Manualshelf

Getting Started Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Data Security Software
81828384858687888990
ExitOnForwardFailure no
ForwardAgent
Use this directive to specify whether the connection to the authentication agent is forwarded to the
remote machine.
NOTE: Enable agent forwarding with caution. Users with privileges to bypass file permissions
on the remote host, for the agent’s UNIX domain socket, can access the local agent through the
forwarded connection. Attackers cannot obtain key material from the agent, but they can perform
operations on the keys that enable them to authenticate using the identities loaded into the agent.
The default setting is no.
For example:
ForwardAgent no
ForwardX11
Use this directive to specify whether X11 connections must be automatically redirected over the
secure channel and DISPLAY set.
NOTE: Enable X11 forwarding with caution. Users with privileges to bypass file permissions on
the remote host, for the user’s X11 authorization database, can access the local X11 display
through the forwarded connection. An attacker can perform activities, such as keystroke monitoring,
if the ForwardX11Trusted option is also enabled.
The default setting is no.
For example:
ForwardX11 no
ForwardX11Trusted
Use this directive to specify whether remote X11 clients can access the original X11 display. The
xauth(1) token used for the session is set to expires after 20 minutes. Remote clients are refused
access after the time elapses.
The default setting is no.
For example:
ForwardX11Trusted no
GatewayPorts
Use this directive to specify whether remote hosts are allowed to connect to local forwarded ports.
By default, HP-UX Secure Shell binds local port forwardings to the loopback address. This prevents
other remote hosts from connecting to forwarded ports. Use GatewayPorts to specify that HP-UX
Secure Shell must bind local port forwarding to the wildcard address, and allow remote hosts to
connect to forwarded ports.
The default setting is no.
For example:
GatewayPorts no
GlobalKnownHostsFile
Use this directive to specify one or more files to be used for the global host key database, separated
by whitespace.
The default setting is /opt/ssh/etc/ssh_known_hosts, /opt/ssh/etc/
ssh_known_hosts2.
For example:
GlobalKnownHostsFile /opt/new_known_hosts, /opt/ssh/etc/ssh_known_hosts2
Client Configuration Directives 87