Manualshelf

HP-UX Secure Shell A.05.90.009, A.05.90.010, and A.05.90.011 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i Secure Shell Software
12345678910
Example 1 Public key authentication With Bad RSA, ECDSA and DSA Keys
If you try Public key authentication with bad RSA, ECDSA and DSA keys, it results in a bad
login attempt for each key type. In such a scenario, the audit log has the following entries:
SELF-AUDITING TEXT: User= root uid=0 ssh authentication method PUBKEY failed
SELF-AUDITING TEXT: User= root uid=0 ssh authentication method PUBKEY failed
SELF-AUDITING TEXT: User= root uid=0 ssh authentication method PUBKEY failed
SELF-AUDITING TEXT: User= root uid=0 ssh authentication success - user logged in
SELF-AUDITING TEXT: User= root uid=0 ssh session open
Example 2 Public Key Authentication With Bad RSA, ECDSA and Correct DSA Keys
If you try Public Key Authentication with bad RSA, ECDSA and correct DSA keys, it results in
two bad logins for RSA and ECDSA. In such a scenario, the audit log has the following two
entries:
SELF-AUDITING TEXT: User= root uid=0 ssh authentication method PUBKEY - failed
SELF-AUDITING TEXT: User= root uid=0 ssh authentication method PUBKEY - failed
SELF-AUDITING TEXT: User= root uid=0 ssh authentication success - user logged in
SELF-AUDITING TEXT: User= root uid=0 ssh session open
Example 3 Wrong Typing of a Password
If you type a wrong password and it results in authentication failure, the failure is considered
a bad login. All such bad logins result in separate entries in the audit file.
For more information on HP-UX SMSE, see http://www.hp.com/go/hpux-security-docs
HP-UX Secure Shell user authentication using public-key fails in a server environment if UsePAM
is set to YES and pam.conf is set to PAM_LDAP.
Workaround: HP recommends the PAM_AUTHZ mechanism for HP-UX Secure Shell environments
that use public-key authentication with PAM_LDAP-based account management.
On some systems, the following messages appears in the syslog.log file, when a user logs
out of a Secure Shell session:
pam_setcred: error Authentication failed
pam_setcred: error Permission denied
These messages appears only when the daemon is running in debug mode. These messages
are not relevant to (and does not affect) HP-UX Secure Shell operations. The PAM function
pam_setcred generates this message. These error messages appear for the scenarios listed
in Table 2.
Table 2 Scenarios where pam_setcred Generates Error Messages
Error MessagesKeyServ RunningUsePrivUser
Permission deniednoyesroot
Authentication failednoyesnon-root
Permission deniednonoroot
Permission deniednononon-root
Permission deniedyesyesroot
No messageyesyesnon-root
Permission deniedyesnoroot
Permission deniedyesnonon-root
Known problems and workarounds 7