Ssh Man Page

 admin



Ssh (SSH client) is a program for logging into a remote machine and for executing commands on a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over.

  • SSHORIGINALCOMMAND This will be the original command line of given by protocol if forced command is run. It can be used to fetch arguments etc from the other end. SSHTTY This is set to the name of the tty (path to the device) associated with the current shell or command. If the current session has no tty, this variable is not set.
  • This is the start page for the SSH (Secure Shell) protocol, software, and related information. SSH is a software package that enables secure system administration and file transfers over insecure networks. It is used in nearly every data center and in every large enterprise. This page was created by the inventor of SSH, Tatu Ylonen (twitter: @tjssh). He wrote ssh-1.x and ssh-2.x, and still works on related topics.
  • The OpenSSH SSH client supports SSH protocols 1 and 2. Protocol 2 is the default, with ssh falling back to protocol 1 if it detects protocol 2 is unsupported. These settings may be altered using the Protocol option in sshconfig(5), or enforced using the -1 and -2 options (see above).

The following plugin provides functionality available throughPipeline-compatible steps. Read more about how to integrate steps into yourPipeline in theStepssection of thePipeline Syntaxpage.

For a list of other such plugins, see thePipeline Steps Referencepage.

  • Publish Over SSH

Publish Over SSH

step([$class: 'BapSshPromotionPublisherPlugin']): Send build artifacts over SSH

Send files or execute commands over SSH as a build step during a promotion process.
  • publishers
      Array / List of Nested Object
    • configName

      Select an SSH configuration from the list configured in the global configuration of this Jenkins.

      The configuration defines the connection properties and base directory of the SSH server.

      • Type:String
    • verbose
      Select to enable an obscene amount of information to the Jenkins console - only really useful to help track down problems.
      • Type:boolean
    • transfers
        Array / List of Nested Object
      • sourceFiles

        Files to upload to a server.

        The string is a comma separated list of includes for an Ant fileset eg. '**/*.jar' (see Patterns in the Ant manual).
        The base directory for this fileset is the workspace.

        • Type:String
      • excludes

        Exclude files from the Transfer set.

        The string is a comma separated list of excludes for an Ant fileset eg. '**/*.log,**/*.tmp,.git/' (see Patterns in the Ant manual)

        • Type:String
      • remoteDirectory

        Optional destination folder.

        This folder will be below the one in the global configuration, if present.
        The folder will be created if does not exist.

        • Type:String
      • removePrefix

        First part of the file path that should not be created on the remote server.

        Directory structures are created relative to the base directory, which is usually the workspace.
        You normally do not want the full path to these files to be created on the server.
        For example if Source files were target/deployment/images/**/ then you may want Remove prefix to be target/deployment This would create the images folder under the remote directory, and not target/deployment
        Jenkins environment variables can be used in this path.

        If you use remove prefix, then ALL source file paths MUST start with the prefix.

        • Type:String
      • remoteDirectorySDF

        Select this to include the timestamp in the remote directory.

        The timestamp is the date of build. If this publisher is being used during a promotion, then the timestamp is that of the build that is being promoted.
        This setting turns the remote directory option into a java SimpleDateFormat.
        The SimpleDateFormat(SDF) uses letters to represent components of the date, like the month, year, or day of the week. Click here for more information about the date patterns.
        As the SDF reserves all of the letters [A-Z][a-z], any that you want to appear literally in the directory that is created will need to be quoted.

        Some examples follow - all examples are based on a build with a timestamp of 3:45 pm and 55 seconds on the 7th November 2010.

        Remote directoryDirectories created
        'qa-approved/'yyyyMMddHHmmssqa-approved/20101107154555
        'builds/'yyyy/MM/dd/'build-${BUILD_NUMBER}'builds/2010/11/07/build-456 (if the build was number 456)
        yyyy_MM/'build'-EEE-d-HHmmss2010_11/build-Sun-7-154555
        yyyy-MM-dd_HH-mm-ss2010-11-07_15-45-55
        • Type:boolean
      • flatten

        Only create files on the server, don't create directories (except for the remote directory, if present).

