EasyManua.ls Logo

HP NonStop SSH 544701-014 User Manual

HP NonStop SSH 544701-014
344 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #199 background imageLoading...
Page #199 background image
HP NonStop SSH Reference Manual SSH and SFTP Client Reference 199
Specify the user to log in as on the remote machine. This option has the same effect as the l command line
option or the user runtime parameter.
AllowedAuthentications=methods
Specify the authentication methods that are allowed for user authentication. The value is a comma separated list
of method names (without any spaces). See SSH2 parameter CLIENTALLOWEDAUTHENTICATIONS for
the possibility to restrict the ssh clients' authentication methods.
-S process
Connect using a specific SSH2 process. See section "Configuring the SSH2 Process to Use" for further details.
Runtime options relevant only when creating a shell
-t
Force pseudo-tty allocation. This can be used to execute arbitrary screen-based programs on a remote machine.
-T
Do not allocate a tty.
-s
Use this option to request invocation of a subsystem on the remote system. Subsystems are a feature of the SSH2
protocol which facilitate the use of SSH as a secure transport for other applications (e.g. sftp). The subsystem is specified
as the remote command.
Runtime options relevant only for port forwarding
-L [ftp/]listen-port:host:port
Specifies that the given listen-port on the local (client) host is to be forwarded to the given host and port on the remote
side. This works by allocating a socket to listen to listen-port on the local side. Whenever a connection is made to this
port, the connection is forwarded over the secure channel, and a connection is made to host and port from the remote
machine.
Specifying the ftp/ prefix will enable dynamic port forwarding of FTP sessions, forwarding both FTP control and data
connections over the SSH session.
The g (gateway) option controls weather all connections or only those originating from “localhost” will be forwarded.
-R [ftp/]listen-port:host:port
Specifies that the given listen-port on the remote (daemon) host is to be forwarded to the given host and port on the local
side. This works by allocating a socket to listen to listen-port on the remote side. Whenever a connection is made to this
port, the connection is forwarded over the secure channel, and a connection is made to host and port from the local
machine.
Specifying the ftp/ prefix will enable dynamic port forwarding of FTP sessions, forwarding both FTP control and data
connections over the SSH session.
The g (gateway) option controls weather all connections or only those originating from “localhost” will be forwarded.
-N
Do not execute a shell or command. This is useful for just forwarding ports.
-g
Allows remote hosts to connect to local forwarded ports. By default, only connections originating from "localhost"
(127.0.0.1) will be forwarded. Using g will forward any connection.

Table of Contents

Question and Answer IconNeed help?

Do you have a question about the HP NonStop SSH 544701-014 and is the answer not in the manual?

HP NonStop SSH 544701-014 Specifications

General IconGeneral
Product NameHP NonStop SSH
Part Number544701-014
CategorySoftware
TypeSecure Shell (SSH) Server
PlatformHP NonStop
FunctionalitySecure remote access, file transfer
Protocol SupportSSHv2
EncryptionAES, 3DES, Blowfish, and others
Authentication MethodsPublic Key, password

Summary

Components of the SSH2 Software Package

Architecture Overview

SSH2 Running as SSH Daemon (Server)

Illustrates how components work together in SSH daemon mode.

SSH2 Running as SSH Client

Installation & Quick Start

System Requirements

Installation on the NonStop Server

Installing the SSH Components on the NonStop System

Unlocking the Product with a License File

Updating to a new version of the SSH2 file set

Installation of the new version

Quick Start and Guided Tour

Quick-Starting the SSH2 System

To start the STN Pseudo Terminal Server

To Start the SSH2 Component

Secure Shell Access to the NonStop Server

To Open an OSS Shell Using a Remote SSH Client

Details on establishing an OSS shell session via SSH client.

Secure Shell Access from NonStop to Remote Systems

To Connect to a Remote SSH Daemon with the NonStop SSH Client

To Establish a Port Forwarding Tunnel with the NonStop SSH Client

Forwarding Local Port to Remote Port

Describes how to establish a port forwarding tunnel from local to remote.

