Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions
71727374757677787980
Table 4-2 Software Components of HP-UX Secure Shell (continued)
Equivalent
non-secure
component(s)
LocationDescriptionComponent
Not applicableClientTool for a client to gather the public keys for
a set of hosts running the Secure Shell daemon
(sshd)
ssh-keyscan
Not applicableClientTools to generate the digital signature required
during host based authentication is and it is
used by ssh() to access the local host keys host
based authentication
ssh-keysign
4.6.3 Running HP-UX Secure Shell
Before running any of the Secure Shell clients listed in Table 4-2, first start the Secure
Shell server daemon, sshd. The sshd daemon obtains its initial configuration values
from the sshd_config file, located in the /opt/ssh/etc directory on the server
system. One of the most important configuration directives in sshd_config is the set
of authentication methods supported by the sshd daemon. See Section 4.6.5 for more
information.
4.6.3.1 Running the ssh Client
The ssh client application establishes a socket connection with the sshd server. The
sshd server spawns a child sshd process. This child inherits the connection socket and
authenticates the client based on the selected authentication method. A successful secure
client session is established only upon successful authentication.
After a session is created, all subsequent communication occurs directly between the
client and this child sshd process. The client can now execute remote commands on the
server. Each command request from the ssh client causes the child sshd process to
spawn a shell process to execute that command.
In summary, a running ssh client-server session consists of the following processes:
On every client system connected to the sshd server, there is one ssh client process
for each ssh connection currently established from that client system.
On the server system, there is one parent sshd process and as many child sshd
processes as there are concurrent ssh clients connected to the server. The number
of child sshd processes running on the server doubles if privilege separation is
enabled on the server. See Section 4.6.4.
On the server system, for each command execution request from a ssh client, the
corresponding child sshd process spawns a shell process, and uses a UNIX pipe
to communicate the command request to this shell process. This shell process returns
the command execution results to the child sshd process using the UNIX pipe and
terminates when the command execution is complete.
78 Remote Access Security Administration