        All files that have been selected to transfer must have unique filenames. The publisher will stop and fail as soon as a duplicate filename is found when using the flatten option.

        • Type:boolean
      • cleanRemote
        • Type:boolean
      • noDefaultExcludes
        • Type:boolean
      • makeEmptyDirs

        The default behaviour of this plugin is to match files, and then create any directories required to preserve the paths to the files.
        Selecting this option will create any directories that match the Source files pattern, even if empty.

        • Type:boolean
      • patternSeparator

        The regular expression that is used to separate the Source files and Exclude files patterns.

        The Source files and Exclude files both accept multiple patterns that by default are split using

        which is how Ant, by default, handles multiple patterns in a single string.

        The above expression makes it difficult to reference files or directories that contain spaces. This option allows the expression to be set to something that will preserve the spaces in a pattern eg. a single comma.

        • Type:String
      • execCommand (optional)

        A command to execute on the remote server.

        This command will be executed on the remote server after any files are transferred.
        The SSH Transfer Set must include either a Source Files pattern, an Exec command, or both. If both are present, the files are transferred before the command is executed. If you want to Exec before the files are transferred, use 2 Transfer Sets and move the Exec command before the Transfer set that includes a Source files pattern.

        • Type:String
      • execTimeout (optional)

        Timeout in milliseconds for the Exec command.

        Set to zero to disable.

        • Type:int
      • usePty (optional)

        Exec the command in a pseudo tty.

        This will enable the execution of sudo commands that require a tty (and possibly help in other scenarios too.)
        From the sudoers(5) man page:

        • Type:boolean
      • useAgentForwarding (optional)

        Exec the command using Agent Forwarding.

        Allows a chain of ssh connections to forward key challenges back to the original agent, thus eliminating the need for using a password or public/private keys for these connections.

        From the ssh(1) man page:

        • Type:boolean
      • useSftpForExec (optional)

        Using SFTP protocol instead of SSH for Exec command.

        Supported commands: mkdir, ln, symlink, rm, rmdir, cd, get, ls

        • Type:boolean
    • useWorkspaceInPromotion

      Set the root directory for the Source files to the workspace.

      By default this plugin uses the artifacts directory (where archived artifacts are stored). This allows the artifacts from the build number that you are promoting to be sent somewhere else.

      If you run tasks that produce files in the workspace during the promotion and you want to publish them, then set this option.

      If you need to send files from both the workspace and the archive directory, then you need to add a second server, even if you want to send the files to the same place. This is due to the fact that the workspace is not necessarily on the same host as the archive directory.

      • Type:boolean
    • usePromotionTimestamp

      Use the build time of the promotion when the remote directory is a date format.

      By default this plugin uses the time of the original build (the one that is being promoted) when formatting the remote directory. Setting this option will mean that if you use the remote directory is a date format option, it will use the time that the promotion process runs, instead of the original build.

      • Type:boolean
    • sshRetry

      If publishing to this server or command execution fails, try again.

      Files that were successfully transferred will not be re-sent.
      If Exec command is configured, but fails in any way (including a non zero exit code), then it will be retried.

        Nested Object
      • retries
        The number of times to retry this server in the event of failure.
        • Type:int
      • retryDelay
        The time to wait, in milliseconds, before attempting another transfer.
        • Type:long
    • sshLabel

      Set the label for this Server instance - for use with Parameterized publishing.

      Expand the help for Parameterized publishing for more details.

        Nested Object
      • label

        Set the label for this Server instance - for use with Parameterized publishing.

        Expand the help for Parameterized publishing for more details.

        • Type:String
    • sshCredentials
      Set the credentials to use with this connection.

      If you want to use different credentials from those configured for this server, or if the credentials have not been specified for this server, then enable this option and set them here.

        Nested Object
      • username
        • Type:String
      • encryptedPassphrase
        The passphrase for the private key, or the password for password authentication if no Key or Path to key is configured.
        Leave blank if the key is not encrypted.
        • Type:String
      • key

        The private key.

