HP-UX Secure Shell Getting Started Guide
Table 4-6 Behavior of the ssh, scp, and sftp commands with Different Combinations of
EnforceSecureTTY and PermitRootLogin (continued)
Behavior of the scp and sftp
Commands
Behavior of the sshCommandPermitRootLoginEnforceSecureTTY
Forced-command execution is
allowed for all superusers,
regardless of the setting in the
etc/securetty file, and the
pty setting in the
authorized_keys file.
However, no pty is allocated
even if it specified in the
authorized_keys file.
IMPORTANT: The scp and
sftp commands, and
forced-command are mutually
exclusive. If forced-command
execution is set, only
forced-command is executed
and no file transfers are
allowed.
Host login and host
command executions are not
allowed for all superusers,
regardless of the settings in
the etc/securetty file.
Forced-command execution
4
is dictated by the pty or
no-pty option. This option
is specified in the
authorized_keys file,
located in the home directory
of the superuser on the
server. The default option is
pty. If run with a pty
option, forced-command
execution is allowed only for
superusers whose ptys are
listed in the etc/
securetty file. If run with
a no-pty option, then
forced-command execution
is allowed for all superusers,
regardless of the settings in
the etc/securetty file.
NOTE: For
Forced-commands only,
superusers must log in using
public key authentication.
This additional requirement
is not related to
EnforceSecureTTY . This
applies to the scp, ssh, and
sftp commands.
Forced-Command-onlyYES
Configuring User-Specific Authentication 49