EasyManua.ls Logo

HP NonStop SSH 544701-014 User Manual

HP NonStop SSH 544701-014
344 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #236 background imageLoading...
Page #236 background image
236 • STN Reference HP NonStop SSH Reference Manual
DELETE SERVICE <service-name> | *
The specified service, or all services, can be removed from the configuration.
DELETE WIN[DOW] <window-name> | *
DELETE WINDOW removes a previously added window from the configuration. Dynamic windows are automatically
deleted upon session termination. Windows created by AUTO_ADD_WIN Y are automatically deleted when all
applications using the window terminate or close the window (no longer relevant since SPR T0801^ABE where
AUTO_ADD_WIN is not supported anymore).
WIN and WINDOW are equivalent.
<window-name> specifies a window to be deleted.
* means to delete all windows, including DYNAMIC and AUTO_ADD_WIN windows.
DEV_SUBTYPE B05COMP | WINDOW | <nn>
Controls the values returned to application DEVICEINFO calls against a window.
B05COMP (default) compatibile with STN releases B05 and earlier.
no session active 6,0
6530 session active 6,4
non 6530 session 6,0
WINDOW response determined by ADD WINDOW configuration
SUBTYPE nn 6,nn
(overrides TERM_TYPE)
SUBTYPE NONE and no session active, response determined by TERM_TYPE:
TERM_TYPE 6530 6,4
TERM_TYPE other 6,0
When SUBTYPE is NONE, and a session is active, then B05COMP rules above are used.
<nn> always responds with type 6 and subtype <nn>
DYNAMIC_PRI <nnn>
Specifies the default priority used for dynamic window applications when the SERVICE does not specify PRI.
Where <nnn> is the Guardian priority in the range 1-199; default is 149.
DYN_CPU (cpu,cpu)
Sets default CPU for subsequent ADD SERVICE TYPE DYNAMIC. Default is DYN_CPU (0,15).
DYN_WIN_MAX <nnn>
The existing DYN_WIN_MAX command is generally superseded by the features of GWN^TEMPLATE (introduced in
T0801^ABE), but it is still allowed.
<nnn> is the maximum number of window names, including zero (0). <nnn> must be in the range 100 to 100000, default
is 100000. DYN_WIN_MAX may be used to reduce the number of windows allowed by GWN^TEMPLATE. For
example:
PARAM GWN^TEMPLATE #Z0000

Table of Contents

Question and Answer IconNeed help?

Do you have a question about the HP NonStop SSH 544701-014 and is the answer not in the manual?

HP NonStop SSH 544701-014 Specifications

General IconGeneral
Product NameHP NonStop SSH
Part Number544701-014
CategorySoftware
TypeSecure Shell (SSH) Server
PlatformHP NonStop
FunctionalitySecure remote access, file transfer
Protocol SupportSSHv2
EncryptionAES, 3DES, Blowfish, and others
Authentication MethodsPublic Key, password

Summary

Components of the SSH2 Software Package

Architecture Overview

SSH2 Running as SSH Daemon (Server)

Illustrates how components work together in SSH daemon mode.

SSH2 Running as SSH Client

Installation & Quick Start

System Requirements

Installation on the NonStop Server

Installing the SSH Components on the NonStop System

Unlocking the Product with a License File

Updating to a new version of the SSH2 file set

Installation of the new version

Quick Start and Guided Tour

Quick-Starting the SSH2 System

To start the STN Pseudo Terminal Server

To Start the SSH2 Component

Secure Shell Access to the NonStop Server

To Open an OSS Shell Using a Remote SSH Client

Details on establishing an OSS shell session via SSH client.

Secure Shell Access from NonStop to Remote Systems

To Connect to a Remote SSH Daemon with the NonStop SSH Client

To Establish a Port Forwarding Tunnel with the NonStop SSH Client

Forwarding Local Port to Remote Port

Describes how to establish a port forwarding tunnel from local to remote.

Forwarding Remote Port to Local Port

Encrypted File Transfer

To Connect a Remote SFTP Client to the NonStop Server

To Configure the Public Key on the Remote System

Using Public Keys to Authenticate Remote Users

To Generate a Key Pair on an OpenSSH System

Steps to generate an SSH key pair on an OpenSSH system.

To Add the Public Key to the NonStop SSH2 User Database

Using Public Keys to Logon to Remote Systems

To Generate a Key Pair for a NonStop User

Steps to generate an SSH key pair for a NonStop user.

To Export the Public Key and Configure it on the Remote System

Configuring and Running SSH2

Configuration Overview

Explains methods for specifying SSH2 configuration parameters.

The Configuration File

PARAM Commands

Startup Line Parameters

Starting SSH2

SSH2 Parameter Reference

Parameter Overview

Introduces the table of available SSH2 parameters and their meanings.

