HP-UX Secure Shell Getting Started Guide
PubkeyAuthAllowUsers Allow All
PubkeyAuthDenyUsers
This configuration directive has been introduced by the 3rd party “Auth Selection” patch. Use
this configuration directive to specify which users cannot authenticate using Kerberos or local
password authentication. The default setting of this directive is to deny no users.
For example:
PubkeyAuthDenyUsers Deny none
PubkeyAuthentication
Use this directive to enable public-key authentication. When this directive is enabled, the sshd
daemon uses cryptographic keys to verify the identity of the user.
The default value is YES.
For example:
PubkeyAuthentication YES
RhostsRSAAuthentication
Use this directive to perform RSA host-based authentication in addition to standard .rhosts
or /etc/hosts.equiv authentication.
The default value is no.
For example:
RhostsRSAAuthentication no
NOTE: This directive does not work for outbound connections from privileged ports. This
directive is available for the SSH-1 protocol only.
RSAAuthentication
Use this directive to specify whether RSA authentication is enabled.
The default value is YES.
For example:
RSAAuthentication YES
NOTE: This directive is available for the SSH-1 protocol only.
StrictModes
Use this directive to check access rights and permissions for files. The sshd daemon checks the
file modes, user file ownership, and home directory before accepting a user login.
The default value is YES.
TIP: HP recommends setting this directive to YES, because users can accidentally leave their
directories or files world-writable.
For example:
StrictModes yes
Subsystem
Use this directive to configure an external subsystem such as a file transfer daemon. Arguments
must be a subsystem name and a command (with optional arguments) to execute upon subsystem
request. The sftp-server( 8) implements the sftp file transfer subsystem. Alternately the name
78 Configuration Files and Directives