Manualshelf

HP-UX Secure Shell Getting Started Guide

ManualsBrandsHP ManualsSoftwareHP-UX 11i Secure Shell Software
31323334353637383940
5. To connect to the remote server, run the following command from the client system:
# ssh <server_name>
Where:
<server_name> specifies the name of the remote system to which you want to connect.
The default setting in the /opt/ssh/etc/ssh_config and /opt/ssh/etc/sshd_config
files is set to enable Kerberos authentication. Unless you change the /opt/ssh/etc/ssh_conf
and /opt/ssh/etc/sshd_conf files to deny Kerberos authentication, you can log in remotely
without being prompted for passwords.
You can use the following methods to configure HP-UX Secure Shell to use Kerberos
authentication:
Password authentication using PAM_KERBEROS. For more information, see “Configuring
Password Authentication Using PAM Kerberos” (page 39).
GSS-API authentication using Kerberos. For more information, see “Configuring GSS-API
Authentication” (page 40).
Configuring Password Authentication Using PAM Kerberos
To enable password authentication using Kerberos, follow these steps:
1. On the HP-UX Secure Shell server and client systems, set the following directives in the
/opt/ssh/etc/sshd_config file:
PasswordAuthentication yes
UsePAM yes
2. To configure the /etc/pam.conf file for PAM Kerberos in the HP-UX Secure Shell server,
use the /usr/lib/security/libpam_krb5.1 or /usr/lib/security/
libpam_krb5.so.1 library for the login service in the /etc/pam.conf file.
Following is a sample entry for PAM Kerberos in the /etc/pam.conf file for the HP-UX
11.0 and 11i v1 systems (PA-RISC architecture) :
sshd auth required /usr/lib/security/libpam_krb5.1
Following is a sample entry for PAM Kerberos in the /etc/pam.conf file for the HP-UX
11i v2 system (Itanium architecture) :
sshd auth required /usr/lib/security/$ISA/libpam_krb5.so.1
3. To ensure that the host service principle and the host service key are available in the /etc/
krb5.keytab file, run the following command on the HP-UX Secure Shell server:
# kinit -k
If the host service principle and host service key are not available in the /etc/krb5.keytab
file, run the following command to extract the host service principle:
# /opt/krb5/admin/kadminl
For information on extracting the host service principle, see Step 4 in “Configuring GSS-API
Authentication” (page 40).
4. Identify a system where you must install the Kerberos server, and install the Kerberos server
software in that system. If you are installing the Kerberos server on an HP-UX system, see
the latest version of the Kerberos server software is available at: http://www.software.hp.com
Follow these steps to configure the Kerberos server:
a. Configure the Kerberos server. You can configure the Kerberos server either manually
or by using the /opt/krb5/sbin/krbsetup tool. For information on configuring
the Kerberos server, see the chapter Auto-Configuration of the Security Server and
Configuring Kerberos Authentication 39