versions on HP-UX............................................................................................................5 Support Notice......................................................................................................
List of Tables 1-1 1-2 1-3 1-4 1-5 1-6 4 Availability of Secure Shell Versions on HP-UX ............................................................................5 Defects Fixed in OpenSSH5.1p1......................................................................................................6 Scenarios where pam_setcred Generates Error Messages.........................................................10 System Requirements for Installing HP-UX Secure Shell A.05.10.045, A.05.10.046, and A.05.10.047....
1 HP-UX Secure Shell A.05.10.045, A.05.10.046, and A.05.10.047 This document discusses the most recent product information for HP-UX Secure Shell Versions A.05.10.045, A.05.10.046, and A.05.10.047 that are supported on HP-UX 11i v1, HP-UX 11i v2, and HP-UX 11i v3. This document addresses the following topics: • • • • • • • • • • • • “Secure Shell Versions on HP-UX” (page 5) “New Features” (page 5) “Defects Fixed in OpenSSH5.1p1” (page 6) “Defects Fixed in HP-UX Secure Shell A.05.
• • • OpenSSH 5.1 is now linked with OpenSSL A.00.09.8j instead of A.00.09.7m You can use the TPM chip on the system hardware to secure the host key. See the TCS page at http://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=TCS for details on how to configure HP-UX Secure Shell to do this. You can use HP-UX Secure Shell with the latest audit enhancments on 11iv3. See: http:// h20392.www2.hp.com/portal/swdepot/displayProductInfo.
Table 1-2 Defects Fixed in OpenSSH5.1p1 (continued) Defect Identifier Defect Fix Bugzilla #1384 https://bugzilla.mindrot.org/show_bug.cgi?id=1384 Background Information: Make ssh(1) deal more gracefully with channel requests that fail. Previously it would optimistically assume that requests would always succeed, which could cause hangs if they did not (e.g. when the server runs out of file descriptors) Bugzilla #1432 https://bugzilla.mindrot.org/show_bug.
Table 1-2 Defects Fixed in OpenSSH5.1p1 (continued) Defect Identifier Defect Fix ssh(1) will now exit with a non-zero exit status if ExitOnForwardFailure was set and forwardings were disabled due to a failed host key check. Background Information: Since OpenSSH5.1, if host key changes, ssh adds the code to deal with the situation that ExitOnForwardFailure was set and forwarding was disabled. sshd(8) has been audited to eliminate fd leaks and calls to fatal() in conditions of file descriptor exhaustion.
No QXCR A new sever configuration parameter OldChrootBehaviour is added to allow user of pre version 5.0 chroot to work with version 5.1 chroot function. The default value of OldChrootBehaviour is no. QXCR1000863953 The sshd daemon loops when user's group requires NIS lookup. This defect is fixed. QXCR1000863756 An additional file, orderofscript.txt, is created in the root directory after installation. This defect is fixed.
These messages appears only when the daemon is running in debug mode. These messages are not relevant to (and does not affect) HP-UX Secure Shell operations. The PAM function pam_setcred generates this message. These error messages appear during the scenarios listed in Table 1-3.
recommends that you install the Strong Random Number Generator product as it significantly speeds up program initialization and execution time for some commands. HP-UX Secure Shell Resources For more information about Secure Shell, read the following: • • • • HTML and pdf versions at http://docs.hp.com ( Internet and Security Solutions) A README text version in the software at: /opt/ssh/README.hp The HP Instant Information CD OpenSSH at http://www.openssh.
The HP-UX 11i v1 (B.11.11) Support Plus release media contains the standard HP-UX patch bundles, which are also available on the HP IT Resource Center Web site. The HP-UX 11i v1 (B.11.11) Support Plus release media for December 2002 also contains the required patches. If you do not have access to the media, complete the following steps: 1. 2. 3. 4. 5. Go to the IT Resource Center (ITRC): http: //www.itrc.hp.com Choose the appropriate site: Americas/Asia-Pacific or European.
1. 2. 3. 4. 5. 6. 7. 8. Log in as superuser. Insert the software CD into the appropriate drive if installing from the Application Release CD. If installing from http://software.hp.com, download the depot and use the swinstall directions provided on the Installation page where you downloaded the software. Run $ swinstall -s at the command prompt. In the Source Depot Path field, enter the drive mount point and click OK. Change theSource Host Name, if needed.
3 Is libwrap.a linked in HP-UX Secure Shell? Must I only configure hosts.allow and hosts.deny to use the access control provided by tcp_wrapper? Yes, the libwrap.a archive library consisting of tcp_wrapper version 7.6-ipv6.4, is linked to HP-UX Secure Shell. You only need to configure hosts.allow and hosts.deny to use the access control provided by tcp_wrapper. 4 Is HP-UX Secure Shell vulnerable to the reported double free bug in the zlib compression algorithm documented at http://www.cert.