        Paste the private key here, or provide the path to the file containing the key in Path to key.

        • Type:String
      • keyPath

        The path to the private key.

        Either supply the path to the file containing the key, or paste the key into the Key box.
        The Path to key can be absolute, or relative to $JENKINS_HOME

        • Type:String
  • continueOnError
    • Type:boolean
  • failOnError
    • Type:boolean
  • alwaysPublishFromMaster
    • Type:boolean
  • masterNodeName
    • Type:String
  • paramPublish
      Nested Object
    • parameterName
      The name of the parameter or environment variable that will contain the expression for matching the labels.
      • Type:String

sshPublisher: Send build artifacts over SSH

  • alwaysPublishFromMaster (optional)

    Select to publish from the Jenkins master.

    The default is to publish from the server that holds the files to transfer (workspace on the agent, or artifacts directory on the master).
    Enabling this option could help dealing with strict network configurations and firewall rules.
    This option will cause the files to be transferred through the master before being sent to the remote server, this may increase network traffic, and could increase the build time.

    • Type:boolean
  • continueOnError (optional)
    Select to continue publishing to the other servers after a problem with a previous server.
    • Type:boolean
  • failOnError (optional)
    Select to mark the build as a failure if there is a problem publishing to a server. The default is to mark the build as unstable.
    • Type:boolean
  • masterNodeName (optional)

    Set the NODE_NAME for the master Jenkins.

    Set this option to give a value to the NODE_NAME environment variable when the value is missing (the Jenkins master).
    This is useful if you use the NODE_NAME variable in the remote directory option and the build may occur on the master.

    • Type:String
  • paramPublish (optional)
      Nested Object
    • parameterName
      The name of the parameter or environment variable that will contain the expression for matching the labels.
      • Type:String
  • publishers (optional)
      Array / List of Nested Object
    • configName

      Select an SSH configuration from the list configured in the global configuration of this Jenkins.

      The configuration defines the connection properties and base directory of the SSH server.

      • Type:String
    • verbose
      Select to enable an obscene amount of information to the Jenkins console - only really useful to help track down problems.
      • Type:boolean
    • transfers
        Array / List of Nested Object
      • sourceFiles

        Files to upload to a server.

        The string is a comma separated list of includes for an Ant fileset eg. '**/*.jar' (see Patterns in the Ant manual).
        The base directory for this fileset is the workspace.

        • Type:String
      • excludes

        Exclude files from the Transfer set.

        The string is a comma separated list of excludes for an Ant fileset eg. '**/*.log,**/*.tmp,.git/' (see Patterns in the Ant manual)

        • Type:String
      • remoteDirectory

        Optional destination folder.

        This folder will be below the one in the global configuration, if present.
        The folder will be created if does not exist.

        • Type:String
      • removePrefix

        First part of the file path that should not be created on the remote server.

        Directory structures are created relative to the base directory, which is usually the workspace.
        You normally do not want the full path to these files to be created on the server.
        For example if Source files were target/deployment/images/**/ then you may want Remove prefix to be target/deployment This would create the images folder under the remote directory, and not target/deployment
        Jenkins environment variables can be used in this path.

        If you use remove prefix, then ALL source file paths MUST start with the prefix.

        • Type:String
      • remoteDirectorySDF

        Select this to include the timestamp in the remote directory.

        The timestamp is the date of build. If this publisher is being used during a promotion, then the timestamp is that of the build that is being promoted.
        This setting turns the remote directory option into a java SimpleDateFormat.
        The SimpleDateFormat(SDF) uses letters to represent components of the date, like the month, year, or day of the week. Click here for more information about the date patterns.
        As the SDF reserves all of the letters [A-Z][a-z], any that you want to appear literally in the directory that is created will need to be quoted.

        Some examples follow - all examples are based on a build with a timestamp of 3:45 pm and 55 seconds on the 7th November 2010.

