HP-UX Secure Shell A.05.90.001, A.05.90.002, and A.05.90.003 Release Notes (5900-2247, March 2012)

ManualsBrandsHP ManualsSoftwareHP-UX 11i Secure Shell Software

12 Does HP-UX Secure Shell support the DenyHosts parameter?

No. For access control, HP-UX Secure Shell does not support the DenyHosts, AllowHosts,

DenySHosts, and IgnoreRootRhosts parameters. However, HP-UX Secure Shell supports the

AllowUsers, DenyUsers, AllowGroups, and DenyGroups parameters.

13 How can I configure HP-UX Secure Shell to allow multiple users (more clients) access to an

SFTP server using one login and encrypt the connection?

Use public key authentication. Each local user gets a pair of public and private keys. All the

public keys are added to the ~/.ssh/authorized_keys file of a single user on the remote

machine. Each local user can then issue the sftp command and log in as the remote user. All

local users share access to the remote user. Remember that all local users can also use ssh to

access the remote user.

14 What diagnostic tools does HP-UX Secure Shell have? Where can I find error messages, log

files, and so on?

HP-UX Secure Shell logs debug and error messages using syslog. Logging is controlled by two

configuration keywords: SyslogFacility and LogLevel.

Use the appropriate syslog log levels (QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG) to

gather more information about error scenarios. As defined by sshd_config, the default for

syslogFacility is set to AUTH and LogLevel is set to INFO, as in the following:

• #SyslogFacility AUTH

• #LogLevel INFO

If sshd runs in debug mode (-d), logging goes to standard error instead of to syslog. Get more

debugging information by using additional d's for sshd and additional v's for ssh, as in the

following:

• ssh -v

• ssh -vv

• ssh -vvv

• sshd -d

• sshd -dd

• sshd -ddd

Other commands with debugging option -v are:

• ssh-keyscan -v

• sftp -v

• scp -v

• ssh-keyscan -v

15 How do I find out the version of HP-UX Secure Shell I am using? How do I find out whether I

am running HP-UX Secure Shell or the public domain version of OpenSSH?

Use the swlist command to display the name and version number of HP-UX Secure Shell.

For example:

# swlist | grep T1471

T1471AA A.05.90 HP-UX Secure Shell

You can also use the what command as shown in the following example:

# what /usr/bin/scp

16 Is libwrap.a linked in HP-UX Secure Shell? Must I only configure hosts.allow and

hosts.deny to use the access control provided by tcp_wrapper?

Yes, the libwrap.a archive library consisting of tcp_wrapper version 7.6-ipv6.4,

is linked to HP-UX Secure Shell. You only need to configure hosts.allow and hosts.deny

to use the access control provided by tcp_wrapper.

Frequently Asked Questions (FAQ) 13