Manualshelf

HP-UX Secure Shell Getting Started Guide HP-UX 11i v1, HP-UX 11i v2, and HP-UX 11i v3 (5900-3142, June 2013)

ManualsBrandsHP ManualsSoftwareHP-UX 11i Secure Shell Software
61626364656667686970
The default setting is the .ssh/authorized_keys .ssh/authorized_keys2.
For example:
#AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys2
If the home directory of the user being authenticated (%h) is /home/user1, then the
AuthorizedKeysFile directive is set to the /home/user1/.ssh/authorized_keys and
/home/user1/.ssh/authorized_keys2 files after substitution.
AuthorizedPrincipalsFile
Use this directive to specify a file that lists principal names that are accepted for certificate
authentication. When using certificates signed by a key listed in TrustedUserCAKeys, this file
lists names, one of which must appear in the certificate for it to be accepted for authentication.
The names are listed one per line preceded by key options (as described in AUTHORIZED_KEYS
FILE FORMAT in sshd(8)). Empty lines and comments starting with # are ignored.
AuthorizedPrincipalsFile may contain tokens of the form %T that are substituted during
connection setup. The following tokens are defined:
%% is replaced by a literal %
%h is replaced by the home directory of the user being authenticated
%u is replaced by the username of that user
The default is not to use a principals file, in this case, the username of the user must appear in a
certificate's principals list for it to be accepted.
NOTE: AuthorizedPrincipalsFile is not used for certification authorities trusted through
$HOME/.ssh/authorized_keys.
For example:
AuthorizedPrincipalsFile /opt/ssh/etc/authorized_principal
Banner
Use this directive to specify whether the contents of the specified file must be sent to the remote
user before authentication is allowed. By default, no banner is displayed.
For example:
Banner none
NOTE: This directive is applicable to protocol version 2 only.
ChallengeResponseAuthentication
Use this directive to enable Challenge-Response (also known as Keyboard-Interactive) authentication.
HP-UX Secure Shell supports all authentication styles from login.conf(5). For more information on
the Keyboard-Interactive authentication, see “Keyboard-Interactive Authentication (page 30).
The default setting is yes.
For example:
ChallengeResponseAuthentication yes
ChallRespAuthAllowUsers
This configuration directive has been introduced by the 3rd party Auth Selection patch. Use this
configuration directive to specify which users can be authenticated using Challenge Response
authentication.
The default setting is to allow all users.
For example:
ChallRespAuthAllowUsers Allow All
Server Configuration Directives 65