HP-UX Secure Shell Getting Started Guide
For example:
UseLogin no
UsePAM
Use this directive to enable PAM authentication and session setup.
NOTE: If PasswordAuthentication and UsePAM are set to YES, the user gets three chances
to enter the correct password after which a new prompt is displayed indicating that ssh is using
the password authentication method.
The default setting is YES.
TIP: HP recommends that you disable password authentication when enabling the UsePAM
directive.
For example:
UsePAM YES
UsePrivilegeSeparation
Use this directive to specify whether sshd must separate privileges by creating an unprivileged
child process to handle incoming network traffic. After successfully authenticating the user, the
server creates another process that has the same privileges as the authenticated user. By enabling
the UsePrivilegeSeparation directive, you can prevent privilege escalation by containing
any corruption within the unprivileged processes.
The default value is YES.
For example:
UsePrivilegeSeparation YES
X11DisplayOffset
Use this directive to specify the first display number the sshd daemon must use for X11
forwarding. This prevents the sshd daemon from crashing the X11 servers.
The default value is 10.
For example:
X11DisplayOffset 10
X11Forwarding
Use this directive to enable X11 forwarding. When you enable this directive, there is additional
exposure to the server, and the client displays whether the sshd proxy display is configured to
listen on the wildcard address.
NOTE: Security risks are involved in using this directive, because authentication spoofing,
authentication data verification, and substitution can occur on the client side. HP recommends
that you disable this directive for high security.
The default setting is YES.
For example:
X11Forwarding YES
X11UseLocalhost
Use this directive to bind the X11 forwarding server to the loopback address or the wildcard
address. For a loopback address, the host name part of the DISPLAY environment variable is
80 Configuration Files and Directives