Skip Navigation Links | |
Exit Print View | |
System Administration Guide: Security Services Oracle Solaris 11 Express 11/10 |
1. Security Services (Overview)
Part II System, File, and Device Security
2. Managing Machine Security (Overview)
3. Controlling Access to Systems (Tasks)
4. Virus Scanning Service (Tasks)
5. Controlling Access to Devices (Tasks)
6. Using the Basic Audit Reporting Tool (Tasks)
7. Controlling Access to Files (Tasks)
Part III Roles, Rights Profiles, and Privileges
8. Using Roles and Privileges (Overview)
9. Using Role-Based Access Control (Tasks)
10. Role-Based Access Control (Reference)
Part IV Oracle Solaris Cryptographic Services
13. Oracle Solaris Cryptographic Framework (Overview)
14. Oracle Solaris Cryptographic Framework (Tasks)
15. Oracle Solaris Key Management Framework
Part V Authentication Services and Secure Communication
16. Using Authentication Services (Tasks)
19. Using Solaris Secure Shell (Tasks)
Solaris Secure Shell (Overview)
Solaris Secure Shell Authentication
Solaris Secure Shell in the Enterprise
Solaris Secure Shell (Task Map)
Configuring Solaris Secure Shell (Task Map)
Configuring Solaris Secure Shell
How to Set Up Host-Based Authentication for Solaris Secure Shell
How to Enable Solaris Secure Shell v1
How to Configure Port Forwarding in Solaris Secure Shell
How to Create User and Host Exceptions to SSH System Defaults
Using Solaris Secure Shell (Task Map)
How to Generate a Public/Private Key Pair for Use With Solaris Secure Shell
How to Change the Passphrase for a Solaris Secure Shell Private Key
How to Log In to a Remote Host With Solaris Secure Shell
How to Reduce Password Prompts in Solaris Secure Shell
How to Use Port Forwarding in Solaris Secure Shell
How to Copy Files With Solaris Secure Shell
How to Set Up Default Connections to Hosts Outside a Firewall
20. Solaris Secure Shell (Reference)
21. Introduction to the Kerberos Service
22. Planning for the Kerberos Service
23. Configuring the Kerberos Service (Tasks)
24. Kerberos Error Messages and Troubleshooting
25. Administering Kerberos Principals and Policies (Tasks)
26. Using Kerberos Applications (Tasks)
27. The Kerberos Service (Reference)
Part VII Oracle Solaris Auditing
28. Oracle Solaris Auditing (Overview)
29. Planning for Oracle Solaris Auditing
30. Managing Oracle Solaris Auditing (Tasks)
The Solaris Secure Shell is a fork of the OpenSSH project. Security fixes for vulnerabilities that are discovered in later versions of OpenSSH are integrated into Solaris Secure Shell, as are individual bug fixes and features. Internal development continues on the Solaris Secure Shell fork.
While Oracle Solaris engineers provide bug fixes to the project, they have also integrated the following Solaris features into the Solaris fork of Secure Shell:
PAM - Solaris Secure Shell uses PAM. The OpenSSH UsePAM configuration option is not supported.
Privilege separation - Solaris Secure Shell does not use the privilege separation code from the OpenSSH project. Solaris Secure Shell separates the processing of auditing, record keeping and re-keying from the processing of the session protocols.
Solaris Secure Shell privilege separation code is always on and cannot be switched off. The OpenSSH UsePrivilegeSeparation option is not supported.
Locale - Solaris Secure Shell fully supports language negotiation as defined in RFC 4253, Secure Shell Transfer Protocol. After the user logs in, the user's login shell profile can override the Solaris Secure Shell negotiated locale settings.
Auditing - Solaris Secure Shell is fully integrated into the Solaris auditing subsystem. For information on auditing, see Part VII, Oracle Solaris Auditing.
GSS-API support - GSS-API can be used for user authentication and for initial key exchange. The GSS-API is defined in RFC4462, Generic Security Service Application Program Interface.
Proxy commands - Solaris Secure Shell provides proxy commands for SOCKS5 and HTTP protocols. For an example, see How to Set Up Default Connections to Hosts Outside a Firewall.
In the Oracle Solaris releases, Solaris Secure Shell resyncs the SSH_OLD_FORWARD_ADDR compatibility flag from the OpenSSH project. As of March 2009, the Solaris Secure Shell version is 1.3.