Manualshelf

HP-UX Secure Shell Getting Started Guide HP-UX 11i v1, HP-UX 11i v2, and HP-UX 11i v3 (5900-3142, June 2013)

ManualsBrandsHP ManualsSoftwareHP-UX 11i Secure Shell Software
31323334353637383940
11. To verify the connection, run the following /usr/bin/klist command in the HP-UX Secure
Shell client system:
# klist
The following output is displayed:
Ticket cache: /tmp/krb5cc_01
Default principal: root@KRB_MC.REALM
Valid starting Expires Service principal
01/31/06 17:54:40 02/01/06 03:54:40 krbtgt/KRB_MC.REALM
1/31/06 18:20:40 02/01/06 03:54:40 host/sshd_mc.appserverdomain.com@KRB_MC.REALM
This output is different from the previous /usr/bin/klist output. This output shows the
ticket information of the client (1/31/06 18:20:40 02/01/06 03:54:40
host/sshd_mc.appserverdomain.com@KRB_MC.REALM) and indicates that the HP-UX
Secure Shell server has accepted the ticket.
Configuring Keyboard-Interactive Authentication
To configure the Keyboard-Interactive authentication, set either of the following directives in the
/opt/ssh/etc/ssh_config configuration file:
ChallengeResponseAuthentication yes
UsePAM yes
NOTE: If the HP-UX Secure Shell client requests the Keyboard-Interactive authentication method
and the underlying PAM module is a simple one-password function, Keyboard-Interactive
authentication works the same way as password authentication.
Configuring Host-Based Authentication
This section describes how to configure host-based authentication.
Configuring Host-Based Authentication for Non-Superusers
Non-superusers can configure host-based authentication using systemwide configuration or the
user-specific configuration.
Using Systemwide Configuration
To configure host-based authentication for non-superusers using systemwide configuration, follow
these steps:
1. On the client system, set the following directives in the /opt/ssh/etc/ssh_config file:
RhostsRSAAuthentication yes (For SSH-1)
HostbasedAuthentication yes (For SSH-2)
2. On the client system, set the following directive in the /opt/ssh/etc/ssh_config file:
EnableSSHKeysign yes
3. On the server system, set the following directives in the /opt/ssh/etc/sshd_config file:
RhostsRSAAuthentication yes (For SSH-1)
HostBasedAuthentication yes (For SSH-2)
4. Ensure that the /opt/ssh/etc/shosts.equiv file or the /etc/hosts.equiv file on the
server contains an entry for the fully qualified client host name and the user ID of the client,
as shown in the following example:
client.abc.com localuser
Where:
localuser Specifies the user on the client system who is logging into the remote system.
client Specifies the name of the client system.
abc.com Specifies the client domain.
40 Configuring HP-UX Secure Shell Authentication Methods