154 • SSHCOM Command Reference HP NonStop SSH Reference Manual
[,RESET { SFTP-INITIAL-DIRECTORY | SYSTEM-USER |
SFTP-SECURITY | SFTP-GUARDIAN-FILESET |
SFTP-PRIORITY } ]
[,RESTRICTION-PROFILE [<profile-name>] ]
[,SFTP-CPU-SET [<cpu> | <cpu-range> | ( <cpu-range-list> ) ] ]
[,SFTP-GUARDIAN-FILESET ( <pattern>, <pattern>, ... ) ]
[,SFTP-INITIAL-DIRECTORY <directory-path> [LOCKED]]
[,SFTP-PRIORITY [ <number> ] ]
[,SFTP-SECURITY ( [<sftp-attr>] [, <sftp-attr>] ... ) ]
[,SHELL-COMMAND [ <command> ] ]
[,SHELL-ENVIRONMENT [ <filename> ]]
[,SHELL-PROGRAM [ *DEFAULT* | <path> | *MENU* | *MENU* <service> [ FORCE ] ] ]
[,SYSTEM-USER <system-user-name> | *NONE* ]
The <user-name> is mandatory in the command, no wild cards are allowed in the user name. Please see description of
<user-name> under the ADD USER command for unconventional names that must be put in double quotes. At least one
attribute needs to be specified in the command.
The individual attributes have the following meaning and syntax:
ALLOW-CI
This attribute controls whether a TACL or a specific command interpreter given by CI-PROGRAM should be started
upon a shell request of a client that allocated a 6530 pseudo TTY (such as 6530 SSH clients, MR-Win6530, and J6530).
ALLOW-GATEWAY-PORTS
This attribute is used to grant or deny gateway ports in the case of port forwarding initiated by a specific user. If the
value of this attribute is NO, then any port forwarding request with SSH option "-g" will be rejected by SSH2.
ALLOW-PTY
This attribute is used to grant or deny the ability to allocate a pseudo TTY for a session. The pseudo TTY enables the
user to execute full screen interactive applications, such as Emacs or vi.
ALLOW-SHELL
This attribute is used to grant or deny shell access to the user.
ALLOW-TCP-FORWARDING
This attribute is used to grant or deny port forwarding for a user. The value of this user attribute is ignored if the global
SSH2 parameter ALLOWTCPFORWARDING is set to FALSE.
ALLOWED-AUTHENTICATIONS
This attribute is used to specify the authentication mechanisms that are allowed for this user. <method> is one of the
following authentication methods currently supported by SSH2:
• password: Password authentication facilitating the NonStop system's password authentication mechanism. The
password is validated against the SYSTEM-USER's password.
• publickey: Public key authentication using the PUBLIC-KEYs configured for this user.
• keyboard-interactive: Authentication according to RFC 4256 mapped to the standard GUARDIAN user
authentication dialog verifying the SYSTEM-USER's password, as well as taking care of exceptions such as
password expiry.
• none: Grants access without authentication. This is useful for users connecting to an application requiring its
own authentication, e.g. if you configure a PATHWAY PROGRAM as CI-PROGRAM.
CAUTION: When specifying ALLOWED-AUTHENTICATIONS (none) user access should be properly locked down
to avoid security breaches that bypass any authentication (e.g. by setting SYSTEM-USER *NONE*).
ALLOWED-SUBSYSTEMS
To Next Page
Loading...
Need help?
General