Manualshelf

HP-UX Secure Shell Getting Started Guide

ManualsBrandsHP ManualsSoftwareHP-UX 11i Secure Shell Software
31323334353637383940
NOTE: The client cannot pick the correct key pair if there are multiple key pairs of the same
type in the $HOME/.ssh directory, for instance, three RSA key pairs. HP-UX Secure Shell does
not have a configuration directive that can inform the client about multiple key pairs. However,
you can specify a key file name in the HP-UX Secure Shell client using the option. For more
information on the -i option, see ssh(1).
Kerberos Authentication
Kerberos is a network authentication protocol based on RFC 1510, Kerberos Network
Authentication Service (V5). RFC 1510 is designed to provide strong authentication for client
and server applications using shared secret key cryptography. For information on Kerberos, see
the Kerberos documentation set available at:http://docs.hp.com/en/internet.html#Kerberos
The main component of the Kerberos security is the Key Distribution Center (KDC), which is a
network service that supplies tickets and temporary session keys to clients and servers. The KDC
maintains a database of principal names (users and services) and their associated secret keys.
When the HP-UX Secure Shell server authenticates the client, both the system running the HP-UX
Secure Shell client and the system running the HP-UX Secure Shell server interact with the KDC.
Kerberos is a third party custodian of user (client) and service information. A user is a client
application. A service is a process running on a server that the user is trying to connect to. The
service must authenticate the user.
The following actions take place when the service authenticates the user:
1. The user contacts the Kerberos server to obtain information about itself (client information)
and the service.
2. The user generates information about itself.
3. The user contacts the required service with the Kerberos-generated client information and
the self-generated client information.
4. The service compares its client information with the self-generated client information. If
these two pieces of data match, the service allows the client to access the service.
Using Kerberos with HP-UX Secure Shell offers the following benefits:
Proven security of Kerberos authentication
Simplicity and flexibility of HP-UX Secure Shell
How Kerberos Works with HP-UX Secure Shell
Figure 3-1 illustrates how Kerberos works with HP-UX Secure Shell.
Kerberos Authentication 31