topic Re: HP-UX Secure Shell Encrypts Remote Network Traffic in Operating System - HP-UX

HP-UX Secure Shell Encrypts Remote Network Traffic

HP-UX Secure Shell Team — Mon, 17 Jun 2002 22:47:12 GMT

Hi Everyone,

Thought you'd be interested to know that Secure Shell technology is now available with HP-UX. You can download HP-UX Secure Shell A.03.10, based on OpenSSH 3.1p1, at http://software.hp.com. HP-UX Secure Shell transparently encrypts remote network traffic for HP-UX 11.0 and 11i. It provides stronger security than the traditional ftp, remsh, telnet, and rcp services. Best of all, it is free of charge! HP supports HP-UX Secure Shell for no additional cost to customers with HP-UX Support Agreements.

If you have questions about HP-UX Secure Shell, look for answers in the HP-UX Secure Shell Frequently Asked Questions available by searching the ITRC for "Secure Shell FAQs".

You can also learn more about the product by reading the documentation located in /opt/ssh/readme.

Best Regards,
Mike

Re: HP-UX Secure Shell Encrypts Remote Network Traffic

Steven Sim Kok Leong — Tue, 18 Jun 2002 01:06:14 GMT

Hi,

Great! I gather that this release from HP will solve the interoperability issues with TCB password policies which occurs in third-party OpenSSH distributions.

Regards.

Steven Sim Kok Leong

Re: HP-UX Secure Shell Encrypts Remote Network Traffic

Craig Rants — Wed, 19 Jun 2002 13:07:37 GMT

I would also ask the same, really what were the compile time options

prefix=/opt/openssh2

--sysconfdir=/opt/openssh2/etc --with-pam

--with-ssl-dir=/usr/local/openssl/lib

--with-default-path=/bin:/usr/bin:/opt
/openssh2/bin

If not, you could probably expect some follow up requests to have these options added...

Craig

Re: HP-UX Secure Shell Encrypts Remote Network Traffic

HP-UX Secure Shell Team — Thu, 20 Jun 2002 20:48:34 GMT

Hi,

We do support HP-UX trusted systems, so the answer to the TCP password policies is that it should interoperate with HP-UX secure shell, but we did not test with every flavor of Secure Shell released.

Regards,
-Mike

Re: HP-UX Secure Shell Encrypts Remote Network Traffic

HP-UX Secure Shell Team — Thu, 20 Jun 2002 20:49:40 GMT

I meant TCB, sorry for the typo.

Regards,
-Mike

Re: HP-UX Secure Shell Encrypts Remote Network Traffic

Deshpande Prashant — Thu, 20 Jun 2002 21:22:31 GMT

HI
That's great.
Does this version support the password expiry policies. The earlier version from HP software porting center (3.1) did not prompt for password change at expiration.

Thanks.
Prashant.

Re: HP-UX Secure Shell Encrypts Remote Network Traffic

HP-UX Secure Shell Team — Thu, 20 Jun 2002 22:07:19 GMT

The compile time options are documented in the Makefile in the /opt/ssh/src/ssh directory

PAM is enabled and we tested pam_unix, pam_kerberos, and pam_ldap. It should work with any well behaved pam module, but we did not try them all.

The common ssh* files are delivered into /opt/ssh/bin and /usr/bin/ssh* files and are symlinked to /opt/ssh/bin. So typing ssh or slogin after install should be all that is needed to start using HP-UX secure shell.

The system-wide config files are at /etc/opt/ssh.

The openssl,zlib, and libwrap libraries are archive linked to the executables so you do not need to install those components separately.

We dynamically load kerberos on 11.0 so if you want to use kerberos V you first need install PAM kerberos on 11.00 and secure shell will make use of kerberos once it is installed and configured. PAM kerberos is another free product at www.software.hp.com If you need a kerberos server as well there is free one available at www.software.hp.com. This kerberos server is based on the source code for CyberSafe kerberos server.

Regards,
-Mike

Re: HP-UX Secure Shell Encrypts Remote Network Traffic

Steven Sim Kok Leong — Fri, 21 Jun 2002 06:23:01 GMT

Hi,

Deshpande Prashant is right on the dot about the password policy issues faced with many non-HP releases of SSH.

I encountered the same issue also with SSH Communications ssh release ssh-3.1.0.

In my earlier post, I was hoping that this issue has already been resolved in HP's port.

Hope this helps. Regards.

Steven Sim Kok Leong