Manualshelf

HP-UX Secure Shell A.05.20.004, A.05.20.005, and A.05.20.006 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i Secure Shell Software
12345678910
Known Problems and Workarounds
Following are the known problems and workarounds in HP-UX Secure Shell A.05.20:
Do NOT specify user specific information during configuration of host-based authentication.
Host-based authentication supports only authentication of hosts. It does not allow
user-specific authentication. When, user configures the host-based authentication with the
following, # cat /etc/hosts.equivmyhost.mydomain.com specificuser, it
allows the specificuser@myhost.mydomain.com to login into any local account on the
remote machine.
The base code of OpenSSH 5.2p1 and above supports logging of sftp transactions.
LogFacility and LogLevel options are added to sftp-server as command-line options
to log these transactions. As a result, the following directives are not supported in this release
of HP-UX Secure Shell:
#LogSftp no
#SftpLogFacility AUTH
#SftpLogLevel INFO
The following SMSE behavior is seen in this version of HP-UX Secure Shell:
Audit log messages show repeated entries for a user. This occurs because bad login attempts
are logged in the audit file. For example, a user trying Public key authentication with bad
RSA and DSA keys results in a bad login attempt for each key type. In such a scenario, the
audit log has the following entries:
SELF-AUDITING TEXT: User= root uid=0 ssh authentication method PUBKEY - failed
SELF-AUDITING TEXT: User= root uid=0 ssh authentication success - user logged in
SELF-AUDITING TEXT: User= root uid=0 ssh session open
For more information on HP-UX SMSE, see http://www.docs.hp.com/en/
internet.html#Security%20Containment
HP-UX Secure Shell user authentication using public-key fails in a server environment if
UsePAM is set to YES and pam.conf is set to PAM_LDAP.
Workaround: HP recommends the PAM_AUTHZ mechanism for HP-UX Secure Shell
environments that use public-key authentication with PAM_LDAP-based account
management.
On some systems, the following messages appears in the syslog.log file, when a user
logs out of a Secure Shell session:
pam_setcred: error Authentication failed
pam_setcred: error Permission denied
These messages appears only when the daemon is running in debug mode. These messages
are not relevant to (and does not affect) HP-UX Secure Shell operations. The PAM function
pam_setcred generates this message. These error messages appear during the scenarios
listed in Table 1-3.
Table 1-3 Scenarios where pam_setcred Generates Error Messages
Error MessagesKeyServ RunningUsePrivUser
Permission deniednoyesroot
Authentication failednoyesnon-root
Permission deniednonoroot
Permission deniednononon-root
Permission deniedyesyesroot
No messageyesyesnon-root
Known Problems and Workarounds 7