Manualshelf

HP-UX Secure Shell Getting Started Guide

ManualsBrandsHP ManualsSoftwareHP-UX 11i Secure Shell Software
41424344454647484950
Configuring Keyboard-Interactive Authentication
To configure the Keyboard-Interactive authentication, set either of the following directives in
the /opt/ssh/etc/ssh_config configuration file:
ChallengeResponseAuthentication yes
UsePAM yes
NOTE: If the HP-UX Secure Shell client requests the Keyboard-Interactive authentication
method and the underlying PAM module is a simple one-password function, Keyboard-Interactive
authentication works the same way as password authentication.
Configuring Host-Based Authentication
This section describes how to configure host-based authentication.
Configuring Host-Based Authentication for Non-Superusers
Non-superusers can configure host-based authentication using systemwide configuration or the
user-specific configuration.
Using Systemwide Configuration
To configure host-based authentication for non-superusers using systemwide configuration,
follow these steps:
1. On the client system, set the following directives in the /opt/ssh/etc/ssh_config file:
RhostsRSAAuthentication yes (For SSH-1)
HostbasedAuthentication yes (For SSH-2)
2. On the client system, set the following directive in the /opt/ssh/etc/ssh_config file:
EnableSSHKeysign yes
3. On the server system, set the following directives in the /opt/ssh/etc/sshd_config
file:
RhostsRSAAuthentication yes (For SSH-1)
HostBasedAuthentication yes (For SSH-2)
4. Ensure that the /opt/ssh/etc/shosts.equiv file or the /etc/hosts.equiv file on
the server contains an entry for the fully qualified client host name and the user ID of the
client, as shown in the following example:
client.abc.com localuser
Where:
localuser Specifies the user on the client system who is logging into the remote system.
client Specifies the name of the client system.
abc.com Specifies the client domain.
NOTE: HP-UX Secure Shell uses the /etc/hosts.equiv file if the directives
RhostsRSAAuthentication and HostbasedAuthentication are configured in the
HP-UX Secure Shell configuration files. This file is used for host-based authentication with
remotely executed commands (r-commands). The /opt/ssh/etc/shosts.equiv file is
preferred over the /etc/hosts.equiv file, because the /opt/ssh/etc/shosts.equiv
file is used by HP-UX Secure Shell only.
5. To add the public host key of the client to the /opt/ssh/etc/ssh_known_hosts file,
which is the known hosts file of the server, run one of the following commands from the
client system as a superuser for SSH-2:
Configuring Keyboard-Interactive Authentication 43