Manualshelf

HP-UX Secure Shell A.05.80.001, A.05.80.002, and A.05.80.003 Release Notes, May 2011 (5900-1754)

ManualsBrandsHP ManualsSoftwareHP-UX 11i Secure Shell Software
6789101112131415
LIBPAM=-lpam
LIBWRAP=-lwrap
20 As Cisco routers and switches are enabled with SSH-1 and use only DES, how do I configure
HP-UX Secure Shell to work with CISCO SSH-1?
By default SSH-1 is disabled in ssh_config. To enable SSH-1, either modify the configuration
file or override the protocol on the command line. The client supports DES but the server does
not support DES. Issue the following command to enable SSH-1:
# ssh -1 -c des
21 When two systems are separated by a firewall, can I use a HP-UX Secure Shell connection to
'swinstall' (SD-UX) to a system in a secure way?
Yes, there is a workaround to secure communication. HP-UX Secure Shell uses one connection
for communication. SD-UX uses more than one connection. SD-UX first checks the system it is
running on and then the system you are trying to talk to. SD-UX may then use UDP, which is
not supported by HP-UX Secure Shell . A workaround to secure the communication in HP-UX
Secure Shell is to use a depot file (created usign swpackage). Use either sftp or scp to copy
the depot file to the local machine and then use swinstall locally with the depot file. In this
scenario, the network traffic is secure. However, ensure you get the correct depot file manually
and do not allow SD to select an inappropriate for your OS.
22 What is chroot? What is the procedure for setup of chroot? How does it work? Where is chroot
supported in Secure Shell
The chroot functionality is an added security measure. It enables an application to start in a
specified directory, restricts all its users to access that directory and the directories below it,
and prevents the user from doing a cd above that specified directory. It allows restricted file
and directory access to users of that application. Chroot is not an end-user feature. The system
administrator must enable the chroot functionality for an application. All users of that application
will automatically be subject to the restrictions imposed by chroot. For chroot to take effect,
the administrator must create new directories and copy the relevant set of files to the new
directories. Configuration for chroot can also be done using the script provided with the depot.
For A.04.30.004/005 release or later, this script [ssh_chroot_setup.sh] is available in
/opt/ssh/utils directory instead of /opt/ssh.
Frequently Asked Questions (FAQ) 15