166 • SSHCOM Command Reference HP NonStop SSH Reference Manual
The PERMIT-OPEN attribute limits a user’s ability to do port forwarding to only specific host/port combinations. .
Configurations are allowed for <targethost> and <targetport> when port forwarding is specified as follows:
ssh -L <localport>:<targethost>:<targetport> <user>@<host>
ssh -R <remoteport>:<targethost>:<targetport> <user>@<host>
The PERMIT-OPEN attribute corresponds to the OpenSSH parameter permitopen=.
If localhost or 127.0.0.1 is specified as <targethost>, then the specified <host> is used for restriction checking.
The PERMIT-OPEN restrictions are applied whenever the user tries to establish a local port forwarding channel via
SSH2 using the SSH and SSHOSS clients.
For formats and examples of the attribute value, please see the CONNECT-TO section. The format of values for
PERMIT-OPEN and CONNECT-TO are the same. The values are just interpreted differently.
DELETE RESTRICTION-PROFILE
The DELETE RESTRICTION-PROFILE command deletes a user from the database and has the following syntax:
DELETE RESTRICTION
-PROFILE <profile
-name> The <profile-name> is mandatory in the command, and no wild cards are allowed in the profile name.
INFO RESTRICTION-PROFILE
The INFO RESTRICTION-PROFILE command displays information about a single restriction profile or a set of
restriction profiles and has the following syntax:
INFO RESTRICTION
-PROFILE {<profile
-name> | <profile
-name-prefix>* | *} [, DETAIL]
At least one o
f <profile
-name>, <profile-name-prefix>* or ‘*’ is mandatory in the command. If <profile-name-prefix> followed by an asterisk is specified, the restriction profile records are displayed where the first part of the profile name
matches the specified prefix. If a ‘*’ is used, information for all users will be displayed. Otherwise, information for a
single user will be displayed.
RENAME RESTRICTION-PROFILE
The RENAME RESTRICTION-PROFILE command renames a restriction profile and has the following syntax:
RENAME RESTRICTION
-PROFILE <old
-profile-name>, <new
-profile-name> Both <old-profile-name> and <new-profile-name> are mandatory in the command; no wild cards are allowed in either
one.
If the restriction p
rofile <old
-profile-name> is in use, that is, if user entries have the RESTRICTION-PROFILE attribute set to the specified <old-profile-name>, the renaming of the restriction profile will be rejected.
To Next Page
Loading...
