HP-UX Secure Shell A.05.90.001, A.05.90.002, and A.05.90.
Legal Notices Copyright 2011, 2012 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice.
Contents 1 HP-UX Secure Shell A.05.90........................................................................4 Announcement.........................................................................................................................4 Secure Shell versions on HP-UX...................................................................................................5 Support notice.....................................................................................................................
1 HP-UX Secure Shell A.05.90 This document describes the most recent product information for HP-UX Secure Shell versions A.05.90.001, A.05.90.002, and A.05.90.003 that are supported on HP-UX 11i V1, HP-UX 11i V2, and HP-UX 11i V3 respectively. This document addresses the following topics: • “Secure Shell versions on HP-UX” (page 5) • “New features” (page 5) • “Defects fixed in OpenSSH 5.9p1” (page 5) • “Defects fixed in HP-UX Secure Shell A.05.
HP-UX Secure Shell version A.05.90 is built with the following libraries: • zlib V1.2.3 • OpenSSL V0.9.8t — For HP-UX 11i V3, OpenSSL is a shared library • TCP Wrappers V7.6-ipv6.4 Secure Shell versions on HP-UX Table 1 lists the versions of HP-UX Secure Shell products available for HP-UX 11i V1, HP-UX 11i V2, and HP-UX 11i V3. Table 1 Availability of Secure Shell Versions on HP-UX Supported Operating System Version HP-UX 11i V1 HP-UX Secure Shell version A.05.90.
Defects fixed in HP-UX Secure Shell A.05.90 • Fixed a bug to delete the kerberos credential cache file, displayed on session exit when ChallengeResponse is used with PAM_Kerberos. This fix also includes setting the correct owner of the cache files when UsePrivilegeSeparation=no. • Fixed a bug to support handling of "--" with exception to prepend only if the filename list entry starts with '-'. • Added a new sshd_config keyword to support 2000 X window pseudo-displays. The default is 1000.
Example 1 Public key authentication With Bad RSA, EDSA and DSA Keys If you try Public key authentication with bad RSA, EDSA and DSA keys, it results in a bad login attempt for each key type.
• A Kerberos ticket on a Secure Shell server system gets inadvertently deleted in the following scenario: 1. User U1 creates a Kerberos ticket file on a Secure Shell server system, S1. 2. The SSH server on S1 is set up for PAM_KERBEROS authentication. 3. User U1 now remotely connects to the SSH instance on S1 using public-key authentication. 4. User U1 exits. The kinit-generated ticket file created in Step 1 gets deleted when the user exits the Secure Shell session.
HP-UX and the strong random number generator HP-UX Secure Shell requires that a random number generator to be located on the system. It searches for /dev/urandom and /dev/random (in that sequence) on the system and uses the first device that it finds. The /dev/urandom and /dev/random devices are available by default on HP-UX 11i V1, HP-UX 11i V2, and HP-UX 11i V3 systems. HP-UX Secure Shell resources For more information about Secure Shell, see the following: • HTML and pdf versions at http://www.hp.
System requirements Table 4 lists the minimum system requirements for installing HP-UX Secure Shell A.05.90. Table 4 System Requirements for Installing HP-UX Secure Shell A.05.90. Component Requirement Operating System • HP-UX 11i V1 • HP-UX 11i V2 • HP-UX 11i V3 • HP/9000 servers Hardware • HP Integrity servers Disk Space Approximately 32MB Software HP-UX Secure Shell A.05.90.003 requires OpenSSL version A.00.09.08g.
HP-UX Secure Shell software availability HP-UX Secure Shell is available on the following: • HP Software Depot at: http://www.software.hp.com • HP-UX Application Release CDs • HP-UX 11i V1 Operating Environment (OE) • HP-UX 11i V2 Operating Environment (OE) • HP-UX 11i V3 Operating Environment (OE) NOTE: HP-UX Secure Shell is available on the HP-UX Application Release CD, HP-UX 11i V1 OE, HP-UX 11i V2 OE, and HP-UX 11i V3 OE whenever the CD and OEs are available.
Frequently Asked Questions (FAQ) This section discusses questions frequently asked about HP-UX Secure Shell. 1 What is the difference between HP-UX Secure Shell A.05.90 and OpenSSH 5.9p1? OpenSSH 5.9p1 is a free version of the SSH protocol suite of network connectivity tools. OpenSSH supports SSH protocol versions 1.3, 1.5, and 2.0 and now more people on the internet are relying on it.
12 Does HP-UX Secure Shell support the DenyHosts parameter? No. For access control, HP-UX Secure Shell does not support the DenyHosts, AllowHosts, DenySHosts, and IgnoreRootRhosts parameters. However, HP-UX Secure Shell supports the AllowUsers, DenyUsers, AllowGroups, and DenyGroups parameters. 13 How can I configure HP-UX Secure Shell to allow multiple users (more clients) access to an SFTP server using one login and encrypt the connection? Use public key authentication.
17 Is HP-UX Secure Shell vulnerable to the reported double free bug in the zlib compression algorithm documented at http://www.cert.org/advisories/CA-2002-07.html? All versions of HP-UX Secure Shell starting from A.03.10 are built with support for zlib-1.1.4 or later. So, HP-UX Secure Shell is not affected by the bug described above. HP-UX Secure Shell versions A.05.90.001, A.05.90.002, and A.05.90.003 are built with zlib v1.2.3. 18 Is HP-UX Secure Shell vulnerable to the following CERTs: http://cve.mitre.
Yes, there is a workaround to secure communication. HP-UX Secure Shell uses one connection for communication. SD-UX uses more than one connection. SD-UX first checks the system it is running on and then the system you are trying to talk to. SD-UX may then use UDP, which is not supported by HP-UX Secure Shell . A workaround to secure the communication in HP-UX Secure Shell is to use a depot file (created usign swpackage).
