Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions
71727374757677787980
4.6.3.2 Running the sftp Client
The sftp client application causes the sftp client process to spawn the ssh client, and
then communicates with it using a UNIX pipe. The ssh client then establishes a socket
connection with the sshd server.
The rest of the server interaction is similar to the ssh client case described in
Section 4.6.3.1. The difference is that instead of spawning a shell to execute the remote
command, the child sshd process spawns the sftp-server process. All subsequent
communication during this sftp session occurs among the following processes:
The sftp client and the ssh client, on the client system, using a UNIX pipe.
The ssh client and the child sshd process, over the established connection socket.
The child sshd process and the sftp server process, using a UNIX pipe.
4.6.3.3 Running the scp Client
The scp client case is almost identical with the sftp client execution. The difference is
that instead of spawning the sftp-server process, the child sshd process spawns
the scp process. All subsequent communication during the scp session occurs among
the following processes:
The scp client and the ssh client, on the client system using a UNIX pipe.
The ssh client and the child sshd process, over the established connection socket.
The child sshd process and the scp server process, using a UNIX pipe.
4.6.4 HP-UX Secure Shell Privilege Separation
HP-UX Secure Shell offers a more enhanced level of security through the privileged
separation feature. As described in Section 4.6.3, both the parent sshd and the child
sshd processes run as privileged users. When privilege separation is enabled, one extra
process is spawned per user connection.
When an ssh client connects to an sshd server which is configured for privilege
separation, the parent sshd process spawns a privileged child sshd process. When
privilege separation is enabled, the child sshd process spawns an additional
nonprivileged child sshd process. This nonprivileged child sshd process then inherits
the connection socket. All subsequent communication between client and server occurs
with this nonprivileged child sshd process.
Most remote command execution requests from the client are nonprivileged, and are
handled by a shell spawned under this nonprivileged child sshd process. When the
nonprivileged child sshd process needs a privileged function to be executed, it
communicates with its privileged parent sshd process using a UNIX pipe.
Privilege separation helps contain potential damage from an intruder. For example, if a
buffer overflow attack occurs during a shell command execution, control is within the
nonprivileged process, thereby containing the potential security risk.
4.6 Securing Remote Sessions Using HP-UX Secure Shell (SSH) 79