Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions
81828384858687888990
HP-UX Secure Shell is fully integrated with PAM modules available on the server system.
For this purpose, the /opt/ssh/etc/sshd_config file carries a UsePAM configuration
directive. If set to YES, any password authentication request from the client causes sshd
to look at the PAM configuration file (/etc/pam.conf). Password authentication is then
done through the configured PAM modules, in sequence, until successful. For more
information on PAM authentication, see pam.conf(4).
Set the UsePAM directive to NO to ignore PAM authentication. Then any password
authentication request from the client causes sshd to ignore PAM configuration settings
on the server. Instead, sshd obtains user password information by directly calling the
getpwnam library call
HP-UX Secure Shell has been tested with PAM_UNIX, PAM_LDAP and PAM_KERBEROS.
It is also expected to work with other PAM modules, such as PAM_DCE and PAM_NTLM.
4.6.6 Communication Protocols
HP-UX Secure Shell users can connect with a remote sshd daemon using the SSH-1 or
SSH-2 protocol. SSH-2 is more secure, and is strongly recommended instead of SSH-1.
4.6.7 HP-UX Secure Shell and the HP-UX System
HP-UX Secure Shell is actually not a true shell. It is a mechanism for creating a secure
connection between a client and a remote host to execute remote shell sessions securely
on the host. To achieve the secure connection, HP-UX Secure Shell does most of the
authentication and session creation itself. Following is a partial list of features that HP-UX
Secure Shell uses:
Logging of login attempts
Like telnet or remsh, HP-UX Secure Shell logs successful and unsuccessful sessions
in the /var/adm/wtmp and /var/adm/btmp files, respectively. For more
information, see utmp(4).
PAM modules
As described in Section 4.6.5, HP-UX Secure Shell can use PAM authentication for
client sessions. When PAM authentication is selected, HP-UX Secure Shell uses the
/etc/pam.conf file and invokes the appropriate PAM module for authentication.
See pam.conf(4) for more information about the /etc/pam.conf file.
Use of /etc/default/security file
This is a systemwide configuration file that contains attributes defining the behavior
of login, passwords, and other security configurations. HP-UX Secure Shell allows
use of these attributes with some restrictions, which are explained in the /opt/ssh/
README.hp file for HP-UX Secure Shell.
More information on the /etc/default/security file is in security(4).
82 Remote Access Security Administration