Manualshelf

HP-UX Secure Shell Getting Started Guide

ManualsBrandsHP ManualsSoftwareHP-UX 11i Secure Shell Software
61626364656667686970
ChallRespAuthDenyUsers Deny none
ChrootDirectory
Use this directory to specify a path tochroot to after authentication. This path, and all its
components, must be root-owned directories that are not writable by any other user or group.
The default setting is not to chroot.
For example:
ChrootDirectory not to chroot
ClientAliveCountMax
The ClientAliveCountMax directive enables a client or a server to detect an inactive connection.
Use this directive to specify the number of client alive messages that can be sent before sshd
receives messages from the client. If the number of client alive messages reaches the specified
threshold, the sshd daemon disconnects the client and terminates the session. The client alive
messages are sent through an encrypted channel and cannot be spoofed. The default value is
three.
For example:
ClientAliveCountMax 3
ClientAliveInterval
Use this directive to send a request to nonresponsive clients and to expect a reply within a
specified time interval. This directive sets the timeout interval in seconds. If no data is received
from the client after the specified timeout interval, the sshd daemon sends a message through
the encrypted channel requesting a response from the client. The default value is 0.
ClientAliveInterval 0
NOTE: The ClientAliveInterval is available for the SSH-2 protocol only.
Compression
Use this directive to compress data sent over HP-UX Secure Shell connections before they are
encrypted. It also decompresses the data received by the client after it is decrypted. You can use
the YES, no, or delayed values to enable, enable delayed, or disable compression.
The default setting is delayed. In this setting, the server invokes the zlib compression modules
only after the user is successfully authenticated. Using compression=delayed eliminates the
risk of any zlib vulnerability leading to the server being compromised by unauthenticated
users.
NOTE: Delayed compression is not supported in clients older than HP-UX Secure Shell 3.5.
These versions of HP-UX Secure Shell cannot connect to a newer version of the Server unless
compression is disabled (on the client-side), or the original compression method is enabled on
the server (by setting Compression yes in the sshd_config file.
For example:
Compression delayed
CountKeyAuthBadLogins
Use this directive to control the logging of bad login attempts to the btmp file when using the
GSS-API, public-key, and host-based authentication methods. The default setting is no. When
CountKeyAuthBadLogins is set to NO, failed authentication attempts for key-based
authentication do not generate btmp records.
For example:
CountKeyAuthBadLogins no
Server Configuration Directives 69