HPE Community
Operating System - HP-UX
1753477 Members
5913 Online
108794 Solutions
New Discussion юеВ

Looking for explanation of sshd_config directives ssh5.5

 
SOLVED
Go to solution
Steve Post
Trusted Contributor

тАО10-04-2010 06:12 AM

тАО10-04-2010 06:12 AM

Looking for explanation of sshd_config directives ssh5.5

I can't find an explanation of directives like:
PasswordAuthAllowUsers
KerberosOrLocalPasswdDenyUsers
PubkeyAuthAllowUsers
HostbasedAuthDeyUsers
EngineConfigFile
.....and lots more....for sshd_config.

It seems a bit odd.

I can't find it via GOOGLE because the office network blocks it. (it's too social of a website I guess).

I can't find it via hp search because the documentation is missing.

I can't find it on the man page of sshd_config either. Now that's REALLY strange.

Is this a conspiracy to cover up the ability to actually use secure software? Will Men in Black be showing up soon? Should I barricade my door?

Now I can guess at how to use them, but I'd rather skip the experiments and just read the documentation. (...uh...that's not really available).

steve

0 Kudos
Reply
7 REPLIES 7
Steve Post
Trusted Contributor

тАО10-04-2010 10:09 AM

тАО10-04-2010 10:09 AM

Re: Looking for explanation of sshd_config directives ssh5.5

I'll add one more to this puzzle.

My old version of sshd_config has an AllowUsers with people like:
Mikeymouse@disney.com, bugs@warner.com, kirk@enterprise.com.

YES. I made up the names for this forum entry.

AllowUsers is not listed in the new version of sshd_config.

It LOOKS like need to spread out this one line into....
HostbasedAuthAllowUsers
PubkeyAuthAllowUsers
KerberosAuthAllowUsers
KerborseOrLocaPasswdAllowUsers
PasswordAuthAllowUsers
ChallRespoAuthAllowUsers
ChallResponAuthAllowUsers
Really?
I'll look at the man page. Oh. This stuff isn't in there.
Ok. I'll google it. Oh. It's not listed.
Ok. I'll submit a forum entry to HP. No answer there either?
I'll look in my UNIX Secure Shell book. Not listed.

I'll give up for a bit. Meanwhile, there's this thing....
EngineConfigFile
EngineeConfigSection

.......hmmmmm...... nothing about those either.
0 Kudos
Reply
Earl_Crowder
Trusted Contributor

тАО10-04-2010 01:30 PM

тАО10-04-2010 01:30 PM

Re: Looking for explanation of sshd_config directives ssh5.5

Steve,

For the *AuthAllow and *AuthDeny stuff, looks like HP has included patches:
http://v_t_m.sweb.cz/#authselect

For the Engine* things:

http://g4u0420c.houston.hp.com/en/5992-4672/index.html
http://g4u0420c.houston.hp.com/en/5992-4672/ch06.html

Earl
0 Kudos
Reply
Steve Post
Trusted Contributor

тАО10-05-2010 03:57 AM

тАО10-05-2010 03:57 AM

Re: Looking for explanation of sshd_config directives ssh5.5

Thanks.
I'm not allowed to go to that link because it has the key words "web hosting" on it. I'll be able to get to the internet this weekend to look at it.

I'll really have to contact the people that filter the sites at my company. I should be allowed to see sites with phrases like "computer security" and "web hosting" on them.
They are doing a bit TOO GOOD of a job.

0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

тАО10-11-2010 07:16 AM

тАО10-11-2010 07:16 AM

Re: Looking for explanation of sshd_config directives ssh5.5

>I'm not allowed to go to that link

The links under:
http://g4u0420c.houston.hp.com/
no longer work, even if you waited until you got home.

You need to use google to search:
http://forums.itrc.hp.com/service/forums/questionanswer.do?threadId=1081559

SSH doc:
http://www.filibeto.org/unix/hp-ux/lib/security/ssh/sshd-T1471-90019.pdf

http://forums.itrc.hp.com/service/forums/questionanswer.do?threadId=1020891
0 Kudos
Reply
Matti_Kurkela
Honored Contributor

тАО10-11-2010 07:58 AM

тАО10-11-2010 07:58 AM

Re: Looking for explanation of sshd_config directives ssh5.5

In short, if you want to allow or deny an authentication method _for a specific user only_, the AllowUsers and DenyUsers directives allow you to do it.

For example, you could configure sshd in general to accept either SSH keys or passwords. After that, you could restrict a specific user user to use SSH authentication only:
PasswordAuthDenyUsers user1

Now all others have a choice of two authentication methods, but user1 is restricted to SSH key authentication only.

EngineConfigFile was introduced in versions A.05.10.04* and seems to be mainly intended to enable the use of the "HP-UX Trusted Computing Services" product with HP SSH. If your system has a TPM chip, this combination would allow you to use it to store the private portion of the SSH host key in a secure way.

Sometimes, the new features are first documented only in the Release Notes of the version that introduces them. Other documentation can lag a bit behind.

MK
MK
Reply
Steve Post
Trusted Contributor

тАО10-12-2010 04:16 AM

тАО10-12-2010 04:16 AM

Re: Looking for explanation of sshd_config directives ssh5.5

Ok. I have an answer thanks.

Dennis. I can see two out of the four links. I can't see the pdf. But yes. That would be what I want to see...I think. Maybe not? How do I know? I can't go to that link.

...sigh... At least two of them work. My internet connection to the outside world is not that good.

Oh well. About making a new forum entry: I figure if it was too painful to ask for an explanation about sshd_config parameters, maybe it would be more appealing to ask about just ONE. I didn't expect any more responses on the original question because it was too old.

0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

тАО10-12-2010 06:04 AM

тАО10-12-2010 06:04 AM

Solution

Re: Looking for explanation of sshd_config directives ssh5.5

>I can't see the pdf. But yes. That would be what I want to see.

Can't go to that URL or you can't get PDFs?
Here is a list of HP SSH manuals on BSC:
http://h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp?lang=en&cc=us&taskId=101&prodClassId=10008&contentType=SupportManual&docIndexId=64255&prodTypeId=18964&prodSeriesId=4164814
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.