HP-UX Secure Shell Getting Started Guide HP-UX 11i v1, HP-UX 11i v2, and HP-UX 11i v3 (5900-3142, June 2013)
When an HP-UX Secure Shell user attempts host-based authentication with an HP-UX Secure Shell
server, the following events occur:
1. The server checks whether the user and host combination is allowed for host-based
authentication in the /etc/shosts.equiv or $HOME/.shosts file.
2. If the user and host combination is allowed, the HP-UX Secure Shell server creates a challenge
string, encrypts it with the public key of the client, and sends it to the client.
3. The client uses its private key to decrypt the challenge string, and sends the decrypted message
back to the server.
4. The server matches the decrypted string with the original challenge string. If both strings match,
the client is authenticated.
This method is convenient for client users, because they do not need to generate their own individual
key pairs.
You can configure host-based authentication for both superusers and regular users.
NOTE: You can use host-based authentication in environments that require non-interactive
authentication. If you use only one trusted host, an attacker can get access to all accounts on other
hosts. You can use this method in scripts and automated processes, such as cron jobs.
HP recommends that you do not enable host-based authentication, because it is insecure.
Host-Based Authentication 31