Manualshelf

HP-UX Secure Shell Getting Started Guide

ManualsBrandsHP ManualsSoftwareHP-UX 11i Secure Shell Software
61626364656667686970
IMPORTANT: Be cautious when using debug levels higher than debug1. HP-UX Secure Shell
displays sensitive information at higher levels, such as the private keys of the user or server.
Logging Error and Debug Messages
HP-UX Secure Shell logs error messages in different locations depending on how debugging is
configured.
Following are the different locations in which HP-UX Secure Shell logs error and debug messages:
The /var/adm/syslog/syslog.log File If you specify only the LogLevel directive
in the /opt/ssh/etc/sshd_config file and you do not specify the -d or -v command-line
options with sshd, HP-UX Secure Shell logs all the messages (debug and error messages)
in the /var/adm/syslog/syslog.log file. HP-UX Secure Shell error messages are
prefixed with sshd in the /var/adm/syslog/syslog.log file.
Following is a sample error message in the /var/adm/syslog/syslog.log file:
May 12 16:47:39 system_name sshd[2618]: error: PAM: Authentication failed
Where:
PAM Authentication failed is the error message.
The Standard Output If you specify the -d or -v option with sshd, HP-UX Secure Shell
sends debug messages to the standard output, whether or not LogLevel is configured in
the HP-UX Secure Shell configuration files. Command-line arguments override the LogLevel
configuration directive.
The /var/adm/syslog/syslog.log File Error messages continue to be logged in the
/var/adm/syslog/syslog.log file, regardless of the LogLevel or the command-line
specifications.
The Standard Error If you specify the -e command-line option with sshd, the error
messages are logged to standard error instead of the /var/adm/syslog/syslog.log
file, regardless of any LogLevel or other command-line specifications.
Authentication Problems
This section discusses common problems encountered during authentication.
Public-Key Authentication Problems
Following are some common public-key authentication setup mistakes:
Not moving the public key to the authorized_keys file in the HP-UX Secure Shell server.
Granting incorrect permissions for the authorized_keys file or one of the parent
directories.
Forgetting the passphrase. Passphrases are not recoverable.
Generating a key pair and accidentally replacing the public key with an older one.
Attempting to use a key that is in incorrect format.
Host-Based Authentication Problems
Following are some common host-based authentication configuration mistakes:
You must ensure that the public host key of the client is in the known_hosts file in the
server.
You must use the correct canonical name of the client so that the server is able to resolve
this canonical name.
HP recommends that you provide read/write permission for the user for the $HOME/.shosts
file, and no permission for other users.
Logging Error and Debug Messages 65