Security
cancel
Showing results for 
Search instead for 
Did you mean: 

Looking for explanation of sshd_config directives ssh5.5

 
SOLVED
Go to solution
Steve Post
Trusted Contributor

Looking for explanation of sshd_config directives ssh5.5

I can't find an explanation of directives like:
PasswordAuthAllowUsers
KerberosOrLocalPasswdDenyUsers
PubkeyAuthAllowUsers
HostbasedAuthDeyUsers
EngineConfigFile
.....and lots more....for sshd_config.

It seems a bit odd.

I can't find it via GOOGLE because the office network blocks it. (it's too social of a website I guess).

I can't find it via hp search because the documentation is missing.

I can't find it on the man page of sshd_config either. Now that's REALLY strange.

Is this a conspiracy to cover up the ability to actually use secure software? Will Men in Black be showing up soon? Should I barricade my door?

Now I can guess at how to use them, but I'd rather skip the experiments and just read the documentation. (...uh...that's not really available).

steve

7 REPLIES 7
Steve Post
Trusted Contributor

Re: Looking for explanation of sshd_config directives ssh5.5

I'll add one more to this puzzle.

My old version of sshd_config has an AllowUsers with people like:
Mikeymouse@disney.com, bugs@warner.com, kirk@enterprise.com.

YES. I made up the names for this forum entry.

AllowUsers is not listed in the new version of sshd_config.

It LOOKS like need to spread out this one line into....
HostbasedAuthAllowUsers
PubkeyAuthAllowUsers
KerberosAuthAllowUsers
KerborseOrLocaPasswdAllowUsers
PasswordAuthAllowUsers
ChallRespoAuthAllowUsers
ChallResponAuthAllowUsers
Really?
I'll look at the man page. Oh. This stuff isn't in there.
Ok. I'll google it. Oh. It's not listed.
Ok. I'll submit a forum entry to HP. No answer there either?
I'll look in my UNIX Secure Shell book. Not listed.

I'll give up for a bit. Meanwhile, there's this thing....
EngineConfigFile
EngineeConfigSection

.......hmmmmm...... nothing about those either.
Earl_Crowder
Trusted Contributor

Re: Looking for explanation of sshd_config directives ssh5.5

Steve,

For the *AuthAllow and *AuthDeny stuff, looks like HP has included patches:
http://v_t_m.sweb.cz/#authselect

For the Engine* things:

http://g4u0420c.houston.hp.com/en/5992-4672/index.html
http://g4u0420c.houston.hp.com/en/5992-4672/ch06.html

Earl
Steve Post
Trusted Contributor

Re: Looking for explanation of sshd_config directives ssh5.5

Thanks.
I'm not allowed to go to that link because it has the key words "web hosting" on it. I'll be able to get to the internet this weekend to look at it.

I'll really have to contact the people that filter the sites at my company. I should be allowed to see sites with phrases like "computer security" and "web hosting" on them.
They are doing a bit TOO GOOD of a job.

Dennis Handly
Acclaimed Contributor

Re: Looking for explanation of sshd_config directives ssh5.5

Matti_Kurkela
Honored Contributor

Re: Looking for explanation of sshd_config directives ssh5.5

In short, if you want to allow or deny an authentication method _for a specific user only_, the AllowUsers and DenyUsers directives allow you to do it.

For example, you could configure sshd in general to accept either SSH keys or passwords. After that, you could restrict a specific user user to use SSH authentication only:
PasswordAuthDenyUsers user1

Now all others have a choice of two authentication methods, but user1 is restricted to SSH key authentication only.

EngineConfigFile was introduced in versions A.05.10.04* and seems to be mainly intended to enable the use of the "HP-UX Trusted Computing Services" product with HP SSH. If your system has a TPM chip, this combination would allow you to use it to store the private portion of the SSH host key in a secure way.

Sometimes, the new features are first documented only in the Release Notes of the version that introduces them. Other documentation can lag a bit behind.

MK
MK
Steve Post
Trusted Contributor

Re: Looking for explanation of sshd_config directives ssh5.5

Ok. I have an answer thanks.

Dennis. I can see two out of the four links. I can't see the pdf. But yes. That would be what I want to see...I think. Maybe not? How do I know? I can't go to that link.

...sigh... At least two of them work. My internet connection to the outside world is not that good.

Oh well. About making a new forum entry: I figure if it was too painful to ask for an explanation about sshd_config parameters, maybe it would be more appealing to ask about just ONE. I didn't expect any more responses on the original question because it was too old.

Dennis Handly
Acclaimed Contributor
Solution

Re: Looking for explanation of sshd_config directives ssh5.5

>I can't see the pdf. But yes. That would be what I want to see.

Can't go to that URL or you can't get PDFs?
Here is a list of HP SSH manuals on BSC:
http://h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp?lang=en&cc=us&taskId=101&prodClassId=10008&contentType=SupportManual&docIndexId=64255&prodTypeId=18964&prodSeriesId=4164814