HP-UX Secure Shell Getting Started Guide HP-UX 11i v1, HP-UX 11i v2, and HP-UX 11i v3 (5900-3142, June 2013)
ChallRespAuthDenyUsers
This configuration directive has been introduced by the 3rd party “Auth Selection” patch. Use this
configuration directive to specify which users must be denied authentication using Challenge
Response authentication.
The default setting is to deny no users.
For example:
ChallRespAuthDenyUsers Deny none
ChrootDirectory
Use this directory to specify a path to chroot after authentication. This path, and all its components,
must be root-owned directories that are not writable by any other user or group. The pathname
may contain the following tokens that are expanded at runtime after the connecting user is
authenticated:
%% is replaced by a literal %
%h is replaced by the home directory of the user being authenticated, and
%u is replaced by the username of that user.
The default setting is not to chroot.
For example:
ChrootDirectory not to chroot
NOTE: The ChrootDirectory must contain the necessary files and directories to support the
users session.
Ciphers
Use this directive to specify the ciphers used by SSH-2 in the order of preference. Multiple ciphers
must be separated by commas. The supported ciphers are as follows:
• 3des-cbc
• aes128-cbc
• aes192-cbc
• aes256-cbc
• aes128-ctr
• aes192-ctr
• aes256-ctr
• arcfour128
• arcfour256
• arcfour
• blowfish-cbc
• cast128-cbc
The default setting is aes128–cbc,3des-cbc,blowfish-cbc,cast128–cbc,arcfour128,
arcfour256,arcfour,aes192–cbc,aes256–cbc,aes128–ctr,aes192–ctr,aes256–ctr.
For example:
Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
ClientAliveCountMax
The ClientAliveCountMax directive enables a client or a server to detect an inactive connection.
Use this directive to specify the number of client alive messages that can be sent before sshd
receives messages from the client. If the number of client alive messages reaches the specified
66 Configuration Files and Directives