Manualshelf

HP-UX Secure Shell A.05.60.001, A.05.60.002, and A.05.60.003 Release Notes, October 2010 (5900-1115)

ManualsBrandsHP ManualsSoftwareHP-UX 11i Secure Shell Software
9101112131415161718
Example 1-1 Public key authentication With Bad RSA and DSA Keys
A user trying Public key authentication with bad RSA and DSA keys results in a bad login
attempt for each key type. In such a scenario, the audit log has the following entries:
SELF-AUDITING TEXT: User= root uid=0 ssh authentication method PUBKEY - failed
SELF-AUDITING TEXT: User= root uid=0 ssh authentication success - user logged in
SELF-AUDITING TEXT: User= root uid=0 ssh session open
Example 1-2 Public Key Authentication With Bad RSA and Correct DSA Keys
A user trying Public Key Authentication with bad RSA and correct DSA keys results in one
bad login for RSA. In such a scenario, the audit logs only one entry, as follows:
SELF-AUDITING TEXT: User= root uid=0 ssh authentication method PUBKEY - failed
SELF-AUDITING TEXT: User= root uid=0 ssh authentication success - user logged in
SELF-AUDITING TEXT: User= root uid=0 ssh session open
Example 1-3 Wrong Typing of a Password
If the user wrongly types a password and it results in authentication failure, then the failure
is considered a bad login. All such bad logins result in separate entries in the audit file.
For more information on HP-UX SMSE, see http://www.hp.com/go/hpux-security-docs
HP-UX Secure Shell user authentication using public-key fails in a server environment if
UsePAM is set to YES and pam.conf is set to PAM_LDAP.
Workaround: HP recommends the PAM_AUTHZ mechanism for HP-UX Secure Shell
environments that use public-key authentication with PAM_LDAP-based account
management.
On some systems, the following messages appears in the syslog.log file, when a user
logs out of a Secure Shell session:
pam_setcred: error Authentication failed
pam_setcred: error Permission denied
These messages appears only when the daemon is running in debug mode. These messages
are not relevant to (and does not affect) HP-UX Secure Shell operations. The PAM function
pam_setcred generates this message. These error messages appear during the scenarios
listed in Table 1-3.
Table 1-3 Scenarios where pam_setcred Generates Error Messages
Error MessagesKeyServ RunningUsePrivUser
Permission deniednoyesroot
Authentication failednoyesnon-root
Permission deniednonoroot
Permission deniednononon-root
Permission deniedyesyesroot
No messageyesyesnon-root
Permission deniedyesnoroot
Permission deniedyesnonon-root
Known Problems and Workarounds 11