Manualshelf

HP-UX Secure Shell Getting Started Guide HP-UX 11i v1, HP-UX 11i v2, and HP-UX 11i v3 (5900-3142, June 2013)

ManualsBrandsHP ManualsSoftwareHP-UX 11i Secure Shell Software
61626364656667686970
threshold, the sshd daemon disconnects the client and terminates the session. The client alive
messages are sent through an encrypted channel and cannot be spoofed. The default value is
three. If ClientAliveInterval is set to 15, and ClientAliveCountMax is left at the default,
unresponsive SSH clients is disconnected after approximately 45 seconds.
For example:
ClientAliveCountMax 3
NOTE: The ClientAliveCountMax is available for the SSH-2 protocol only. The use of client
alive messages is different from TCPKeepAlive.
ClientAliveInterval
Use this directive to send a request to nonresponsive clients and to expect a reply within a specified
time interval. This directive sets the timeout interval in seconds. If no data is received from the client
after the specified timeout interval, the sshd daemon sends a message through the encrypted
channel requesting a response from the client.
The default value is 0.
ClientAliveInterval 0
NOTE: The ClientAliveInterval is available for the SSH-2 protocol only.
Compression
Use this directive to compress data sent over HP-UX Secure Shell connections before they are
encrypted. It also decompresses the data received by the client after it is decrypted. You can use
the yes, no, or delayed values to enable, enable delayed, or disable compression.
The default setting is delayed. In this setting, the server invokes the zlib compression modules
only after the user is successfully authenticated. Using compression=delayed eliminates the
risk of any zlib vulnerability leading to the server being compromised by unauthenticated users.
For example:
Compression delayed
NOTE: HP-UX Secure SHell client version 3.5 and earlier do not support delayed compression.
The earlier versions of HP-UX Secure Shell cannot connect to a newer version of the server unless
compression is disabled (on the client-side), or the original compression method is enabled on the
server (by setting Compression yes in the sshd_config file).
CountKeyAuthBadLogins
Use this directive to control the logging of bad login attempts to the btmp file when using the
GSS-API, public-key, and host-based authentication methods.
The default setting is no. When CountKeyAuthBadLogins is set to no, failed authentication
attempts for key-based authentication do not generate btmp records.
For example:
CountKeyAuthBadLogins no
NOTE: This configuration directive is specific to HP-UX Secure Shell, and is not available in
OpenSSH base code.
DenyGroups
Use this directive to deny login for users whose primary group or supplementary group list matches
one of the specified strings. This directive must be followed by a list of group name strings separated
by spaces. You can use the star (*) and question mark (?) characters as wildcards in the strings.
NOTE: Only group names are valid; numerical group IDs are not recognized.
By default, login is enabled for all groups.
Server Configuration Directives 67