HP-UX Secure Shell A.05.50.013, A.05.50.014, and A.05.50.
Legal Notices Copyright 2010 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice.
Table of Contents 1 HP-UX Secure Shell A.05.50.013, A.05.50.014, and A.05.50.015.........................5 Announcement.......................................................................................................................................5 Secure Shell versions on HP-UX.............................................................................................................5 Support notice.....................................................................................................
List of Tables 1-1 1-2 1-3 1-4 1-5 4 Availability of Secure Shell versions on HP-UX.............................................................................5 Scenarios where pam_setcred generates error messages............................................................7 System requirements for installing HP-UX Secure Shell A.05.50...................................................8 Support Plus patches for HP-UX Secure Shell on HP-UX operating systems................................
1 HP-UX Secure Shell A.05.50.013, A.05.50.014, and A.05.50.015 This document discusses the most recent product information for HP-UX Secure Shell versions A.05.50.013, A.05.50.014, and A.05.50.015 that are supported on HP-UX 11i v1, HP-UX 11i v2, and HP-UX 11i v3 respectively. This document addresses the following topics: • • • • • • • • • • • “Secure Shell versions on HP-UX” (page 5) “New features” (page 5) “Defects fixed in OpenSSH5.
Defects fixed in OpenSSH5.5p1 The HP-UX Secure Shell version A.05.50 is based on OpenSSH 5.5p1 and includes some new defect fixes. For more information on these defect fixes, see the Bugzilla Website at: http://bugzilla.mindrot.org. Known problems and workarounds Following are the known problems and workarounds in HP-UX Secure Shell A.05.50: • • In this release, HP-UX Secure Shell does not support the option " HostCertificate" in sshd_config to do the "HostbasedAuthentication".
Table 1-2 Scenarios where pam_setcred generates error messages • User UsePriv KeyServ Running Error Messages root yes no Permission denied non-root yes no Authentication failed root no no Permission denied non-root no no Permission denied root yes yes Permission denied non-root yes yes No message root no yes Permission denied non-root no yes Permission denied A Kerberos ticket on a Secure Shell server system gets inadvertently deleted in the following scenario: — User U
HP-UX Secure Shell resources For more information about Secure Shell, read the following: • • • • HTML and PDF versions at Business Support Center ( Manuals) A README text version in the software at: /opt/ssh/README.hp The HP Instant Information CD OpenSSH at http://www.openssh.com — FAQs, Mail List Archives, Security pages, manpages • • • • IETF at http://www.ietf.org/ (go to Working Groups > Security) The HP book HP-UX 11i Security by Chris Wong. Secure Shell FAQs at: http://www.employees.
5. Select HP-UX patch bundles. The standard HP-UX patch bundles index page lists the release dates for the current patch bundles. Selecting a specific release date provides you with a list of all the patch bundles released on that particular date. NOTE: The standard HP-UX patch bundles are cumulative. If you do not find an older bundle, you can select the latest HP-UX release and use the latest version of the particular patch bundle.
6. 7. 8. Click Install on the Actions menu. Click OK in the Install Analysis window when the Status field displays a Ready message. Click Yes. The swinstall command loads the HP-UX Secure Shell files on the system in approximately 3 to 5 minutes. NOTE: The sshd daemon is pre-configured, and it is started after installation. The swinstall command installs HP-UX Secure Shell in the /opt/ssh/ directory. HP-UX Secure Shell and chroot environments HP-UX Secure Shell version A.05.
5 Is HP-UX Secure Shell vulnerable to the following CERTs: http://cve.mitre.org/cgi-bin/ cvename.cgi?name=CAN-2003-0147 http://cve.mitre.org/cgi-bin/ cvename.cgi?name=CAN-2003-0131? This version of HP-UX Secure Shell is built with OpenSSL-0.9.8n and is not affected by these two CERTs. The vulnerabilities were fixed in OpenSSL-0.9.7d.
