HP-UX Secure Shell A.05.10.045, A.05.10.046, and A.05.10.047 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i Secure Shell Software

No QXCR

A new sever configuration parameter OldChrootBehaviour is added

to allow user of pre version 5.0 chroot to work with version 5.1 chroot

function. The default value of OldChrootBehaviour is no.

QXCR1000863953 The sshd daemon loops when user's group requires NIS lookup. This

defect is fixed.

QXCR1000863756

An additional file, orderofscript.txt, is created in the root directory

after installation. This defect is fixed.

QXCR1000861413 The audit function under trusted mode on HP–UX 11i v1 and v2 is fixed.

No QXCR Secure Shell is enhanced to add TcpRcvBuf directive in the sshd_config

file.

QXCR1000828125 Secure Shell is enhanced to include a global umask setting. The default

umask value for sshd can be set by changing the SSHD_UMASK variable

in the /etc/rc.config.d/sshd file.

No QXCR Cannot obtain an IP address for X11 DISPLAY because the

gethostbyname() function in the sshd daemon fails. This defect is fixed.

Known Problems and Workarounds

Following are the known problems and workarounds in HP-UX Secure Shell A.05.10:

• Do NOT specify user specific information during configuration of host-based authentication.

Host-based authentication supports only authentication of hosts. It does not allow

user-specific authentication. When, user configures the host-based authentication with the

following, # cat /etc/hosts.equiv myhost.mydomain.com specificuser, it

allows the specificuser@myhost.mydomain.com to login into any local account on the

remote machine.

• The base code of OpenSSH 5.1p1 and above supports logging of sftp transactions.

LogFacility and LogLevel options are added to sftp-server as command-line options

to log these transactions. As a result, the following directives are not supported in this release

of HP-UX Secure Shell:

— #LogSftp no

— #SftpLogFacility AUTH

— #SftpLogLevel INFO

• The following SMSE behavior is seen in this version of HP-UX Secure Shell:

Audit log messages show repeated entries for a user. This occurs because bad login attempts

are logged in the audit file. For example, a user trying Public key authentication with bad

RSA and DSA keys results in a bad login attempt for each key type. In such a scenario, the

audit log has the following entries:

SELF-AUDITING TEXT: User= root uid=0 ssh authentication method PUBKEY - failed

SELF-AUDITING TEXT: User= root uid=0 ssh authentication success - user logged in

SELF-AUDITING TEXT: User= root uid=0 ssh session open

For more information on HP-UX SMSE, see http://www.docs.hp.com/en/

internet.html#Security%20Containment

• HP-UX Secure Shell user authentication using public-key fails in a server environment if

UsePAM is set to YES and pam.conf is set to PAM_LDAP.

Workaround: HP recommends the PAM_AUTHZ mechanism for HP-UX Secure Shell

environments that use public-key authentication with PAM_LDAP-based account

management.

• On some systems, the following messages appears in the syslog.log file, when a user

logs out of a Secure Shell session:

pam_setcred: error Authentication failed

pam_setcred: error Permission denied

Known Problems and Workarounds 9