HP-UX Secure Shell Getting Started Guide HP-UX 11i v1, HP-UX 11i v2, and HP-UX 11i v3 (5900-3142, June 2013)

ManualsBrandsHP ManualsSoftwareHP-UX 11i Secure Shell Software

Table 16 Behavior of the ssh, scp, and sftp commands with Different Combinations of

EnforceSecureTTY and PermitRootLogin (continued)

Behavior of the scp and sftp

Commands

Behavior of the sshCommandPermitRootLoginEnforceSecureTTY

IMPORTANT: The scp and

sftp commands, and

forced-command are mutually

exclusive. If forced-command

execution is set, only

forced-command is executed

and no file transfers are

allowed.

no-pty option. This option

is specified in the

authorized_keys file,

located in the home directory

of the superuser on the server.

The default option is pty. If

run with a pty option,

forced-command execution is

allowed only for superusers

whose ptys are listed in the

etc/securetty file. If run

with a no-pty option, then

forced-command execution is

allowed for all superusers,

regardless of the settings in

the etc/securetty file.

NOTE: For

Forced-commands only,

superusers must log in using

public key authentication. This

additional requirement is not

related to

EnforceSecureTTY . This

applies to the scp, ssh, and

sftp commands.

Superusers can execute the

scp and sftp commands,

Host login is allowed only for

superusers whose ptys are

Without PasswordYES

regardless of the settings in thelisted in the etc/securetty

etc/securetty file. These

file. These superusers must

superusers must authenticateauthenticate with a method

with a method other than

password authentication.

other than password

authentication. This additional

requirement is not related to

EnforceSecureTTY.

Host command execution is

allowed for all superusers,

regardless of the settings in

the etc/securetty file.

Forced-command execution is

allowed for all superusers

Host login and host command

executions are not allowed

Forced-Commands-onlyNO

regardless of the settings in thefor all superusers.

etc/securetty file, and theForced-commands execution

is allowed for all superusers.

NOTE: For

Forced-Commands-only,

superusers must authenticate

using public key

authentication. This additional

requirement is not related to

EnforceSecureTTY. This

applies to the ssh, scp, and

sftp commands.

pty setting in the

authorized_keys file.

However, no pty is allocated

even if it specified in the

authorized_keys file.

46 Configuring HP-UX Secure Shell Authentication Methods