HP-UX Secure Shell Getting Started Guide
Strong Encryption All communication between the client and the server is
encrypted using patent-free encryption algorithms such
as Blowfish, Data Encryption Standard (DES), 3DES,
Advanced Encryption Standard (AES), and arcfour.
Authentication information (for example, passwords) is
never sent in clear text over the network. Encryption in
conjunction with strong public-key cryptography also
provides protection against a number of potential security
attacks.
Strong Authentication HP-UX Secure Shell supports a strong set of authentication
methods between client and server. HP-UX Secure Shell
supports two-way authentication: the server authenticates
the client and the client authenticates the server. This
protects the session against a variety of security hazards.
Port Forwarding HP-UX Secure Shell supports the redirection of TCP/IP
connections between a client and a remote host. For
example, you can use port forwarding to redirect file
transfer protocol (FTP) traffic between a client and a server.
Instead of the client directly communicating with the
server, you can redirect the traffic to an HP-UX Secure
Shell server over a secure channel. The HP-UX Secure Shell
server forwards the traffic to a designated port on the FTP
server.
X11 Forwarding X11 forwarding provides secure X traffic between client
and server. It automatically sets the DISPLAY variable on
the remote system where the sshd daemon is running.
Agent Forwarding HP-UX Secure Shell facilitates and secures key-based
authentication using an authentication agent. This agent
typically runs in the client environment and holds all key
information. The only place in the network where the key
information is stored is the local system. Keys are never
disclosed to any other component of the network.
Integration with HP-UX Security
Features and Services
HP-UX Secure Shell is well integrated with the following
features and services offered by HP-UX:
• The /etc/utmp, /var/adm/wtmp, and /var/adm/
btmp files (similar to the telnet and remsh sessions)
• PAM modules
• The /etc/default/security file
• Shadow passwords
• Trusted HP-UX features
• The /var/adm/syslog/syslog.log file
• Audit Logging
Architecture
HP-UX Secure Shell is based on client-server architecture. An HP-UX Secure Shell daemon (sshd)
runs on a UNIX system and waits for connections from clients. The HP-UX Secure Shell
environment consists of the following distinct components:
Server
A program running as a daemon (sshd) that listens for HP-UX Secure Shell
connections.
Client A program that connects a system to the HP-UX Secure Shell server.
16 Introduction