Network Security Features of HP-UX 11i v1 and 11i v2
Network Security Features of HP-UX 11i
Page 17
HP-UX Secure Shell (SSH)
HP-UX Secure Shell, based on open source SSH technology, is widely used to secure remote UNIX
terminal sessions and is increasingly being regarded as an integral networking infrastructure component.
HP-UX Secure Shell provides secure replacements for network utilities such as
rlogin, rsh, and rcp,
and provides secure
ftp. HP-UX Secure Shell is a fully tested and supported version of the OpenSSH
Secure Shell product. HP-UX Secure Shell supports many encryption methods, uses cryptographic
hashing for data integrity, and uses a combination of public and private key encryption to ensure highly
secure and fast data encryption. The basic architecture of an SSH implementation is shown below in
Figure 3.
SSH Client
Internet
F
i
r
e
w
a
l
l
Socket APPL
SSHD
SSH Client
Figure 3: HP-UX Secure Shell Product Deployment
HP-UX Secure Shell is available as part of the HP-UX 11i Operating Environments (OEs) and on
Software Depot.
HP-UX Secure Shell Features
The key features and benefits of HP-UX Secure Shell are:
• Privilege separation: Systems connected to the Internet are vulnerable to attacks where, if there is a
programming error, an attacker may compromise the system and obtain special privileges. Privilege
separation makes such compromises very difficult by separating processes.
• Port forwarding/tunneling capability: TCP-based services such as telnet or IMAP can be
encapsulated in an SSH tunnel. All data being transmitted is automatically encrypted—not just the
password. When “AllowTCPForwarding” is set to “yes”, the client can forward all traffic for all ports
at a remote site.