HP-UX Secure Shell Getting Started Guide HP-UX 11i v1, HP-UX 11i v2, and HP-UX 11i v3 (5900-3142, June 2013)

Table 17 Difference in Behavior Between telnet and ssh Logins

An ssh LoginA telnet Login

If the EnforceSecureTTY configuration directive is set to

yes, and a superuser attempts an ssh login with a tty

When a superuser tries to login using telnet with a

tty that is not listed in the etc/securetty file, telnet

that is not listed in the etc/securetty file, HP-UX Securecontinues to prompt the user for a password regardless

of whether the user types a valid or invalid password.

Shell continues to prompt the user for a password as long

as the user types invalid passwords. Once the user types

the valid password, the sshd daemon does the following:

• Authenticates the user

• Allocates a pty

• Finds out that the pty is not permitted

• Closes the connection

Behavioral differences between remsh and ssh logins because of EnforceSecureTTY

The addition of the EnforceSecureTTY configuration directive modifies the behavior of the ssh

forced-command option for superusers logging in with a tty not listed in the etc/securetty

file. However, in a remsh login, the settings in the etc/securetty file are enforced only if a

user logs in using password authentication. If a remsh user authenticates using host-based

authentication, remsh ignores the settings in the etc/securetty file.

In an ssh login, there is no distinction between authentication methods when enforcing the settings

in the etc/securetty file.

48 Configuring HP-UX Secure Shell Authentication Methods