Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Openssh v4.2-3 vs. HP-UX 11iv1 TCB

from [Paidhi Aiji] Network Security [Permanent Link]
Subject: Re: Openssh v4.2-3 vs. HP-UX 11iv1 TCB
Date: Fri, 17 Mar 2006 07:15:51 +0100 
Hi Bob,

HP does a great job in porting OpenSSH to HP-UX. It is available as "HP-UX
Secure Shell" for free (http://software.hp.com). I would recommend you using
this package.
You can download it here:
http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=T1471AA

There are a lot of other OpenSource tools portet by HP these days. No need to go
thru the pain of compiling these yourself. Look out for the "HP-UX Internet
Express" collection.
http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXIEXP1111


-Markus-


Quoting Bob Jones <bob.jones@usg.edu>:


Hello all.  For various reasons, we use a version of openssh (currently
v 4.2) that is built on a system running HP-UX 11iv1 that has not been
converted to TCB, but we wish to run it on a system that has been
converted to TCB.  We have noticed that when run this way sshd is not
updating the last login (u_suclog) field in the TCB and that it doesn't
honor administrative locks on accounts (lets you log in anyway).

We can get around this by using pam (UsePAM=yes) but this is not the way
we would prefer to get around this problem.

I've done a number of searches trying to find solutions to this issue,
and the only one I have really come across is to use pam.

So, here are some questions that hopefully some of you can help us out
on with answers.

1.  If you compile Openssh on a HP-UX 11iv1 system that has been
converted to use TCB, does Openssh properly update things like last
login in the TCB and honor locks set in the TCB?

2.  Is there a compile time and/or config option we can set to force
Openssh to honor the TCB on a system that has not been converted?

3.  Is it possible to compile openssh in such a way so that the single
sshd binary will honor both TCB and non-TCB systems?

Thanks for your help!

--
Bob Jones
bob.jones@usg.edu
OIIT, The Board of Regents
The University System of Georgia
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  SSH IDS, coder
Next by Date:  chroot certain users, Andreas Moroder
Previous by Thread:  Openssh v4.2-3 vs. HP-UX 11iv1 TCB, Bob Jones
Next by Thread:  Re: Openssh v4.2-3 vs. HP-UX 11iv1 TCB, Darren Tucker
Indexes:  [Date] [Thread] [Top] [All Lists]