SUMMARY: HP/Compaq SSH and EnforceSecureRutils

From: David J. DeWolfe (sxdjd@ts.sois.alaska.edu)
Date: Thu Jan 30 2003 - 16:44:37 EST

• Next message: Statts, Pearce \(IndSys, GEFanuc, NA\): "Questions about Alpha 4100 crash after CPU fan failure"
• Previous message: Galen Johnson: "[SUMMARY]: need summary"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

All;

Thanks to Steve VanDevender, Paul Moore and John Ferlan for their
responses. John's response pretty much sums it up:

>Yes EnforceSecureRutils is an add on by the Tru64 Engineering group...
>It's actually pretty slick and in the process of being patented...
>
>Essentially what it does is have r* utilities use ssh connections to
>facilitate transfers... "Under the covers" that means that we've changed
>libc to vector over to an ssh library we provide when someone for example
>uses 'rsh -l username host command'... Instead of using rsh/rshd
>connections, an ssh tunnel is created. In the long run all r* utilities
>call rcmd() [the C library entry] which handles the boring parts of the
>data connection and transfer...
>
>Hope this helps you.

My original question was:

>All;
>
>We, the University of Alaska, use the commercial version of SSH (not
>openSSH) and have been doing so for some time now. Then we heard that
>HP/Compaq was distributing a version of SSH based on the comercial
>version. The interesting piece was the "EnforceSecureRutils" bit by which
>you could secure rsh/rcp etc. However, when we compile ssh we include
>support for TCP wrappers. I opened a call with support yesterday and was
>told that the HP version of SSH was strictly a binary release so we could
>not compile/link a custom executable with wrapper support if we wanted to
>use it.
>
>Now for my question, it would appear that the EnforceSecureRutils
>configuration parameter is something that HP/Compaq added to "their"
>version of SSH as I can find no reference to that parameter anywhere other
>than on the HP website and in the docs that come with the HP version of
>SSH. Does anyone know if that's a true statement? I'm guessing that it is
>as when I tried it with my version of SSH, 3.2.2, it complained about it
>being an "unrecognized configuration parameter".
>
>We are aware of the facilities for restricting host and user access via
>SSH itself we've just preferred to use wrappers instead. We may have to
>rethink our position if indeed EnforceSecureRutils is an HP/Compaq add-on.
>
>Thanks in advance for any information.

David
mailto:sxdjd@ts.sois.alaska.edu

• Next message: Statts, Pearce \(IndSys, GEFanuc, NA\): "Questions about Alpha 4100 crash after CPU fan failure"
• Previous message: Galen Johnson: "[SUMMARY]: need summary"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:49:06 EDT