HP-UX Secure Shell Getting Started Guide HP-UX 11i v1, HP-UX 11i v2, and HP-UX 11i v3 (5900-3142, June 2013)

ManualsBrandsHP ManualsSoftwareHP-UX 11i Secure Shell Software

5. If the PasswordAuthAllowUsers configuration directive is not specified, user U1 can

authenticate using password authentication. If the PasswordAuthAllowUsers configuration

directive is specified, the sshd daemon checks if user U1 is specified in the list.

6. If user U1 is specified in the list, the user can authenticate using password authentication.

7. If user U1 is not specified in the list, then user U1 cannot authenticate using password

authentication.

The EnforceSecureTTY Configuration Directive

This configuration directive honors the settings in the etc/securetty file. Use this configuration

directive to specify whether the sshd daemon must restrict superuser logins to the tty (terminal

types) names listed in the /etc/securetty file. When EnforceSecureTTY is set to no (the

default value), HP-UX Secure Shell ignores the settings in the etc/securetty file.

You can use the EnforceSecureTTY configuration directive in conjunction with the

PermitRootLogin configuration directive. Table 16 describes the behavior of the ssh, scp,

and sftp commands with different combinations of EnforceSecureTTY and

PermitRootLogin.

Table 16 Behavior of the ssh, scp, and sftp commands with Different Combinations of

EnforceSecureTTY and PermitRootLogin

Behavior of the scp and sftp

Commands

Behavior of the sshCommandPermitRootLoginEnforceSecureTTY

Superusers cannot execute the

scp and sftp

commands,

Host login

and host

command

executions are not

allowed for all users

NONO

regardless of the settings in the

etc/securetty file.

Superusers can execute the

scp and sftp commands,

Host login and host command

executions are allowed for all

superusers

YESNO

regardless of the settings in the

etc/securetty file.

Superusers cannot execute the

scp and sftp commands,

Host login and host command

executions are not allowed

for all superusers

NOYES

regardless of the settings in the

etc/securetty file.

Superusers can execute the

scp and sftp commands,

Host login is allowed only for

those superusers whose ttys

YESYES

regardless of the settings in the

etc/securetty file.

are listed in the etc/

securetty file.

Host command execution is

allowed for all superusers,

regardless of the settings in

the etc/securetty file.

Forced-command execution is

allowed for all superusers,

Host login and host command

executions are not allowed

Forced-Command-onlyYES

regardless of the setting in thefor all superusers, regardless

etc/securetty file, and theof the settings in the etc/

securetty file.

Forced-command execution

is dictated by the pty or

pty setting in the

authorized_keys file.

However, no pty is allocated

even if it specified in the

authorized_keys file.

Configuring User-Specific Authentication 45