        Remote directoryDirectories created
        'qa-approved/'yyyyMMddHHmmssqa-approved/20101107154555
        'builds/'yyyy/MM/dd/'build-${BUILD_NUMBER}'builds/2010/11/07/build-456 (if the build was number 456)
        yyyy_MM/'build'-EEE-d-HHmmss2010_11/build-Sun-7-154555
        yyyy-MM-dd_HH-mm-ss2010-11-07_15-45-55
        • Type:boolean
      • flatten

        Only create files on the server, don't create directories (except for the remote directory, if present).

        All files that have been selected to transfer must have unique filenames. The publisher will stop and fail as soon as a duplicate filename is found when using the flatten option.

        • Type:boolean
      • cleanRemote
        • Type:boolean
      • noDefaultExcludes
        • Type:boolean
      • makeEmptyDirs

        The default behaviour of this plugin is to match files, and then create any directories required to preserve the paths to the files.
        Selecting this option will create any directories that match the Source files pattern, even if empty.

        • Type:boolean
      • patternSeparator

        The regular expression that is used to separate the Source files and Exclude files patterns.

        The Source files and Exclude files both accept multiple patterns that by default are split using

        which is how Ant, by default, handles multiple patterns in a single string.

        The above expression makes it difficult to reference files or directories that contain spaces. This option allows the expression to be set to something that will preserve the spaces in a pattern eg. a single comma.

        • Type:String
      • execCommand (optional)

        A command to execute on the remote server.

        This command will be executed on the remote server after any files are transferred.
        The SSH Transfer Set must include either a Source Files pattern, an Exec command, or both. If both are present, the files are transferred before the command is executed. If you want to Exec before the files are transferred, use 2 Transfer Sets and move the Exec command before the Transfer set that includes a Source files pattern.

        • Type:String
      • execTimeout (optional)

        Timeout in milliseconds for the Exec command.

        Set to zero to disable.

        • Type:int
      • usePty (optional)

        Exec the command in a pseudo tty.

        This will enable the execution of sudo commands that require a tty (and possibly help in other scenarios too.)
        From the sudoers(5) man page:

        • Type:boolean
      • useAgentForwarding (optional)

        Exec the command using Agent Forwarding.

        Allows a chain of ssh connections to forward key challenges back to the original agent, thus eliminating the need for using a password or public/private keys for these connections.

        From the ssh(1) man page:

        • Type:boolean
      • useSftpForExec (optional)

        Using SFTP protocol instead of SSH for Exec command.

        Supported commands: mkdir, ln, symlink, rm, rmdir, cd, get, ls

        • Type:boolean
    • useWorkspaceInPromotion

      Set the root directory for the Source files to the workspace.

      By default this plugin uses the artifacts directory (where archived artifacts are stored). This allows the artifacts from the build number that you are promoting to be sent somewhere else.

      If you run tasks that produce files in the workspace during the promotion and you want to publish them, then set this option.

      If you need to send files from both the workspace and the archive directory, then you need to add a second server, even if you want to send the files to the same place. This is due to the fact that the workspace is not necessarily on the same host as the archive directory.

      • Type:boolean
    • usePromotionTimestamp

      Use the build time of the promotion when the remote directory is a date format.

      By default this plugin uses the time of the original build (the one that is being promoted) when formatting the remote directory. Setting this option will mean that if you use the remote directory is a date format option, it will use the time that the promotion process runs, instead of the original build.

      • Type:boolean
    • sshRetry

      If publishing to this server or command execution fails, try again.

      Files that were successfully transferred will not be re-sent.
      If Exec command is configured, but fails in any way (including a non zero exit code), then it will be retried.

        Nested Object
      • retries
        The number of times to retry this server in the event of failure.
        • Type:int
      • retryDelay
        The time to wait, in milliseconds, before attempting another transfer.
        • Type:long
    • sshLabel

      Set the label for this Server instance - for use with Parameterized publishing.

      Expand the help for Parameterized publishing for more details.

        Nested Object
      • label

        Set the label for this Server instance - for use with Parameterized publishing.

        Expand the help for Parameterized publishing for more details.

