Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-17-2006 04:56 AM
тАО04-17-2006 04:56 AM
We plan to install this product on HP-UX RP4410/HP-UX 11i v2 version to replace SSH and secure FTP services.
Anyone out there using this product? any tips?
Thanks!
Raji
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-17-2006 05:55 AM
тАО04-17-2006 05:55 AM
Re: FSECURE
Tip #1.
Don't replace HP's Secure Shell(ssh).
It works very well, was tuned by HP and is fully supported by HP.
There was a problem with this very product posted earlier today not properly replacing SSH.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-17-2006 06:10 AM
тАО04-17-2006 06:10 AM
SolutionI've used fsecure successfully on HP platforms. We didn't have to replace the HP's openssh implementation because we didn't have it installed at the time - something that won't be the case with 11.23.
The only problem I remember is compiling it in the first place. Once compiled, though, it was a very simple nfs mount the source, make install, on each node. Worked like a champ.
Operationally, the only major difference that I'm aware of is public key authentication:
Fsecure is a ssh version 2 compliant implementation - so there are differences in the way that public key authentication works. Make sure you understand those.
If you're going to interact with openssh servers, make sure you're aware of the ssh-keygen -e (to export openssh keys to IETF format) and -i (to import IETF keys to openssh format)
My opion is that it's actually better than openssh because fsecure will log which key was used to log in via PKA; there's no way to do that with openssh.
If I remember right, there were also some signficant differences in the ssh_config and sshd_config syntax/options. I *think* that openssh provides more options and should be a little more flexible, but it's been a couple of years since I've had access to Fsecure's man pages.
Those are the ones that I remember... Hope that helps.
Doug O'Leary
------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-17-2006 06:28 AM
тАО04-17-2006 06:28 AM
Re: FSECURE
I would also suggest to stay with HP SSH, In our environment with more than 70 HP Servers we have been upgrading from f-secure to all HP SSH which is much better .
Note: Looks like you have notassigned any points,people are spending theire valuable time helping and assigning points would be a nice to show your satisfcation even a 1 point would be better than not assigning any.
Rgds
HGN
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-17-2006 06:44 AM
тАО04-17-2006 06:44 AM
Re: FSECURE
I had problems in assigning the points. just figured out will be giving points soon. Please do not mistake me.
One more question on FSECURE to all of you.
The reason we want to use FSECURE is due to some security constraints. Since SSH is an opensource we are not allowed to use it. This is the reason we want to use FSECURE to do secure FTP as well as SECURE SHELL.
Does this makes sense?
Thanks
Raji
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-17-2006 10:19 PM
тАО04-17-2006 10:19 PM
Re: FSECURE
Rajim said:
The reason we want to use FSECURE is due to some security constraints. Since SSH is an opensource we are not allowed to use it. This is the reason we want to use FSECURE to do secure FTP as well as SECURE SHELL.
Does this makes sense?
My reply:
Only to management does this make sense. The idea is that since the source is available then crackers can find security holes easier, and if the code is proprietary then it must be more secure. If this were actually the case then Microsoft products would amoung the most secure in the world. Right!
Just because the code is public domain does not make it less secure. Especially openSSH, which a large number of people are using. In my opinion, having the souce code open is better, since more developers can examine the code and fix the problems.
This is actually a very old argument, I've been fighting this point in my job for years. A good paper on this point is "The Cathedral and the Bazaar", a copy of which can be found at http://www.catb.org/~esr/writings/cathedral-bazaar/cathedral-bazaar/
Just my 0.02USD worth.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-18-2006 07:27 AM
тАО04-18-2006 07:27 AM
Re: FSECURE
If the opensource issue is your only reason for going to fsecure, save your money and stay with openssh - it is the most widely used ssh impmlementation and, as such, has had it's code poured through any number of times. You can't really say the same about f-secure, because you don't have access to the source.
There are any number of s/w apps that are opensource that are now getting shipped with HPUX - perl being the biggest example.
You can also download sudo and tcpwrappers - opensource again - directly from HP; but, just try to pass a security audit without having those installed and used...
I'm actually a little surprised that people are still hinky about opensource. I'd have thought that argument was settled a decade ago.
Doug
------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-18-2006 09:32 AM
тАО04-18-2006 09:32 AM
Re: FSECURE
Thanks for the insight. One other question is SSH is supported by HP in case of problems?
Thanks. Will give you points right after this!!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-18-2006 10:07 AM
тАО04-18-2006 10:07 AM
Re: FSECURE
HP supports the Internet Express package of open source programs:
http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXIEXP1111
Now since it is open source, HP will provide answers to questions about usage and integration with HP-UX. If defects are discovered, they are reported to the open source community and fixes are then incorporated in the next version of the product. In the above link, support is described about 2/3 of the ay down the page.
Bill Hassell, sysadmin