Manualshelf

HP-UX Secure Shell A.05.60.001, A.05.60.002, and A.05.60.003 Release Notes, October 2010 (5900-1115)

ManualsBrandsHP ManualsSoftwareHP-UX 11i Secure Shell Software
9101112131415161718
— #define HAVE_MD5_PASSWORDS 1
— #undef SMARTCARD
Options defined in ssh.h:
— #define SSH_DEFAULT_PORT 22
— #define SSH_SERVICE_NAME ssh
Options defined in makefile:
— prefix=/opt/ssh
— mandir=/opt/ssh/share/man
— piddir=/var/run
— PRIVSEP_PATH=/var/empty
— bindir=/opt/ssh/bin
— sbindir=/opt/ssh/sbin
— xauth_path=/usr/bin/X11/xauth
— sysconfdir=/opt/ssh/etc
— LIBPAM=-lpam
— LIBWRAP=-lwrap
20 Since Cisco routers and switches are enabled with SSH-1 and use only DES, how do I configure
HP-UX Secure Shell to work with CISCO SSH-1?
By defaultm SSH-1 is disabled in ssh_config. To enable SSH-1, either modify the configuration
file or override the protocol on the command line. The client supports DES but the server
does not support DES. Issue the following command to enable SSH-1:
# ssh -1 -c des
21 When two systems are separated by a firewall, can I use a Secure Shell connection to 'swinstall'
(SD-UX) to a system in a secure way?
Yes, there is a workaround to secure communication. HP-UX Secure Shell uses one connection
for communication. SD-UX uses more than one connection. SD-UX first checks what system
it is running on and what system you are trying to talk to. SD-UX may then use UDP, which
HP-UX Secure Shell does not support. A workaround to secure the communication in HP-UX
Secure Shell is to use a depot file (created usign swpackage). Use either sftp or scp to copy
the depot file to the local machine and then use swinstall locally with the depot file. In this
scenario, the network traffic is secure. However, ensure you get the correct depot file manually
and do not allow SD to choose one that is appropriate for your OS.
22 What is chroot? What is the procedure for setup of chroot? How does it work? Where is
chroot supported in Secure Shell
The chroot functionality is an added security measure. It enables an application to start in a
specified directory, restricts all its users to accessing that directory and the directories below
it, and prevents the user from doing a cd above that specified directory. It is intended to
allow restricted file and directory access to users of that application. Chroot is not an end-user
feature. The system administrator must enable the chroot functionality for an application.
All users of that application will automatically be subject to the restrictions imposed by
chroot. For chroot to take effect, the administrator will need to create new directories and
copy the relevant set of files to the new directories. Configuration for chroot can also be done
with the script given with the depot. For A.04.30.004/005 release or later, this script
[ssh_chroot_setup.sh] is available in /opt/ssh/utils directory instead of /opt/ssh.
18 HP-UX Secure Shell A.05.60