Manualshelf

HP-UX Secure Shell Getting Started Guide HP-UX 11i v1, HP-UX 11i v2, and HP-UX 11i v3 (5900-3142, June 2013)

ManualsBrandsHP ManualsSoftwareHP-UX 11i Secure Shell Software
61626364656667686970
ForceCommand
Use this directive to force the execution of the command specified by ForceCommand, ignoring
any other command specified by the client. The command originally supplied by the client is
available in the SSH_ORIGINAL_COMMAND environment variable. Previous releases of HP-UX
Secure Shell specified this option in the authorised_keys file.
For example:
ForceCommand pwd
In the above scenario, the pwd is executed regardless of the command specified by the client.
GatewayPorts
Use this directive to ensure that the sshd daemon enables remote port forwardings to bind to
non-loopback IP addresses, and enables other hosts to connect. Use one of the following arguments
with this directive:
no Forces remote port forwardings to be available to the local host only.
yes Forces remote port forwardings to bind to the wildcard addresses.
clientspecified Enables the client to select the address to which the port must be
forwarded. If GatewayPorts is set to clientspecified, the SSH
server honours the binding address specified for remote port forwarding.
The default setting is no.
For example:
GatewayPorts no
GSSAPIAuthentication
Use this directive to specify whether GSS-API can be used to authenticate users.
The default setting is no.
For example:
GSSAPIAuthentication no
GSSAPICleanupCredentials
Use this directive to specify whether the user credentials must be automatically destroyed on logout.
The default setting is yes.
For example:
GSSAPICleanupCredentials yes
GSSAPIEnableMitmAttack
Use this directive to enable GSS-API authentication for the server.
TIP: Set this directive to yes for older versions of HP-UX Secure Shell clients to connect to an
HP-UX Secure Shell A.04.20 server using GSS-API authentication.
The GSSAPI_WITH_MIC authentication method was introduced in HP-UX Secure Shell 3.8, but a
patch was provided to maintain compatibility with the previous GSS-API authentication method.
This patch enables older versions of the client to connect to newer versions of the server using
GSS-API authentication. Similarly, newer versions of the client can connect to older versions of the
server.
To enable the server to support the older GSS-API authentication methods, set this directive to yes.
The default setting is no.
For example:
GSSAPIEnableMitmAttack yes
Server Configuration Directives 69