HP-UX Secure Shell Getting Started Guide HP-UX 11i v1, HP-UX 11i v2, and HP-UX 11i v3 (5900-3142, June 2013)
Strong Encryption All communication between the client and the server is
encrypted using patent-free encryption algorithms such as
Blowfish, Data Encryption Standard (DES), 3DES, Advanced
Encryption Standard (AES), and arcfour. Authentication
information (for example, passwords) is never sent in clear
text over the network. Encryption in conjunction with strong
public-key cryptography also provides protection against a
number of potential security attacks.
Strong Authentication HP-UX Secure Shell supports a strong set of authentication
methods between client and server. HP-UX Secure Shell
supports two-way authentication: the server authenticates
the client and the client authenticates the server. This protects
the session against a variety of security hazards.
Port Forwarding HP-UX Secure Shell supports the redirection of TCP/IP
connections between a client and a remote host. For
example, you can use port forwarding to redirect file transfer
protocol (FTP) traffic between a client and a server. Instead
of the client directly communicating with the server, you can
redirect the traffic to an HP-UX Secure Shell server over a
secure channel. The HP-UX Secure Shell server forwards the
traffic to a designated port on the FTP server.
X11 Forwarding X11 forwarding provides secure X traffic between client and
server. It automatically sets the DISPLAY variable on the
remote system where the sshd daemon is running.
Agent Forwarding HP-UX Secure Shell facilitates and secures key-based
authentication using an authentication agent. This agent
typically runs in the client environment and holds all key
information. The only place in the network where the key
information is stored is the local system. Keys are never
disclosed to any other component of the network.
Integration with HP-UX Security
Features and Services
HP-UX Secure Shell is well integrated with the following
features and services offered by HP-UX:
• The /etc/utmp, /var/adm/wtmp, and /var/adm/
btmp files (similar to the telnet and remsh sessions)
• PAM modules
• The /etc/default/security file
• Shadow passwords
• Trusted HP-UX features
• The /var/adm/syslog/syslog.log file
• Audit Logging
Architecture
HP-UX Secure Shell is based on client-server architecture. An HP-UX Secure Shell daemon (sshd)
runs on a UNIX system and waits for connections from clients. The HP-UX Secure Shell environment
consists of the following distinct components:
Server A program running as a daemon (sshd) that listens for HP-UX Secure Shell
connections.
Client A program that connects a system to the HP-UX Secure Shell server.
Session An ongoing connection between an HP-UX Secure Shell client and a server.
Architecture 13