HP-UX Secure Shell A.05.90.001, A.05.90.002, and A.05.90.003 Release Notes (5900-2247, March 2012)
Frequently Asked Questions (FAQ)
This section discusses questions frequently asked about HP-UX Secure Shell.
1 What is the difference between HP-UX Secure Shell A.05.90 and OpenSSH 5.9p1?
OpenSSH 5.9p1 is a free version of the SSH protocol suite of network connectivity tools.
OpenSSH supports SSH protocol versions 1.3, 1.5, and 2.0 and now more people on the
internet are relying on it.
HP-UX Secure Shell is a binary package compiled with support for PAM, gssapi, krb5, and
libwrap, but there is no support for Smartcard. HP-UX Secure Shell is built to install and un-install
using the SD-UX utility and includes all required pre-requisites.
2 Why should HP-UX Secure Shell be used?
The standard services for interactive sessions on remote machines lack sufficient security. This
results in the server system becoming vulnerable to a wide variety of attacks. HP-UX Secure
Shell offers strong encryption during authentication and for the entire session, which makes it
a perfect replacement for these services.
3 How does HP-UX Secure Shell authenticate?
HP-UX Secure Shell authenticates using one or more of the following:
• Password (the /etc/passwd or /etc/shadow in UNIX)
• User public key (RSA or DSA, depending on the release)
• Kerberos5/GSSAPI for SSH-2
4 What are the supported features?
HP-UX Secure Shell supports both SSH-1 and SSH-2 protocols. HP recommends not to use
SSH-1 to avoid the risk of an insertion attack.
5 Does HP-UX Secure Shell support Smart Card authentication?
No. HP-UX Secure Shell is compiled without smart card support.
6 Will HP support recompiled versions of HP-UX Secure Shell?
The source code is provided for reference only. HP does not support recompiled versions. The
following archive libraries are not provided with the code:
• zlib v1.2.3
• OpenSSL v0.9.8t
• tcp_wrappers_7.6-ipv6.4 (source code provided, no library)
7 What are the limitations of this product?
HP-UX Secure Shell is not a true shell like UNIX Bourne Shell or C Shell. Therefore, it does not
provide complete security solutions.
8 Does installing HP-UX Secure Shell require a kernel rebuild?
No. HP-UX Secure Shell is an application level protocol and does not require a kernel rebuild
or system reboot.
9 How can I remove HP-UX Secure Shell?
Use swremove to remove the product.
10 How does HP-UX Secure Shell perform?
Compared to the conventional file transfer, scp is two to three times slower than rcp. As Secure
Shell authenticates both the server and the users, and encrypts both the data and the password,
sftp is two to three times slower than ftp.
HP recommends using /dev/random on your system to significantly speed-up program
initialization. HP is continually striving for performance enhancements for future releases.
11 Does HP-UX Secure Shell support rdist or rsync?
No. HP-UX Secure Shell cannot be specified as the connection mechanism to HP's rdist. HP
has not officially certified Secure Shell with the open source versions of rdist or rsync.
12 HP-UX Secure Shell A.05.90