Manualshelf

HP-UX Secure Shell Getting Started Guide HP-UX 11i v1, HP-UX 11i v2, and HP-UX 11i v3 (5900-3142, June 2013)

ManualsBrandsHP ManualsSoftwareHP-UX 11i Secure Shell Software
21222324252627282930
key pair and store all the key pairs in the $HOME/.ssh directory. If you have DSA, ECDSA, and
RSA keys, you can use the HostKeyAlgorithms client configuration directive to set an order of
preference. The HP-UX Secure Shell client selects the keys in the order you set for public-key
authentication.
NOTE: The client cannot pick the correct key pair if there are multiple key pairs of the same type
in the $HOME/.ssh directory, for instance, three RSA key pairs. HP-UX Secure Shell does not have
a configuration directive that can inform the client about multiple key pairs. However, you can
specify a key file name in the HP-UX Secure Shell client using the option. For more information on
the -i option, see ssh(1).
Kerberos Authentication
Kerberos is a network authentication protocol based on RFC 1510, Kerberos Network Authentication
Service (V5). RFC 1510 is designed to provide strong authentication for client and server
applications using shared secret key cryptography. For more information on Kerberos, see the
Kerberos documentation set available at: http://www.hp.com/go/hpux-security-docs
The main component of the Kerberos security is the Key Distribution Center (KDC), which is a
network service that supplies tickets and temporary session keys to clients and servers. The KDC
maintains a database of principal names (users and services) and their associated secret keys.
When the HP-UX Secure Shell server authenticates the client, both the system running the HP-UX
Secure Shell client and the system running the HP-UX Secure Shell server interact with the KDC.
Kerberos is a third party custodian of user (client) and service information. A user is a client
application. A service is a process running on a server that the user is trying to connect to. The
service must authenticate the user.
The following actions take place when the service authenticates the user:
1. The user contacts the Kerberos server to obtain information about itself (client information) and
the service.
2. The user generates information about itself.
3. The user contacts the required service with the Kerberos-generated client information and the
self-generated client information.
4. The service compares its client information with the self-generated client information. If these
two pieces of data match, the service allows the client to access the service.
Using Kerberos with HP-UX Secure Shell offers the following benefits:
Proven security of Kerberos authentication
Simplicity and flexibility of HP-UX Secure Shell
How Kerberos Works with HP-UX Secure Shell
Figure 2 illustrates how Kerberos works with HP-UX Secure Shell.
28 HP-UX Secure Shell Authentication Methods