- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Querry on HP Secure SSH
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-07-2009 06:18 AM
07-07-2009 06:18 AM
: A new version of "/opt/ssh/etc/ssh_config" has been placed on
the system. The new version is located at
"/opt/ssh/newconfig/opt/ssh/etc/ssh_config".
Do I need to move the new config files to /opt/ssh/etc and apply the configuration changes that were previously done? Once I do this will it allow me to use the new chroot functionality described in section 1.9 part F(configuring SFTP) of the /opt/ssh/README.hp file. Once the line sshd_config is change so the line Subsystem sftp /opt/ssh/libexec/sftp-server is replaced by Subsystem sftp internal-sfp and ChrootDirectory /opt/anonftp, can users that do not have /opt/anonftp as their home directory still use sftp and scp to the server?
Here is the Full log
* Installing bundle "T1471AA,r=A.05.20.004" .
* Installing fileset "Secure_Shell.SECURE_SHELL,r=A.05.20.004"
(1 of 1).
NOTE: A new version of "/etc/rc.config.d/sshd" has been installed on
the system.
NOTE: A new version of "/opt/ssh/etc/ssh_config" has been placed on
the system. The new version is located at
"/opt/ssh/newconfig/opt/ssh/etc/ssh_config".
The existing version of "/opt/ssh/etc/ssh_config" is not being
overwritten since it appears that it has been modified by the
administrator since it was delivered.
NOTE: A new version of "/opt/ssh/etc/sshd_config" has been placed on
the system. The new version is located at
"/opt/ssh/newconfig/opt/ssh/etc/sshd_config".
The existing version of "/opt/ssh/etc/sshd_config" is not
being overwritten since it appears that it has been modified
by the administrator since it was delivered.
NOTE: A new version of "/opt/ssh/etc/moduli" has been installed on
the system.
* Running install clean command /usr/lbin/sw/install_clean.
NOTE: tlinstall is searching filesystem - please be patient
NOTE: Successfully completed
* Beginning the Configure Execution Phase.
* Summary of Execution Phase:
* 1 of 1 filesets had no Errors or Warnings.
* The Execution Phase succeeded.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-07-2009 06:20 AM
07-07-2009 06:20 AM
Re: Querry on HP Secure SSH
If you did customization, you may need to make those changes again.
Not sure, but that is my interpretation of the message.
Though Secure Shell install is pretty smart, and I've never had to make customization more than once.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-07-2009 07:17 AM
07-07-2009 07:17 AM
Re: Querry on HP Secure SSH
Once the line sshd_config is change so the line Subsystem sftp /opt/ssh/libexec/sftp-server is replaced by Subsystem sftp internal-sfp and ChrootDirectory /opt/anonftp, can users that do not have /opt/anonftp as their home directory still use sftp and scp to the server?
Please advice....
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-07-2009 07:22 AM
07-07-2009 07:22 AM
Re: Querry on HP Secure SSH
I find it to be a big hassle to configure, but it can be made to work.
HP-UX Secure shell and chroot environments.
http://docs.hp.com/en/T1471-90026/ch01s14.html
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-07-2009 07:19 PM
07-07-2009 07:19 PM
Re: Querry on HP Secure SSH
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-07-2009 10:05 PM
07-07-2009 10:05 PM
Re: Querry on HP Secure SSH
As far as config files are concerned u can use
command line option -f
starting sshd. Also if it is starting automatically
u can pass parameter "-f
SSHD_ARGS variable in file /etc/rc.config.d/sshd.
The default location is /opt/ssh/etc/sshd_config
Regards
-Santosh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-08-2009 05:53 AM
07-08-2009 05:53 AM
Re: Querry on HP Secure SSH
1) When I installed the new version of secure SSH it put the new versions of the ssh_config and sshd_config into the directory /opt/ssh/newconfig/opt/ssh/etc/ instead of into /opt/ssh/etc. Am I suppose to apply the changes made previously to these files and leave them in /opt/ssh/newconfig/opt/ssh/etc or do I need to copy them to /opt/ssh/etc before I restart sshd. The logfiles produced from the install of the software does not specify.
2) Do not want to run the use /opt/ssh/utils/ssh_chroot_setup.sh to create a chrooted environment. It is too messy and is an adminstration nightmare as it copies in a bunch of system files that need to be updated into the environment. Was hoping to use the new functionality specified in section 1.9 part F(configuring SFTP) of the /opt/ssh/README.hp file to jail the user. Need to know whether implementing this only allows the chrooted users to use sftp.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-08-2009 06:22 AM
07-08-2009 06:22 AM
Solution1. If you want to use the new configuration files, then you should move them into /opt/ssh/etc and update them for your environment. As previous posters have pointed out, you don't absolutely have to do this, but if you don't, you'll also be editing init scripts to tell sshd where to find the configuration file.
2. Don't know the answer to this one; you'll have to experiment. I do know that locking users down to scp/sftp only in ssh tends to be a mite difficult. I know of a way using forced commands and ssh/public key authentication but tends to be a bit kludgey. Even then, I'm not sure of sftp. You can either google search or post another question if your experiments don't show you a valid method.
Doug O'Leary
------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html