Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions
71727374757677787980
4.6 Securing Remote Sessions Using HP-UX Secure Shell (SSH)
HP-UX Secure Shell is based on the OpenSSH product, an open source SSH product
(http://www.openssh.org). It enables a secure connection between a client and a remote
host over an otherwise insecure network. Following are the key attributes of this secure
connection:
Strong authentication for both client and the remote host.
Strong encryption and public key cryptography for communication between a client
and the remote host.
A secure channel for the client to use to execute commands on the remote host.
HP-UX Secure Shell offers a secure replacement for such commonly used functions and
commands as telnet, remsh, rlogin, ftp, and rcp.
For HP-UX Secure Shell documentation see the ssh(1) manpage for the ssh client and to
the sshd(8) manpage for the sshd server. Both manpages include references to the other
HP-UX Secure Shell manpages that come with the product.
Also see the HP-UX Secure Shell Release Notes:
www.hp.com/go/hpux-security-docs
Click HP-UX 11i Secure Shell Software.
4.6.1 Key Security Features of HP-UX Secure Shell
The key security features of HP-UX Secure Shell include the following:
Strong encryption
All communication between the client and the remote host is encrypted using
patent-free encryption algorithms, such as Blowfish, 3DES, AES, and arcfour.
Authentication information, such as passwords, is never sent in clear text across the
network. Encryption in conjunction with strong public key-based cryptography also
provides protection against potential security attacks.
Strong authentication
HP-UX Secure Shell supports a strong set of authentication methods between client
and server. The authentication can be two-way: the server authenticates the client,
and the client authenticates the server. This protects the session against a variety of
security issues. The supported authentication methods are described Section 4.6.5.
Port forwarding
The redirection of TCP/IP connections between a client and a remote host (and back)
is referred to as port forwarding or SSH tunneling. HP-UX Secure Shell supports port
forwarding. For example, ftp traffic between a client and a server (or email traffic
between an email client and a POP/IMAP server) can be redirected using port
forwarding. Instead of the client directly communicating with its server, the traffic
76 Remote Access Security Administration