Manualshelf

HP-UX Secure Shell Getting Started Guide HP-UX 11i v1, HP-UX 11i v2, and HP-UX 11i v3 (5900-3142, June 2013)

ManualsBrandsHP ManualsSoftwareHP-UX 11i Secure Shell Software
41424344454647484950
Table 14 Host Configuration Files
Systemwide FilesUser-Specific Files
/opt/ssh/etc/shosts.equiv$HOME/.shosts
/etc/hosts.equiv$HOME/.rhosts
/opt/ssh/etc/ssh_known_hosts$HOME/.ssh/knownhosts
Configuring Host-Based Authentication for Superusers
To configure host-based authentication for superusers, follow the steps described in “Using
Systemwide Configuration (page 40). For the superuser, HP-UX Secure Shell uses the information
specified in the $HOME/.shosts and $HOME/.rhosts files. It does not use the information
specified in the systemwide configuration files /opt/ssh/etc/shosts.equiv or /etc/
hosts.equiv.
Configuring User-Specific Authentication
You can configure HP-UX Secure Shell to enable different authentication methods for different users.
You can also configure HP-UX Secure Shell to enable users to login as superuser only if their ttys
are listed in the etc/securetty file. To enable these functionalities, HP-UX Secure Shell includes
the Auth Selection patch, and a new configuration directive called EnforceSecureTTY. For
more information on these functions, see the following sections:
The Auth Selection Patch.
“The EnforceSecureTTY Configuration Directive (page 45)
The Auth Selection Patch
HP-UX Secure Shell includes a third-party Auth Selection patch, which enables you to configure
different authentication methods for different users. The Auth Selection patch provides a set of 12
configuration directives to implement this feature. These configuration directives can be broadly
classified as Allow and Deny configuration directives. Table 15 lists the 12 configuration directives.
Table 15 Configuration Directives Provided by the Auth Selection Patch
Deny Configuration DirectivesAllow Configuration Directives
KerberosAuthDenyUsersKerberosAuthAllowUsers
KerberosorLocalPasswdAuthDenyUsersKerberosorLocalPasswdAuthAllowUsers
PubkeyAuthDenyUsersPubkeyAuthAllowUsers
HostbasedAuthDenyUsersHostbasedAuthAllowUsers
ChallRespAuthDenyUsersChallRespAuthAllowUsers
PasswordAuthDenyUsersPasswordAuthAllowUsers
These directives are similar to the AllowUsers and DenyUsers configuration directives. However,
these new configuration directives allow or deny users permission to authenticate, using a particular
authentication method. By default, all the Allow” configuration directives enable all users to
authenticate and all the “Deny” directives deny no user. The following examples show how to use
these configuration directives:
42 Configuring HP-UX Secure Shell Authentication Methods