Manualshelf

HP-UX Secure Shell Getting Started Guide (762810-001, March 2014)

ManualsBrandsHP ManualsSoftwareHP-UX 11i Secure Shell Software
81828384858687888990
The default value is yes.
TIP: HP recommends setting this directive to yes, because users can accidentally leave their
directories or files world-writable.
For example:
StrictModes yes
Subsystem
Use this directive to configure an external subsystem such as a file transfer daemon. Arguments
must be a subsystem name and a command (with optional arguments) to execute upon subsystem
request. The sftp-server( 8) implements the sftp file transfer subsystem. Alternately the name
internal-sftp implements an in-process sftp server. This may simplify configurations using
the ChrootDirectory directive to force a different file system root on clients. By default no
subsystems are defined.
NOTE: The subsystem directive is available to SSH protocol version-2 only.
SyslogFacility
Use this directive to specify the facility code to be used when logging messages from the sshd
daemon.
The default setting is AUTH.
Table 23 lists the valid values for the SyslogFacility directive.
Table 23 SyslogFacility Values
DescriptionValue
Directs syslog to log sshd messages based on the LOG_DAEMON log facility
specification.
DAEMON
Specifies that messages are logged based on the LOG_USER log facility
specification.
USER
Logs authentication-related messagesAUTH
Specifies that the messages are reserved for local use.LOCAL 0-7
For example:
SyslogFacility AUTH
TCPKeepAlive
Use this directive to control the flow of TCP keep-alive messages. If keep-alive messages are sent,
the connection terminates, or one of the hosts crashes, this directive prevents infinitely hanging
sessions.
However, if keep-alive messages are not sent, sessions can hang indefinitely on the server, resulting
in ghost users and large consumption of server resources.
The default setting is yes.
For example:
TCPKeepAlive yes
TrustedUserCAKeys
Use this directive to specify a file containing public keys of certificate authorities that are trusted
to sign user certificates for authentication. The keys are listed one per line; empty lines and comments
starting with # are allowed. If a certificate is presented for authentication and has its signing CA
Server configuration directives 81