System Administration Guide: Security Services
Previous Next

Solaris Secure Shell Enhancements in the Solaris 10 Release

Since the Solaris 9 release, the following changes have been introduced to Solaris Secure Shell:

  • Solaris Secure Shell is based on OpenSSH 3.5p1. The Solaris implementation also includes features and bug fixes from versions up to OpenSSH 3.8p1.

  • The default value of X11Forwarding is yes in the /etc/ssh/sshd_config file.

  • The following keywords have been introduced:

    • GSSAPIAuthentication

    • GSSAPIKeyExchange

    • GSSAPIDelegateCredentials

    • GSSAPIStoreDelegatedCredentials

    • KbdInteractiveAuthentication

    The GSSAPI keywords enable Solaris Secure Shell to use GSS credentials for authentication. The KbdInteractiveAuthentication keyword supports arbitrary prompting and password changing in PAM. For a complete list of keywords and their default values, see Keywords in Solaris Secure Shell.

  • The ARCFOUR and AES128-CTR ciphers are now available. ARCFOUR is also known as RC4. The AES cipher is AES in counter mode.

  • The sshd daemon uses the variables in /etc/default/login and the login command. The /etc/default/login variables can be overridden by values in the sshd_config file. For more information, see Solaris Secure Shell and Login Environment Variables and the sshd_config(4) man page.

Previous Next