Forwarding Remote Port to Local Port

Encrypted File Transfer

To Connect a Remote SFTP Client to the NonStop Server

To Configure the Public Key on the Remote System

Using Public Keys to Authenticate Remote Users

To Generate a Key Pair on an OpenSSH System

Steps to generate an SSH key pair on an OpenSSH system.

To Add the Public Key to the NonStop SSH2 User Database

Using Public Keys to Logon to Remote Systems

To Generate a Key Pair for a NonStop User

Steps to generate an SSH key pair for a NonStop user.

To Export the Public Key and Configure it on the Remote System

Configuring and Running SSH2

Configuration Overview

Explains methods for specifying SSH2 configuration parameters.

The Configuration File

PARAM Commands

Startup Line Parameters

Starting SSH2

SSH2 Parameter Reference

Parameter Overview

Introduces the table of available SSH2 parameters and their meanings.

BACKUPCPU

CIPHERS

CONFIG

CUSTOMER

FULLSSHCOMACCESSGROUP<j>

FULLSSHCOMACCESSUSER<i>

GSSAUTH

HOSTKEY

INTERFACE

INTERFACEOUT

IPMODE

LIFECYCLEPOLICYPRIVATEUSERKEY

LIFECYCLEPOLICYPUBLICUSERKEY

PARTIALSSHCOMACCESSGROUP<n>

PARTIALSSHCOMACCESSUSER<k>

PORT

PTYSERVER

SSHCTL

STRICTHOSTKEYCHECKING

SUBNET

Enabling Full TTY Access

To Start the STN Pseudo Terminal Server Included with SSH2

Enabling 6530 Terminal Access

Configuring an Alternate Command Interpreter

Configuring a Service Menu

Configuring an STN Service or Window

Forcing TACL Access via Server-side Configuration

Using TELSERV as Service Provider

Granting Access without SSH Authentication

Single Sign-on with GSSAPI Authentication

Overview

Prerequisites

Configuration of the GSSAPI Interface Process

Details the configuration steps for the GSSAPI authentication interface process.

Enabling GSSAPI Authentication for a User Account

Describes how to enable GSSAPI authentication on a per-user basis.

Authorizing Kerberos Principals for Logon

Explicit Authorization

Restricting Incoming and Outgoing Connections

Rejecting Gateway Ports

Restricting External Access to SSH2 Process

Restricting Internal Access to Remote SSH2 Hosts

Restricting Local Ports used for Port Forwarding

Restricting Remote Hosts/Ports for Port Forwarding

Restricting access to forwarding tunnels

Load Balancing

Load-Balancing Outbound SSH Sessions

Techniques for distributing CPU load for outbound SSH sessions.

Load-Balancing Inbound SSH Sessions

Fault Tolerance

Configuring SSH2 as a NonStop Process Pair

Configuring SSH2 as a Generic Process

TCP/IPv6 Configuration

IPv6 Address Formats

Usage of IPv6 Addresses

IP Mode

TCP/IPv6 Migration and Backout

Start Using TCP/IPv6

Reverting Back to Pre-IPv6 SSH2 Release

The SSH User Database

Overview of SSH Operation Modes

Describes daemon and client modes for SSH database access.

Database for Daemon Mode

Database for Client Mode

Creating and Accessing the Database

SSHCOM Command Reference

SSHCOM Overview

Introduces the SSHCOM command interpreter for managing the SSH2 user database.

Security within SSHCOM

Configuration of Users with Full SSHCOM Access

Dependency on Safeguard OBJECTTYPE USER Record

SSHCOM Security with existing Safeguard OBJECTTYPE USER Record

Miscellaneous commands in SSHCOM

INFO SSH2

EXPORT SSHCTL

INFO HOST-KEY

EXPORT HOST-KEY

Daemon Mode Commands - Overview

Commands operating on the USER entity

Describes commands for managing USER entities in daemon mode.

ADD USER

Adds a new user to the SSH2 database.

ALLOW-TCP-FORWARDING

ALLOWED-AUTHENTICATIONS

ALLOWED-SUBSYSTEMS

CI-PROGRAM

PRINCIPAL

PUBLICKEY

RESTRICTION-PROFILE

SFTP-SECURITY

ALTER USER

DELETE USER

FREEZE USER

INFO USER

RENAME USER

THAW USER

Daemon Mode Commands Operating on the RESTRICTION-PROFILE Entity

ADD RESTRICTION-PROFILE

Adds a new restriction profile to the database.