        • Type:String
    • sshCredentials
      Set the credentials to use with this connection.

      If you want to use different credentials from those configured for this server, or if the credentials have not been specified for this server, then enable this option and set them here.

        Nested Object
      • username
        • Type:String
      • encryptedPassphrase
        The passphrase for the private key, or the password for password authentication if no Key or Path to key is configured.
        Leave blank if the key is not encrypted.
        • Type:String
      • key

        The private key.

        Paste the private key here, or provide the path to the file containing the key in Path to key.

        • Type:String
      • keyPath

        The path to the private key.

        Either supply the path to the file containing the key, or paste the key into the Key box.
        The Path to key can be absolute, or relative to $JENKINS_HOME

        • Type:String

Please submit your feedback about this page through thisquick form.

Alternatively, if you don't wish to complete the quick form, you can simplyindicate if you found this page helpful?

See existing feedback here.

HP-UX Secure Shell is based on the OpenSSH product,an open source SSH product (http://www.openssh.org). It enables a secure connection between a client and a remote hostover an otherwise insecure network. Following are the key attributesof this secure connection:

  • Strong authentication forboth client and the remote host.

  • Strong encryption and publickey cryptography for communication between a client and the remotehost.

  • A secure channel for theclient to use to execute commands on the remote host.

HP-UX Secure Shell offers a secure replacementfor such commonly used functions and commands as telnet, remsh, rlogin, ftp, and rcp.

For HP-UX Secure Shell documentation see the ssh(1) manpage for the ssh client andto the sshd(8) manpage for the sshd server. Both manpages include references to the other HP-UX SecureShell manpages that come with the product.

Also see the HP-UX Secure Shell ReleaseNotes at: http://www.docs.hp.com/en/internet.html#Secure%20Shell

The key security features of HP-UX Secure Shellinclude the following:

  • Strong encryption

    All communication between the client and the remote hostis encrypted using patent-free encryption algorithms, such as Blowfish,3DES, AES, and arcfour. Authentication information, such as passwords,is never sent in clear text across the network. Encryption in conjunctionwith strong public key-based cryptography also provides protectionagainst potential security attacks.

  • Strong authentication

    HP-UX Secure Shell supportsa strong set of authentication methods between client and server.The authentication can be two-way: the server authenticates the client,and the client authenticates the server. This protects the sessionagainst a variety of security issues. The supported authenticationmethods are described Section .

  • Port forwarding

    The redirection of TCP/IP connections between a clientand a remote host (and back) is referred to as port forwarding or SSH tunneling. HP-UX Secure Shell supports port forwarding. For example, ftp traffic between a client and a server (or email trafficbetween an email client and a POP/IMAP server) can be redirected usingport forwarding. Instead of the client directly communicating withits server, the traffic can be redirected to an sshd server over a secure channel, and the sshd servercan then forward the traffic to a designated port on the real servermachine.

  • Integration with underlyingHP-UX security features.

    The HP-UX SecureShell product is integrated with important HP-UX security features.For more information, see Section .

HP-UX Secure Shell software consists of a set ofclient and server components. See Table 5-2.

Table 5-2 Software Components of HP-UX Secure Shell

ComponentDescriptionLocationEquivalent non-secure component(s)
sshSecure Shell client is a secure replacement for telnet and remsh; it is most similarto remsh with security featuresClientremsh, telnet, rlogin
sloginSymbolic link to sshClientremsh, telnet, rlogin
scpSecure copy client and secure copy serverClient and serverrcp
sftpSecure ftp clientClientftp
sshdSecure shell daemon Serverremshd, telnetd, rlogind
sftp-serverSecure ftp daemon Serverftpd
ssh-rand-helperRandom number generator, which is usedwhen sshd is not able to find /dev/random or /dev/urandom on the server. HP-UX is shippedwith a kernel-resident random number generator, rng. If rng is deconfigured, sshd uses prngd. ServerNot applicable
ssh-agentTool for 'automatic' key-based login from clientto serverClient and serverrhosts file mechanism
ssh-addTool for making key pairs of the client known to ssh-agentClientNot applicable
ssh-keygenTool for generating key pairs for public key authenticationClientNot applicable
ssh-keyscanTool for a client to gather the public keys fora set of hosts running the Secure Shell daemon (sshd)ClientNotapplicable
ssh-keysign

