HP-UX Secure Shell A.05.60.001, A.05.60.002, and A.05.60.003 Release Notes, October 2010 (5900-1115)
4 What are the supported features?
HP-UX Secure Shell supports both SSH-1 and SSH-2 protocols. HP recommends not to use
SSH-1 to avoid the risk of an insertion attack.
5 Does HP-UX Secure Shell support Smart Card authentication?
No. HP-UX Secure Shell is compiled without smart card support.
6 Will HP support recompiled versions of HP-UX Secure Shell?
The source code is provided for reference only. HP does not support recompiled versions.
The following archive libraries are not provided with the code:
• zlib v1.2.3
• OpenSSL v0.9.8o
• tcp_wrappers_7.6-ipv6.4 (source code provided, no library)
7 What are the limitations of this product?
Secure Shell is not a true shell like UNIX Bourne Shell or C Shell. Therefore, it does not
provide complete security solutions.
8 Does installing HP-UX Secure Shell require a kernel rebuild?
No. HP-UX Secure Shell is an application level protocol and does not require a kernel rebuild
or system reboot.
9 How can I remove HP-UX Secure Shell?
Use swremove to remove the product.
10 How does HP-UX Secure Shell perform?
Compared to the conventional file transfer, scp is two to three times slower than rcp. As
Secure Shell authenticates both the server and the users, and encrypts both the data and the
password, sftp is two to three times slower than ftp.
HP recommends using /dev/random on your system to significantly speed-up program
initialization. HP is continually striving for performance enhancements for future releases.
11
Does HP-UX Secure Shell support rdist or rsync?
No. HP-UX Secure Shell cannot be specified as the connection mechanism to HP's rdist.
HP has not officially certified Secure Shell with the open source versions of rdist or rsync.
12 Does HP-UX Secure Shell support the DenyHosts parameter?
No. For access control, HP-UX Secure Shell does not support the DenyHosts, AllowHosts,
DenySHosts, and IgnoreRootRhosts parameters. However, HP-UX Secure Shell does support
the AllowUsers, DenyUsers, AllowGroups, DenyGroups parameters.
13 How can I configure HP-UX Secure Shell to allow multiple users (more clients) access to an
SFTP server using one login and encrypt the connection?
Use public key authentication. Each local user gets a pair of public and private keys. All the
public keys are added to the ~/.ssh/authorized_keys file of a single user on the remote machine.
Each local user can then issue the sftp command and log in as the remote user. All local users
share access to the remote user. Remember that all local users can also use ssh to access the
remote user.
14 What diagnostic tools does HP-UX Secure Shell have? Where can I find error messages, log
files, and so on?
HP-UX Secure Shell logs debug and error messages using syslog. Logging is controlled by
two configuration keywords: SyslogFacility and LogLevel.
Use the appropriate syslog log levels (QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG)
to gather more information about error scenarios. As defined by sshd_config, the default for
syslogFacility is set to AUTH and LogLevel is set to INFO, as in the following:
• #SyslogFacility AUTH
• #LogLevel INFO
16 HP-UX Secure Shell A.05.60