HP-UX Secure Shell Getting Started Guide HP-UX 11i v1, HP-UX 11i v2, and HP-UX 11i v3 (5900-3142, June 2013)

the /var/adm/syslog/syslog.log file. HP-UX Secure Shell error messages are prefixed

with sshd in the /var/adm/syslog/syslog.log file.

Following is a sample error message in the /var/adm/syslog/syslog.log file:

May 12 16:47:39 system_name sshd[2618]: error: PAM: Authentication failed

Where:

PAM Authentication failed is the error message.

• The Standard Output – If you specify the -d or -v option with sshd, HP-UX Secure Shell

sends debug messages to the standard output, whether or not LogLevel is configured in the

HP-UX Secure Shell configuration files. Command-line arguments override the LogLevel

configuration directive.

• The /var/adm/syslog/syslog.log File – Error messages continue to be logged in the

/var/adm/syslog/syslog.log file, regardless of the LogLevel or the command-line

specifications.

• The Standard Error – If you specify the -e command-line option with sshd, the error messages

are logged to standard error instead of the /var/adm/syslog/syslog.log file, regardless

of any LogLevel or other command-line specifications.

Authentication Problems

This section discusses common problems encountered during authentication.

Public-Key Authentication Problems

Following are some common public-key authentication setup mistakes:

• Not moving the public key to the authorized_keys file in the HP-UX Secure Shell server.

• Granting incorrect permissions for the authorized_keys file or one of the parent directories.

• Forgetting the passphrase. Passphrases are not recoverable.

• Generating a key pair and accidentally replacing the public key with an older one.

• Attempting to use a key that is in incorrect format.

Host-Based Authentication Problems

Following are some common host-based authentication configuration mistakes:

• You must ensure that the public host key of the client is in the known_hosts file in the server.

• You must use the correct canonical name of the client so that the server is able to resolve this

canonical name.

• HP recommends that you provide read/write permission for the user for the $HOME/.shosts

file, and no permission for other users.

Reporting Problems

If you are unable to troubleshoot HP-UX Secure Shell yourself, follow these steps:

1. Read the release notes for HP-UX Secure Shell to see if the problem is known. If it is, follow

the instructions offered to solve the problem.

The HP-UX Secure Shell release notes is available at:

http://www.hp.com/go/hpux-security-docs

2. Access http://www.hp.com/go/hpsc and search the technical knowledge databases to

determine if the problem you are experiencing has already been reported. The type of

documentation and resources you have access to depend on your support contract level.

To search the ITRC forum for a solution, follow these steps:

Authentication Problems 61