Tools to generate the digital signature requiredduring host based authentication is and it is used by ssh() to accessthe local host keys host based authentication

Client

Notapplicable

Before running any of the Secure Shell clientslisted in Table 5-2, first startthe Secure Shell server daemon, sshd. The sshd daemon obtains its initial configuration values fromthe sshd_config file, located in the /opt/ssh/etc directory on the server system. One of themost important configuration directives in sshd_config is the set of authentication methods supported by the sshd daemon. See Section for moreinformation.

The ssh client application establishesa socket connection with the sshd server. The sshd server spawns a child sshd process.This child inherits the connection socket and authenticates the clientbased on the selected authentication method. A successful secure clientsession is established only upon successful authentication.

After a session is created, all subsequent communicationoccurs directly between the client and this child sshd process. The client can now execute remote commands on the server.Each command request from the ssh client causesthe child sshd process to spawn a shell processto execute that command.

In summary, a running ssh client-serversession consists of the following processes:

  • On every client system connectedto the sshd server, there is one ssh client process for each ssh connection currently established from that client system.

  • On the server system, thereis one parent sshd process and as many child sshd processes as there are concurrent ssh clients connected to the server. The number of child sshd processes running on the server doubles ifprivilege separation is enabled on the server. See Section .

  • On the server system, foreach command execution request from a ssh client,the corresponding child sshd processspawns a shell process, and uses a UNIX pipe to communicate the commandrequest to this shell process. This shell process returns the commandexecution results to the child sshd process using the UNIX pipe and terminates when the command executionis complete.

The sftp client applicationcauses the sftp client process to spawn the ssh client, and then communicates with it using a UNIXpipe. The ssh client then establishes a socketconnection with the sshd server.

The rest of the server interaction is similar tothe ssh client case described in Section . The difference is that insteadof spawning a shell to execute the remote command, the child sshd process spawns the sftp-server process.All subsequent communication during this sftp sessionoccurs among the following processes:

  • The sftp client and the ssh client, on the client system,using a UNIX pipe.

  • The ssh client and the child sshd process, over the establishedconnection socket.

  • The child sshd process and the sftp server process, using aUNIX pipe.

The scp client case is almostidentical with the sftp client execution. The differenceis that instead of spawning the sftp-server process,the child sshd process spawns the scp process. All subsequent communication during the scp session occurs among the following processes:

  • The scp client and the ssh client, on the client systemusing a UNIX pipe.

  • The ssh client and the child sshd process, over the establishedconnection socket.

  • The child sshd process and the scp server process, using a UNIXpipe.

HP-UX Secure Shell offers a more enhanced levelof security through the privileged separation feature. As described in Section , both the parent sshd and the child sshd processes run as privileged users. When privilegeseparation is enabled, one extra process is spawned per user connection.

When an ssh client connectsto an sshd server which is configured for privilegeseparation, the parent sshd process spawns a privilegedchild sshd process. When privilege separation isenabled, the child sshd process spawns an additionalnonprivileged child sshd process. This nonprivilegedchild sshd process then inherits the connectionsocket. All subsequent communication between client and server occurswith this nonprivileged child sshd process.

Most remote command execution requests from theclient are nonprivileged, and are handled by a shell spawned underthis nonprivileged child sshd process. When thenonprivileged child sshd process needs a privilegedfunction to be executed, it communicates with its privileged parent sshd process using a UNIX pipe.

Privilege separation helps contain potential damagefrom an intruder. For example, if a buffer overflow attack occursduring a shell command execution, control is within the nonprivilegedprocess, thereby containing the potential security risk.

NOTE: Privilege separation is the default configurationfor HP-UX Secure Shell. You can turn off privilege separation by setting UsePrivilegeSeparation NO in the sshd_config file. Because of the potential security risk, turn off privilegeseparation only after careful consideration.

