HP-UX Secure Shell Getting Started Guide
Table 4-6 Behavior of the ssh, scp, and sftp commands with Different Combinations of
EnforceSecureTTY and PermitRootLogin (continued)
Behavior of the scp and sftp
Commands
Behavior of the sshCommandPermitRootLoginEnforceSecureTTY
Superusers can execute the
scp and sftp commands,
regardless of the settings in
the etc/securetty file.
These superusers must
authenticate with a method
other than password
authentication.
Host login is allowed only
for superusers whose ptys
are listed in the etc/
securetty file. These
superusers must authenticate
with a method other than
password authentication.
This additional requirement
is not related to
EnforceSecureTTY.
Host command execution is
allowed for all superusers,
regardless of the settings in
the etc/securetty file.
Without PasswordYES
Forced-command execution is
allowed for all superusers
regardless of the settings in
the etc/securetty file, and
the pty setting in the
authorized_keys file.
However, no pty is allocated
even if it specified in the
authorized_keys file.
IMPORTANT: The scp and
sftp commands, and
forced-commands are
mutually exclusive. If
forced-command execution is
set, only forced-command is
executed and no file transfers
are allowed.
Host login and host
command executions are not
allowed for all superusers.
Forced-commands execution
is allowed for all superusers.
NOTE: For
Forced-Commands-only,
superusers must authenticate
using public key
authentication. This
additional requirement is not
related to
EnforceSecureTTY. This
applies to the ssh, scp, and
sftp commands.
Forced-Commands-onlyNO
50 Configuring HP-UX Secure Shell Authentication Methods