Manualshelf

HP-UX Secure Shell A.05.90.009, A.05.90.010, and A.05.90.011 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i Secure Shell Software
12345678910
A Kerberos ticket on a Secure Shell server system gets inadvertently deleted in the following
scenario:
1. User U1 creates a Kerberos ticket file on a Secure Shell server system, S1.
2. The SSH server on S1 is set up for PAM_KERBEROS authentication.
3. User U1 now remotely connects to the SSH instance on S1 using public-key authentication.
4. User U1 exits.
The kinit-generated ticket file created in Step 1 gets deleted when the user exits the Secure
Shell session.
Workaround: Create the Kerberos ticket file (Step 1) in a non-default location and selectively
communicate this file name to Secure Shell processes using the KRB5CCNAME environment
variable.
The chroot functionality does not work if the UseLogin configuration directive in
sshd_config is set to YES.
In a chroot-ed environment, you do not see a subset of syslog messages. HP-UX Secure Shell
writes syslog messages during authentication and when the session is terminated. The syslogd
daemon reads the syslog messages written by all subsystems and reports it to the /dev/log
file. In a chroot-ed environment, the sshd daemon writes its syslog messages to
<newroot>/dev/log. You cannot link the <newroot>/dev/log file to the /dev/log
file, so you are not able to view the subset of syslog messages.
Workaround: Please see HP-UX - How to Configure SFTP Logging in a Chrooted Environment?
Users of chroot-ed HP-UX Secure Shell environments must be aware that a subset of messages
written by the sshd daemon will not show up in syslog.
QXCR1000868044
This occurs when sshd is being used by SIM System Insight Manager and the CMS and gWLM.
In some systems, when kerberos authentication is set to yes, ChallengeResponseAuthentication
is commented out in sshd_config, and kerberos is not configured in the system, sshd will have
a very long timeout.
QXCR1001102145
ssh-keygen displays only the first key and does not handle multiple keys present in a file. This
issue is same as http://bugzilla.mindrot.org/show_bug.cgi?id=1319
QXCR1001200464
ECDSA key storing on LDAP server is NOT supported on HP-UX Secure Shell A.05.90.
NO JAG
Privsep using sandboxing is not supported on HP-UX Secure Shell A.05.90.
NO JAG
Login to MP/iLO with HP-UX Secure Shell A.05.80 onwards fails with Client Disconnect. This
is a known issue with Secure Shell while attempting to login to HP MP/iLO. Secure Shell
A.05.80 and above has added additional key exchange protocols that the MP/iLO receiving
buffer cannot handle. HP is currently developing a fix for the MP/iLO firmware issue.
The current workaround is to shorten the Host Key Algorithms list. You can use one of the
following commands:
#ssh -oHostKeyAlgorithms=ssh-dss admin@my-mp
#ssh -oHostKeyAlgorithms=ssh-rsa admin@my-mp
#ssh -oHostKeyAlgorithms=ssh-rsa,ssh-dss admin@my-mp
8 HP-UX Secure Shell A.05.90