HP-UX Secure Shell supports the following authenticationmethods:

  • Public key authentication

  • Password authentication

When a client connects with a remote sshd daemon, it selects the desired authentication method (one of themethods listed previously), and either presents the appropriate credentialsas part of the connection request or responds to a prompt sent backby the server. All authentication methods work in this way.

The server requires the appropriate key, pass phrase,password, or credentials from the client to establish a successfulconnection.

You can choose to have the sshd instance support only a subset of the supported authentication methodsbased on security requirements.

Although HP-UX Secure Shell supports the authenticationmethods listed previously, system administrators can limit the authenticationmethods offered by an sshd instance, based on the specific securityrequirements of their environment. For example, an HP-UX Secure Shellenvironment can dictate that all clients must authenticate using thepublic key or Kerberos methods. As a result, may disable the remainingmethods. The enabling and disabling of supported authentication methodsis through configuration directives specified in the sshd_config file.

When an ssh client connectionrequest is made, the server first responds with its list of supportedauthentication methods. This list represents the authentication methodssupported by the sshd server and the sequence inwhich these methods will be tried. The client can omit one or moreof those authentication methods. The client can also change the sequencein which the methods are attempted. You achieve this with a configurationdirective in the client configuration file, /opt/ssh/etc/ssh_config.

Ssh Man Page

The authentication methods supported by HP-UX SecureShell are summarized in the following sections.

With the Generic Security Service application ProgrammingInterface (GSS-API), a Kerberos-based client authentication, the clientmust obtain Kerberos credentials in advance, and also have a Kerberosconfiguration file present in the appropriate client directory. Whena client connects with an sshd daemon, it presentsits credentials at connection time. The server matches these credentialswith its copy of credentials for this specific user. Also, the servercan optionally establish the legitimacy of the client's hostenvironment.

Ssh manual

For more information, see gssapi(5), kerberos(9) and Kerberos administratordocumentation at: http://www.docs.hp.com/en/internet.html#Kerberos.

For public key authentication, the Secure Shellenvironment must have the following setup:

  • Both the client and server must have a key pair. Every ssh client and every sshd server mustgenerate a key pair for themselves using the ssh-keygen utility.

  • The client must make its public key known to all sshd servers it needs to communicate with. Do this by copyingevery client's public key into a predetermined directory on everyrelevant server.

  • The client must acquire the public key for every serverit needs to communicate with. The client acquires the public keysusing the ssh-keyscan utility.

After this setup is completed, ssh clients connecting to sshd servers are authenticatedusing public and private keys. For more information on public keycryptography, see public key cryptography.

HP-UX Secure Shell offers an additional featurefor streamlining public key authentication. For some environments,you might want the convenience of not having to respond to passwordprompts all the time. You can eliminate the need to respond to passwordprompts by using a combination of the ssh-agent and ssh-add processes, both running on the clientmachine. The client registers all its key information with the ssh-agent process through the ssh-add utility. Then, public key authentication between client and serveris facilitated by ssh-agent without the sshd daemon having to interact with the client.

Host-based and public key authentication is a moresecure extension of the public key authentication method. In additionto having key pairs for both client and server, this method enablesclient environments to restrict the servers that they will communicatewith. Implement this restriction by creating a .rhosts file in the client's home directory.

The password authentication method relies on theexistence of a single user ID and password-based login. This logincould be based on the user's login specified in /etc/passwd, or it could be PAM-based.

HP-UX Secure Shell is fully integrated with PAMmodules available on the server system. For this purpose, the /opt/ssh/etc/sshd_config file carries a UsePAM configurationdirective. If set to YES, any passwordauthentication request from the client causes sshd to look at the PAM configuration file (/etc/pam.conf). Password authentication is then done through the configured PAMmodules, in sequence, until successful. For more information on PAMauthentication, see pam.conf(4).

