HP-UX Secure Shell A.05.50.013, A.05.50.014, and A.05.50.015 release notes (5900-0900), July 2010
Table Of Contents
- HP-UX Secure Shell A.05.50.013, A.05.50.014, and A.05.50.015 release notes
- Table of Contents
- 1 HP-UX Secure Shell A.05.50.013, A.05.50.014, and A.05.50.015
- Announcement
- Secure Shell versions on HP-UX
- New features
- Defects fixed in OpenSSH5.5p1
- Known problems and workarounds
- HP-UX Secure Shell and the Strong Random Number Generator
- HP-UX Secure Shell resources
- Prerequisites
- HP-UX Secure Shell software availability
- Installing HP-UX Secure Shell
- HP-UX Secure Shell and chroot environments
- Frequently asked questions (FAQ)
Defects fixed in OpenSSH5.5p1
The HP-UX Secure Shell version A.05.50 is based on OpenSSH 5.5p1 and includes some new
defect fixes.
For more information on these defect fixes, see the Bugzilla Website at: http://bugzilla.mindrot.org.
Known problems and workarounds
Following are the known problems and workarounds in HP-UX Secure Shell A.05.50:
• In this release, HP-UX Secure Shell does not support the option " HostCertificate" in
sshd_config to do the "HostbasedAuthentication".
• Do NOT specify user specific information during configuration of host-based authentication.
Host-based authentication supports only authentication of hosts. It does not allow
user-specific authentication. When, user configures the host-based authentication with the
following:
# cat /etc/hosts.equivmyhost.mydomain.com specificuser
it allows the specificuser@myhost.mydomain.com to login into any local account on
the remote machine.
• The base code of OpenSSH 5.5p1 and above supports logging of sftp transactions.
LogFacility and LogLevel options are added to sftp-server as command-line options
to log these transactions. As a result, the following directives are not supported in this release
of HP-UX Secure Shell:
— #LogSftp no
— #SftpLogFacility AUTH
— #SftpLogLevel INFO
• The following SMSE behavior is seen in this version of HP-UX Secure Shell:
Audit log messages show repeated entries for a user. This occurs because bad login attempts
are logged in the audit file. For example, a user trying Public key authentication with bad
RSA and DSA keys results in a bad login attempt for each key type. In such a scenario, the
audit log has the following entries:
SELF-AUDITING TEXT: User= root uid=0 ssh authentication method PUBKEY - failed
SELF-AUDITING TEXT: User= root uid=0 ssh authentication success - user logged in
SELF-AUDITING TEXT: User= root uid=0 ssh session open
For more information on HP-UX SMSE, see http://www.hp.com/go/hpux-security-docs
• HP-UX Secure Shell user authentication using public-key fails in a server environment if
UsePAM is set to YES and pam.conf is set to PAM_LDAP.
Workaround: HP recommends the PAM_AUTHZ mechanism for HP-UX Secure Shell
environments that use public-key authentication with PAM_LDAP-based account
management.
• On some systems, the following messages appears in the syslog.log file, when a user
logs out of a Secure Shell session:
pam_setcred: error Authentication failed
pam_setcred: error Permission denied
These messages appears only when the daemon is running in debug mode. These messages
are not relevant to (and does not affect) HP-UX Secure Shell operations. The PAM function
pam_setcred generates this message. These error messages appear during the scenarios
listed in Table 1-2.
6 HP-UX Secure Shell A.05.50.013, A.05.50.014, and A.05.50.015