HP-UX Secure Shell A.05.20.013, A.05.20.014, and A.05.20.015 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i Secure Shell Software

HP-UX Secure Shell A.05.20.013,

A.05.20.014, and A.05.20.015 Release

Notes

HP-UX 11i v1, HP-UX 11i v2, and HP-UX 11i v3

HP Part Number: 5900-0430

Published: September 2009

Summary of content (12 pages)

PAGE 1
HP-UX Secure Shell A.05.20.013, A.05.20.014, and A.05.20.
PAGE 2
Legal Notices Copyright 2009 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice.
PAGE 3
Table of Contents 1 HP-UX Secure Shell A.05.20.........................................................................................5 Announcement.......................................................................................................................................5 Secure Shell Versions on HP-UX............................................................................................................5 Support Notice........................................................................
PAGE 4
List of Tables 1-1 1-2 1-3 1-4 1-5 1-6 4 Availability of Secure Shell Versions on HP-UX ............................................................................5 Defects Fixed in OpenSSH5.2p1......................................................................................................6 Scenarios where pam_setcred Generates Error Messages..........................................................7 System Requirements for Installing HP-UX Secure Shell A.05.20......................................
PAGE 5
1 HP-UX Secure Shell A.05.20 This document discusses the most recent product information for HP-UX Secure Shell versions A.05.20.013, A.05.20.014, and A.05.20.015 that are supported on HP-UX 11i v1, HP-UX 11i v2, and HP-UX 11i v3 respectively. This document addresses the following topics: • • • • • • • • • • • • “Secure Shell Versions on HP-UX” (page 5) “New Features” (page 5) “Defects Fixed in OpenSSH5.2p1” (page 6) “Defects Fixed in HP-UX Secure Shell A.05.
PAGE 6
• • • HP-UX Secure Shell 5.2 supports the SOCKS4A protocol in ssh(1) dynamic (-D) forwards. HP-UX Secure Shell 5.2 supports remote port forwarding with a listen port 0, thereby ensuring the server dynamically allocates a listen port and reports it to the client. sshd(8) supports setting PermitEmptyPasswords and AllowAgentForwarding in match blocks. Support for the Sftpfilecontrol Patch HP-UX Secure Shell supports the Sftpfilecontrol patch.
PAGE 7
Known Problems and Workarounds Following are the known problems and workarounds in HP-UX Secure Shell A.05.20: • • Do NOT specify user specific information during configuration of host-based authentication. Host-based authentication supports only authentication of hosts. It does not allow user-specific authentication. When, user configures the host-based authentication with the following, # cat /etc/hosts.equivmyhost.mydomain.com specificuser, it allows the specificuser@myhost.mydomain.
PAGE 8
Table 1-3 Scenarios where pam_setcred Generates Error Messages (continued) • User UsePriv KeyServ Running Error Messages root no yes Permission denied non-root no yes Permission denied A Kerberos ticket on a Secure Shell server system gets inadvertently deleted in the following scenario: 1. User U1 creates a Kerberos ticket file on a Secure Shell server system, S1. 2. The SSH server on S1 is set up for PAM_KERBEROS authentication. 3.
PAGE 9
• • • The HP book HP-UX 11i Security by Chris Wong. Secure Shell FAQs at: http://www.employees.org/~satch/ssh/faq/ssh-faq.html Barrett, Daniel J. and Richard E. Silverman, 2005. SSH, The Secure Shell: The Definitive Guide. California: O’Reilly and Associates Inc., Prerequisites This section discusses the prerequisites for installing HP-UX Secure Shell A.05.20. System Requirements Table 1-4 lists the minimum system requirements for installing HP-UX Secure Shell A.05.20.
PAGE 10
NOTE: The standard HP-UX patch bundles are cumulative. If you do not find an older bundle, you can select the latest 11.11 release and use the latest version of the particular patch bundle. HP recommends that you install the libc, PAM and pthreads patches listed in Table 1-6 with HP-UX Secure Shell A.05.20.
PAGE 11
NOTE: The sshd daemon is pre-configured, and it is started after installation. The swinstall command installs HP-UX Secure Shell in the /opt/ssh/ directory. HP-UX Secure Shell and chroot Environments HP-UX Secure Shell version A.05.20 supports chroot functionality for the ssh, sftp, and scp commands. The chroot functionality is mainly used as an added security measure.
PAGE 12
This version of HP-UX Secure Shell is built with OpenSSL-0.9.8k and is not affected by these two CERTs. The vulnerabilities were fixed in OpenSSL-0.9.7d. 12 HP-UX Secure Shell A.05.