Manualshelf

HP-UX Secure Shell Getting Started Guide HP-UX 11i v1, HP-UX 11i v2, and HP-UX 11i v3 (5900-3142, June 2013)

ManualsBrandsHP ManualsSoftwareHP-UX 11i Secure Shell Software
71727374757677787980
key listed in this file, then it might be used for authentication of any user listed in the certificate's
principals list.
For example:
TrustedUserCAKeys /opt/ssh/etc/user-ca-key.pub
NOTE: Certificates without principals will not be permitted for authentication using
TrustedUserCAKeys.
UseDNS
Use this directive to specify the order in which the sshd daemon must look up the remote host
name, and to check that the resolved host name for the remote IP address maps back to the same
IP address.
The default setting is yes.
For example:
UseDNS yes
UseLogin
Use this directive to specify whether to use login for interactive login sessions. Enabling this option
automatically disables X11 forwarding, because login cannot handle xauth cookies.
NOTE: When you enable UseLogin, the PermitUserEnvironment configuration directive
is automatically disabled.
The default setting is no.
For example:
UseLogin no
UsePAM
Use this directive to enable PAM authentication and session setup.
NOTE: If PasswordAuthentication and UsePAM are set to yes, the user gets three chances
to enter the correct password after which a new prompt is displayed indicating that ssh is using
the password authentication method.
The default setting is yes.
TIP: HP recommends that you disable password authentication when enabling the UsePAM
directive.
For example:
UsePAM yes
UsePrivilegeSeparation
Use this directive to specify whether sshd must separate privileges by creating an unprivileged
child process to handle incoming network traffic. After successfully authenticating the user, the
server creates another process that has the same privileges as the authenticated user. By enabling
the UsePrivilegeSeparation directive, you can prevent privilege escalation by containing
any corruption within the unprivileged processes. If UsePrivilegeSeparation is set to sandbox, then
the pre-authentication unprivileged process is subject to additional restrictions.
The default value is yes.
For example:
UsePrivilegeSeparation yes
80 Configuration Files and Directives