HP-UX Secure Shell Getting Started Guide

ManualsBrandsHP ManualsSoftwareHP-UX 11i Secure Shell Software

Table 3-1 Advantages and Disadvantages of HP-UX Secure Shell Authentication Methods (continued)

DisadvantagesAdvantagesAuthentication Method

Less secure authentication method

because multiple users can establish

connections from the same client using

the host key pair.

Simple and easy to manage.

Convenient for managing a trusted

network, because this method checks only

the hosts. It does not check individual user

logins.

Host-based

Large management overhead, including

creating and maintaining tickets.

Uses a centrally managed third party Key

Distribution Center (KDC) server that

manages tickets for all clients.

Secure authentication method.

Convenient for systems that are accessed

by many users and systems that need

centralized user authentication.

Generic Security Service

Application Programming

Interface (GSS-API)

authentication using Kerberos

Not as secure as GSS-API or public-key

authentication.

Simple and easy to manage.

Convenient for remote administrators and

secure personal use.

Keyboard Interactive

You can combine the authentication methods described in Table 3-1 or use them separately,

depending on the level of security that you need.

Password Authentication

Password authentication is a simple, convenient method of authentication, because the server

and client do not require any additional setup.

During password authentication, the server takes the following steps to authenticate a client:

1. The user logs in using the user ID and password.

2. The client transmits the password to the server over the network in clear text.

3. The server checks whether the given password matches the target account, and allows the

client to connect to the server.

You can use either of the following files for password authentication:

• “Using the /etc/passwd File” (page 28)

• “Using the /etc/pam.conf File” (page 29)

Using the /etc/passwd File

This authentication method is based on the user login details specified in the /etc/passwd file.

You must use the user ID and password configured in this file when you log into the HP-UX

Secure Shell server. Each entry in the /etc/passwd file contains the following attributes,

separated by a colon (:):

• Login name

• Encrypted password

• Numerical user ID

• Numerical group ID

• Reserved gecos ID

• Initial working directory

• Program to user as shell

Following is a sample entry in the /etc/passwd file:

user1:3Km/o4Cyq84Xc:10:15:System Administrator:/home/user1:/sbin/sh

28 HP-UX Secure Shell Authentication Methods