HP-UX Secure Shell A.05.60.001, A.05.60.002, and A.05.60.003 Release Notes, October 2010 (5900-1115)

ManualsBrandsHP ManualsSoftwareHP-UX 11i Secure Shell Software

HP-UX Secure Shell A.05.60.001,

A.05.60.002, and A.05.60.003 Release

Notes

HP-UX 11i V1, HP-UX 11i V2, and HP-UX 11i V3

HP Part Number: 5900-1115

Published: October 2010

Summary of content (18 pages)

PAGE 1
HP-UX Secure Shell A.05.60.001, A.05.60.002, and A.05.60.
PAGE 2
Legal Notices Copyright 2010 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice.
PAGE 3
Table of Contents 1 HP-UX Secure Shell A.05.60.........................................................................................7 Announcement.......................................................................................................................................7 Secure Shell Versions on HP-UX............................................................................................................8 Support Notice........................................................................
PAGE 4
List of Tables 1-1 1-2 1-3 1-4 1-5 1-6 1-7 4 Availability of Secure Shell Versions on HP-UX ............................................................................8 Defects Fixed in OpenSSH 5.6p1...................................................................................................10 Scenarios where pam_setcred Generates Error Messages.........................................................11 HP-UX Secure Shell Commands.....................................................................
PAGE 5
List of Examples 1-1 1-2 1-3 Public key authentication With Bad RSA and DSA Keys.............................................................11 Public Key Authentication With Bad RSA and Correct DSA Keys...............................................11 Wrong Typing of a Password........................................................................................................
PAGE 6
PAGE 7
1 HP-UX Secure Shell A.05.60 This document discusses the most recent product information for HP-UX Secure Shell versions A.05.60.001, A.05.60.002, and A.05.60.003 that are supported on HP-UX 11i V1, HP-UX 11i V2, and HP-UX 11i V3 respectively. This document addresses the following topics: • • • • • • • • • • • • “Secure Shell Versions on HP-UX” (page 8) “New Features” (page 8) “Defects Fixed in OpenSSH 5.6p1” (page 9) “Defects Fixed in HP-UX Secure Shell A.05.
PAGE 8
Secure Shell Versions on HP-UX Table 1-1 lists the versions of HP-UX Secure Shell products available for HP-UX 11i V1, HP-UX 11i V2, and HP-UX 11i V3. Table 1-1 Availability of Secure Shell Versions on HP-UX Supported Operating System Version HP-UX 11i V1 HP-UX Secure Shell version A.05.60.001 HP-UX 11i V2 HP-UX Secure Shell version A.05.60.002 HP-UX 11i V3 HP-UX Secure Shell version A.05.60.
PAGE 9
• sshd(8) enabled to support indirection in matching of principal names listed in certificates. By default, if a certificate has an embedded principals list then the username on the server must match one of the names in the list for it to be accepted for authentication. sshd(8) now has a new AuthorizedPrincipalsFile option to specify a file containing a list of names that may be accepted in place of the username when authorizing a certificate trusted via the sshd_config(5) TrustedCAKeys option.
PAGE 10
Table 1-2 Defects Fixed in OpenSSH 5.6p1 Defect Identifier Defect Fix Bugzilla #1535 Background Information: SSHFS causes link() to return ENOSYS, if someone writes the necessary code to interface the sshfs userspace program(s) with HP-UX kernel, SSHFS works on HP-UX. Accept ENOSYS as a fallback error when attempting atomic rename(). Bugzilla #1639 Background Information: Search the path for the krb5-config file if the prefix was not specified. Fix detection of krb5-config.
PAGE 11
Example 1-1 Public key authentication With Bad RSA and DSA Keys A user trying Public key authentication with bad RSA and DSA keys results in a bad login attempt for each key type.
PAGE 12
• A Kerberos ticket on a Secure Shell server system gets inadvertently deleted in the following scenario: 1. User U1 creates a Kerberos ticket file on a Secure Shell server system, S1. 2. The SSH server on S1 is set up for PAM_KERBEROS authentication. 3. User U1 now remotely connects to the SSH instance on S1 using public-key authentication. 4. User U1 exits. The kinit-generated ticket file created in Step 1 gets deleted when the user exits the Secure Shell session.
PAGE 13
• • Secure Shell FAQs at: http://www.employees.org/~satch/ssh/faq/ssh-faq.html Barrett, Daniel J. and Richard E. Silverman, 2005. SSH, The Secure Shell: The Definitive Guide. California: O’Reilly and Associates Inc., HP-UX Secure Shell Commands Table 1-4 lists the HP-UX Secure Shell commands and provides a brief description of each. For more information, refer to the manpage for each command.
PAGE 14
Table 1-6 Support Plus Patches for HP-UX Secure Shell on HP-UX Operating Systems Operating System Recommended Support Plus Patch HP-UX 11i V1 December 2002 Support Plus release / media HP-UX 11i V2 No Support Plus patch required HP-UX 11i V3 No Support Plus patch required The standard HP-UX patch bundles index page lists the release dates for the current patch bundles. Selecting a specific release date provides you with a list of all the patch bundles released on that particular date.
PAGE 15
2. 3. 4. 5. 6. 7. 8. Insert the software CD into the appropriate drive if installing from the Application Release CD. If installing from http://software.hp.com, download the depot and use the swinstall directions provided on the Installation page where you downloaded the software. Run $ swinstall -s at the command prompt. In the Source Depot Path field, enter the drive mount point and click OK. Change theSource Host Name, if needed.
PAGE 16
4 5 6 What are the supported features? HP-UX Secure Shell supports both SSH-1 and SSH-2 protocols. HP recommends not to use SSH-1 to avoid the risk of an insertion attack. Does HP-UX Secure Shell support Smart Card authentication? No. HP-UX Secure Shell is compiled without smart card support. Will HP support recompiled versions of HP-UX Secure Shell? The source code is provided for reference only. HP does not support recompiled versions.
PAGE 17
If sshd runs in debug mode (-d), logging goes to standard error instead of to syslog.
PAGE 18
— — #define HAVE_MD5_PASSWORDS 1 #undef SMARTCARD • Options defined in ssh.