Set the UsePAM directive to NO to ignore PAM authentication. Then any password authentication requestfrom the client causes sshd to ignore PAM configurationsettings on the server. Instead, sshd obtains userpassword information by directly calling the getpwnam() library call

HP-UX Secure Shell has been tested with PAM_UNIX,PAM_LDAP and PAM_KERBEROS. It is also expected to work with otherPAM modules, such as PAM_DCE and PAM_NTLM.

HP-UX Secure Shell users can connect with a remote sshd daemon using the SSH-1 or SSH-2 protocol. SSH-2 ismore secure, and is strongly recommended instead of SSH-1.

HP-UX Secure Shell is actually not a true shell.It is a mechanism for creating a secure connection between a clientand a remote host to execute remote shell sessions securely on thehost. To achieve the secure connection, HP-UX Secure Shell does mostof the authentication and session creation itself. Following is apartial list of features that HP-UX Secure Shell uses:

Linux Man Page

  • Logging of login attempts

    Like telnet or remsh, HP-UX Secure Shell logs successfuland unsuccessful sessions in the /var/adm/wtmp and /var/adm/btmp files, respectively. Formore information, see utmp(4).

  • PAM modules

    As described in Section , HP-UX Secure Shell can use PAM authentication for client sessions.When PAM authentication is selected, HP-UX Secure Shell uses the /etc/pam.conf file and invokes the appropriate PAM modulefor authentication. See pam.conf(4) for more information aboutthe /etc/pam.conf file.

  • Use of /etc/default/security file

    This is a systemwide configurationfile that contains attributes defining the behavior of login, passwords,and other security configurations. HP-UX Secure Shell allows use ofthese attributes with some restrictions, which are explained in the /opt/ssh/README.hp file for HP-UX Secure Shell.

    More information on the /etc/default/security file is in security(4).

  • Shadow passwords

    HP-UX Secure Shell is integrated with the HP-UX shadowpassword feature. For more information, see shadow(4).

  • Control system log (syslog)

    HP-UX Secure Shell uses syslog to write important messages. For more information,see syslog(3C) and syslogd(1M).

  • Audit logging

    HP-UX Secure Shell has implemented audit logging (intrusted mode) in its own code. For more information, see audit(5).

HP-UX Secure Shell has been tested with the followingtechnologies:

  • OpenSSL

  • TCP Wrappers

  • HP-UX Strong Random NumberGenerator

As with all cryptographic key-based products, HP-UXSecure Shell requires a random number generator. It looks for theHP-UX Strong Random Number Generator special device files, /dev/urandom and /dev/random, anduses the first special device file it locates. If these two filesdo not exist on the system, HP-UX Secure Shell uses its own internalrandom number generator, ssh-rand-helper.

Ssh Flags

The HP-UX Strong Random Number Generator improvesthe performance and entropy (a measure of the randomness and thereforethe security of generated keys) of HP-UX Secure Shell. It generatesnonreproducible, true random numbers. The use of the HP-UX StrongRandom Number Generator is highly recommended with HP-UX Secure Shell.

The HP-UX Strong Random Number Generator is availableby default. For more information, see random(7).

The HP-UX Secure Shell daemon, sshd, is linked with the archive library, libwrap.a, to support TCP Wrappers. See also Section .

chroot is a directory jail.It starts up an application in a specified directory and restrictsusers to accessing that directory and the directories below it. Itprevents users from changing directories above that specified directory.It is intended to restrict file and directory access to users of thatapplication while they are using the application.

You must enable chroot for anapplication. You must create new directories and copy the relevantset of files into those newly created directories.

You can optionally set up ssh, scp, and sftp with a chroot directory.

Ssh Linux Man Page

The HP-UX Secure Shell README file in /opt/ssh/README.hp explains the chroot feature, the chroot setup script,and the specific files that this script copies to enable ssh, sftp, and scp for a chroot environment. Refer also to chroot(1M).

Ssh Manual

The chroot setup script is inthe /opt/ssh/utils/ssh_chroot_setup.sh file,which is part of the HP-UX Secure Shell software product (Secure Shell4.30.004/005).