ALTER RESTRICTON-PROFILE

DELETE RESTRICTION-PROFILE

INFO RESTRICTION-PROFILE

RENAME RESTRICTION-PROFILE

Client Mode Commands - Overview

Commands operating on the KEY, PASSWORD, and KNOWNHOST entity

Lists commands for managing KEY, PASSWORD, and KNOWNHOST entities.

Commands operating on the KEY entity

Details commands for managing SSH keys.

ASSUME USER

INFO SYSTEM-USER

Client Mode Commands Operating on the KEY Entity

ALTER KEY

Changes properties of an existing user private key.

DELETE KEY

EXPORT KEY

FREEZE KEY

GENERATE KEY

IMPORT KEY

INFO KEY

RENAME KEY

THAW KEY

Client Mode Commands Operating on the PASSWORD Entity

ADD PASSWORD

Adds a new password to the database.

ALTER PASSWORD

DELETE PASSWORD

FREEZE PASSWORD

INFO PASSWORD

RENAME PASSWORD

Client Mode Commands Operating on the KNOWNHOST Entity

ADD KNOWNHOST

Adds a new known host to the database.

ALTER KNOWNHOST

DELETE KNOWNHOST

FREEZE KNOWNHOST

INFO KNOWNHOST

RENAME KNOWNHOST

THAW KNOWNHOST

Status Commands

STATUS SSH2

Displays current status information for the SSH2 process.

STATUS SESSION

STATUS CHANNEL

STATUS OPENER

Statistics Related Commands

STATISTICS SESSION

Displays statistics for active SSH sessions.

Abort Session Command

SSH and SFTP Client Reference

Starting the Guardian Client Programs

Starting the OSS Client Programs

Configuring the SSH2 Process to Use

Automating the SFTP/SSH clients

SSH Client Command Reference

General Runtime options

Using the SSH client to create a shell controlling a remote system

Creating a full shell

Steps to establish a full interactive shell session to a remote system.

Executing a single command

How to connect and execute a single command on a remote system.

Using the SSH client to create a port forwarding daemon

Starting port forwarding on the client system

Initiates a port forwarding daemon on the client system.

Connecting to the port forwarding client with a Telnet client

Using the SSH client to create an FTP port forwarding daemon

Starting FTP port forwarding on the client system

Initiates FTP port forwarding through an SSH session.

Connecting to the port forwarding client with a FTP client

SFTP Client Command Reference

Command-Line Reference

Lists and explains SFTP client command-line options.

Runtime options

Specifying File Names on the NonStop System

Extended Syntax for Creation of New Guardian Files

Transfer Modes for Structured Guardian Files

Fix Command and Command History

Command History

Fix Command

SSH Protocol Reference

Implementation of the SSH protocol

Authentication using User Names and Passwords

Public Key Authentication

Introduction to Public Key Authentication, Terminology

Public Key Authentication and SSH

Assuring Host Authenticity

Client logon

STN Reference

Running STN as Pseudo TTY Server for SSH2

Details on running STN as a pseudo TTY server for SSH2.

Starting STN from TACL

Running STN as Persistent Process

STNCOM

STNCOM Commands

ABEND

ABORT SERVICE

ABORT SESSION

ABORT WINDOW

ADD IPRANGE

ADD SCRIPT

ADD SERVICE

Session and Window Naming

GWN Related STNCOM Commands

Monitoring and Auditing

Log Messages

Content of Log Messages

Log Level

Destinations for Log Messages

Audit Messages

Content of Audit Messages

Destinatinations for Audit Messages

Performance Considerations

Introduction

Performance Analysis of SSH Session Establishment

Performance Running as SSH Daemon

Performance Analysis of SFTP Traffic

SFTPSERV Performance of ls Command with Wildcards

Performance When Running as SSH Client

Summary

Troubleshooting

Information Needed By Support

General SSH2 Error Messages

Session Related SSH2 Errors

Session Related Error Messages of SSH2 Daemon

Session Related Messages of SSH2 in Client Mode

Client Error Messages

Related product manuals