Manualshelf

HP-UX Secure Shell Getting Started Guide

ManualsBrandsHP ManualsSoftwareHP-UX 11i Secure Shell Software
21222324252627282930
HP-UX Secure Shell verifies the password that you enter against the password in the /etc/
passwd file and allows access only if the passwords match.
For more information on the attributes in an entry in the /etc/passwd file, see passwd(4)
The /etc/passwd file gets default values such as ABORT_LOGIN_ON_MISSING_HOMEDIR and
BOOT_AUTH, BOOT_USERS from the /etc/default/security file. For more information on
different default values, see security(4).
Using the /etc/pam.conf File
Pluggable Authentication Module (PAM) is a generic framework for authentication, authorization,
and accounting. HP-UX Secure Shell supports the following PAM modules:
PAM_UNIX
PAM_LDAP
PAM_KERBEROS
NOTE: HP-UX Secure Shell supports, but is not tested with PAM modules, such as PAM_DCE
and PAM_NTLM.
A PAM module provides functionality for one or more of the following services:
Authentication
Account management
Session management
Password management
The /etc/pam.conf PAM configuration file contains a list of these services. Each service is
paired with a corresponding service module. When an application requests a service, the
application invokes the module associated with the service.
Each entry in the /etc/pam.conf file has the following format:
service_name module_type control_flag module_path options
Following is a sample entry in the /etc/pam.conf file for authentication:
login auth required libpam_unix.so.1 debug
For more information on the PAM configuration file, see pam.conf( 4). For information about a
PAM module, see pam_unix(5) and pam_hpsec(5).
The HP-UX Secure Shell server configuration file, /opt/ssh/etc/sshd_config, contains the
UsePAM directive that enables PAM authentication. If you set this directive to YES, HP-UX Secure
Shell looks at the PAM configuration file for password authentication requests from the client.
HP-UX Secure Shell also attempts password authentication through the configured PAM modules
in sequence, until a connection is established. The details of the authentication method employed
by PAM is transparent to HP-UX Secure Shell. The PAM library informs HP-UX Secure Shell
whether the authentication was successful. The default value for the UsePAM directive is YES.
You can set the UsePAM directive to NO. With this setting, any password authentication request
from the client causes HP-UX Secure Shell to ignore the PAM configuration settings on the server.
Instead, the server directly reads the user ID and password from the /etc/passwd file. For
more information on the UsePAM directive, see Appendix A (page 67).
Public-Key Authentication
HP-UX Secure Shell uses public-key authentication for strong and secure authentication.
Public-key authentication enables users to connect to a remote server without sending their
password over the network. In this type of authentication, a client system needs a private key
and a passphrase to authenticate itself to the server.
Public-Key Authentication 29