Manualshelf

HP-UX Secure Shell Getting Started Guide HP-UX 11i v1, HP-UX 11i v2, and HP-UX 11i v3 (5900-3142, June 2013)

ManualsBrandsHP ManualsSoftwareHP-UX 11i Secure Shell Software
61626364656667686970
AllowAgentForwarding
Use this directive to specify whether the ssh-agent(1) forwarding is permitted.
The default is yes.
For example:
AllowAgentForwarding no
AllowGroups
Use this directive to enable login only for users whose primary or supplementary group list matches
a specified string. The star (*) and question mark (?) characters can be used as wildcards in the
strings. Enter the AllowGroups directive followed by a list of group name strings, separated by
spaces. Only group names are valid. By default, login is enabled for all groups.
By default, this directive is not specified in the sshd_config file.
NOTE: Numerical group IDs are not recognized.
For example:
AllowGroups root staff users
AllowUsers
Use this directive to allow login for user names that match one of the specified strings. The star (*)
and question mark (?) characters can be used as wildcards in the strings.
NOTE: Only user names are valid; numerical user IDs are not recognized.
Login is allowed for all users by default. If the pattern takes the form USER@HOST, then USER and
HOST are separately checked, and the logins to particular users from particular hosts is restricted.
The allow or deny directives are processed in the following order: DenyUsers, AllowUsers,
DenyGroups and AllowGroups.
For example:
AllowUsers Clay@zin.org Arian
This command allows login to the user Clay, connecting from zin.org. It also allows login from all
addresses to anyone logging in as Arian.
AllowTCPForwarding
Use this directive to enable or disable TCP forwarding.
The default setting is yes.
NOTE: To improve security, disable TCP forwarding and deny users shell access.
For example:
AllowTcpForwarding yes
AuthorizedKeysFile
Use this directive to specify the file to be used for public-key authentication. The
AuthorizedKeysFile can contain tokens in a %T form, where T is the token. The following
tokens are available:
%% Use this token to specify %.
%h Use this token to specify the home directory of the user being authenticated.
%u Use this token to specify the user name of the user being authenticated.
HP-UX Secure Shell substitutes these tokens with the token values during connection setup. After
this substitution, AuthorizedKeysFile becomes an absolute path or a path relative to the home
directory of the user.
64 Configuration Files and Directives