Manualshelf

HP-UX Secure Shell Getting Started Guide

ManualsBrandsHP ManualsSoftwareHP-UX 11i Secure Shell Software
61626364656667686970
NOTE: Numerical group IDs are not recognized.
For example:
AllowGroups root, staff, users
AllowTCPForwarding
Use this directive to enable or disable TCP forwarding. The default setting is YES.
NOTE: To improve security, disable TCP forwarding and deny users shell access.
For example:
AllowTcpForwarding YES
AuthorizedKeysFile
Use this directive to specify the file to be used for public-key authentication. The
AuthorizedKeysFile can contain tokens in a %T form, where T is the token. The following
tokens are available:
%% Use this token to specify %.
%h
Use this token to specify the home directory of the user being authenticated.
%u
Use this token to specify the user name of the user being authenticated.
HP-UX Secure Shell substitutes these tokens with the token values during connection setup.
After this substitution, AuthorizedKeysFile becomes an absolute path or a path relative to
the home directory of the user. The default setting is the .ssh/authorized_keys.
For example:
#AuthorizedKeysFile %h/.ssh/authorized_keys
If the home directory of the user being authenticated (%h) is /home/user1, the
AuthorizedKeysFile directive is set to the /home/user1/.ssh/authorized_keys file
after substitution.
ChallengeResponseAuthentication
Use this directive to enable Challenge-Response (also known as Keyboard-Interactive)
authentication. HP-UX Secure Shell supports all authentication styles from login.conf(5). For more
information on the Keyboard-Interactive authentication, see “Keyboard-Interactive
Authentication” (page 33).
The default setting is YES.
For example:
ChallengeResponseAuthentication YES
ChallRespAuthAllowUsers
This configuration directive has been introduced by the 3rd party Auth Selection” patch. Use
this configuration directive to specify which users can be authenticated using Challenge Response
authentication. The default setting is to allow all users.
For example:
ChallRespAuthAllowUsers Allow All
ChallRespAuthDenyUsers
This configuration directive has been introduced by the 3rd party Auth Selection” patch. Use
this configuration directive to specify which users must be denied authentication using Challenge
Response authentication. The default setting is to deny no users.
For example:
68 Configuration Files and Directives