HP-UX Secure Shell Getting Started Guide

NOTE: The BindAddress directive does not work if the UsePrivilegedPort directive is

set to YES.

ChallengeResponseAuthentication

Use this directive to specify whether to use challenge-response (keyboard-interactive)

authentication.

The default setting is YES.

For example:

ChallengeResponseAuthentication yes

CheckHostIP

Use this directive to specify whether to check the host IP address in the known_hosts file. This

enables HP-UX Secure Shell to detect whether a host key was modified because of DNS spoofing.

If the option is set to no, the check is not executed.

The default setting is YES.

For example:

CheckHostIP yes

Cipher

Use this directive to specify the cipher to be used to encrypt SSH-1 sessions.

TIP: The blowfish, 3des, and des ciphers are supported. The des cipher is supported only

in the HP-UX Secure Shell client for interoperability with legacy SSH-1 protocol implementations

that do not support 3des. HP does not recommend using des.

The default setting is 3des.

For example:

Ciper 3des

Ciphers

Use this directive to specify the ciphers used by SSH-2 in the order of preference. Multiple ciphers

must be comma separated. The supported ciphers are as follows:

• 3des-cbc

• aes192-cbc

• aes256-cbc

• aes128-ctr

• aes-192-ctr

• aes256-ctr

• arcfour

• blowfish-cbc

• cast128-cbc

The default setting is aes128-cbc,3des-cbc,

blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc.

For example:

Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc

84 Configuration Files and Directives