HP-UX Secure Shell Getting Started Guide HP-UX 11i v1, HP-UX 11i v2, and HP-UX 11i v3 (5900-3142, June 2013)

ManualsBrandsHP ManualsSoftwareHP-UX 11i Secure Shell Software

Table 9 Advantages and Disadvantages of HP-UX Secure Shell Authentication Methods (continued)

DisadvantagesAdvantagesAuthentication Method

becomes vulnerable if server security is

compromised.

Large management overhead, such as

creating key pairs and sharing public-key

information with clients.

Secure authentication method that does not

require a password for authentication.

Convenient for users who run remote test

scripts, secured automated file transfers,

and run test suite from remote systems.

Public-key

Less secure authentication method because

multiple users can establish connections

Simple and easy to manage.

Convenient for managing a trusted

network, because this method checks only

Host-based

from the same client using the host key

pair.

the hosts. It does not check individual user

logins.

Large management overhead, including

creating and maintaining tickets.

Uses a centrally managed third party Key

Distribution Center (KDC) server that

manages tickets for all clients.

Generic Security Service

Application Programming

Interface (GSS-API)

authentication using Kerberos

Secure authentication method.

Convenient for systems that are accessed

by many users and systems that need

centralized user authentication.

Not as secure as GSS-API or public-key

authentication.

Simple and easy to manage.

Convenient for remote administrators and

secure personal use.

Keyboard Interactive

You can combine the authentication methods described in Table 9 or use them separately,

depending on the level of security that you need.

Password Authentication

Password authentication is a simple, convenient method of authentication, because the server and

client do not require any additional setup.

During password authentication, the server takes the following steps to authenticate a client:

1. The user logs in using the user ID and password.

2. The client transmits the password to the server over the network in clear text.

3. The server checks whether the given password matches the target account, and allows the

client to connect to the server.

You can use one of the following files for password authentication:

• “Using the /etc/passwd File” (page 25)

• “Using the /etc/pam.conf File” (page 26)

Using the /etc/passwd File

This authentication method is based on the user login details specified in the /etc/passwd file.

You must use the user ID and password configured in this file when you log into the HP-UX Secure

Shell server. Each entry in the /etc/passwd file contains the following attributes, separated by

a colon (:):

• Login name

• Encrypted password

• Numerical user ID

Password Authentication 25