BACKUPCPU

CIPHERS

CONFIG

CUSTOMER

FULLSSHCOMACCESSGROUP<j>

FULLSSHCOMACCESSUSER<i>

GSSAUTH

HOSTKEY

INTERFACE

INTERFACEOUT

IPMODE

LIFECYCLEPOLICYPRIVATEUSERKEY

LIFECYCLEPOLICYPUBLICUSERKEY

PARTIALSSHCOMACCESSGROUP<n>

PARTIALSSHCOMACCESSUSER<k>

PORT

PTYSERVER

SSHCTL

STRICTHOSTKEYCHECKING

SUBNET

Enabling Full TTY Access

To Start the STN Pseudo Terminal Server Included with SSH2

Enabling 6530 Terminal Access

Configuring an Alternate Command Interpreter

Configuring a Service Menu

Configuring an STN Service or Window

Forcing TACL Access via Server-side Configuration

Using TELSERV as Service Provider

Granting Access without SSH Authentication

Single Sign-on with GSSAPI Authentication

Overview

Prerequisites

Configuration of the GSSAPI Interface Process

Details the configuration steps for the GSSAPI authentication interface process.

Enabling GSSAPI Authentication for a User Account

Describes how to enable GSSAPI authentication on a per-user basis.

Authorizing Kerberos Principals for Logon

Explicit Authorization

Restricting Incoming and Outgoing Connections

Rejecting Gateway Ports

Restricting External Access to SSH2 Process

Restricting Internal Access to Remote SSH2 Hosts

Restricting Local Ports used for Port Forwarding

Restricting Remote Hosts/Ports for Port Forwarding

Restricting access to forwarding tunnels

Load Balancing

Load-Balancing Outbound SSH Sessions

Techniques for distributing CPU load for outbound SSH sessions.

Load-Balancing Inbound SSH Sessions

Fault Tolerance

Configuring SSH2 as a NonStop Process Pair

Configuring SSH2 as a Generic Process

TCP/IPv6 Configuration

IPv6 Address Formats

Usage of IPv6 Addresses

IP Mode

TCP/IPv6 Migration and Backout

Start Using TCP/IPv6

Reverting Back to Pre-IPv6 SSH2 Release

The SSH User Database

Overview of SSH Operation Modes

Describes daemon and client modes for SSH database access.

Database for Daemon Mode

Database for Client Mode

Creating and Accessing the Database

SSHCOM Command Reference

SSHCOM Overview

Introduces the SSHCOM command interpreter for managing the SSH2 user database.

Security within SSHCOM

Configuration of Users with Full SSHCOM Access

Dependency on Safeguard OBJECTTYPE USER Record

SSHCOM Security with existing Safeguard OBJECTTYPE USER Record

Miscellaneous commands in SSHCOM

INFO SSH2

EXPORT SSHCTL

INFO HOST-KEY

EXPORT HOST-KEY

Daemon Mode Commands - Overview

Commands operating on the USER entity

Describes commands for managing USER entities in daemon mode.

ADD USER

Adds a new user to the SSH2 database.

ALLOW-TCP-FORWARDING

ALLOWED-AUTHENTICATIONS

ALLOWED-SUBSYSTEMS

CI-PROGRAM

PRINCIPAL

PUBLICKEY

RESTRICTION-PROFILE

SFTP-SECURITY

ALTER USER

DELETE USER

FREEZE USER

INFO USER

RENAME USER

THAW USER

Daemon Mode Commands Operating on the RESTRICTION-PROFILE Entity

ADD RESTRICTION-PROFILE

Adds a new restriction profile to the database.

ALTER RESTRICTON-PROFILE

DELETE RESTRICTION-PROFILE

INFO RESTRICTION-PROFILE

RENAME RESTRICTION-PROFILE

Client Mode Commands - Overview

Commands operating on the KEY, PASSWORD, and KNOWNHOST entity

Lists commands for managing KEY, PASSWORD, and KNOWNHOST entities.

Commands operating on the KEY entity

Details commands for managing SSH keys.

ASSUME USER

INFO SYSTEM-USER

Client Mode Commands Operating on the KEY Entity

ALTER KEY

Changes properties of an existing user private key.

DELETE KEY

EXPORT KEY

FREEZE KEY

GENERATE KEY

IMPORT KEY

INFO KEY

RENAME KEY

THAW KEY

Client Mode Commands Operating on the PASSWORD Entity

ADD PASSWORD

Adds a new password to the database.

ALTER PASSWORD

DELETE PASSWORD

FREEZE PASSWORD

INFO PASSWORD

RENAME PASSWORD

Client Mode Commands Operating on the KNOWNHOST Entity

ADD KNOWNHOST

Adds a new known host to the database.

ALTER KNOWNHOST

DELETE KNOWNHOST

FREEZE KNOWNHOST

INFO KNOWNHOST

RENAME KNOWNHOST

THAW KNOWNHOST

Status Commands

STATUS SSH2

Displays current status information for the SSH2 process.

STATUS SESSION

STATUS CHANNEL

STATUS OPENER

Statistics Related Commands

STATISTICS SESSION

Displays statistics for active SSH sessions.

Abort Session Command

SSH and SFTP Client Reference

Starting the Guardian Client Programs

Starting the OSS Client Programs

Configuring the SSH2 Process to Use

Automating the SFTP/SSH clients

SSH Client Command Reference

General Runtime options

Using the SSH client to create a shell controlling a remote system

Creating a full shell

Steps to establish a full interactive shell session to a remote system.

Executing a single command

How to connect and execute a single command on a remote system.

Using the SSH client to create a port forwarding daemon

Starting port forwarding on the client system

Initiates a port forwarding daemon on the client system.

Connecting to the port forwarding client with a Telnet client

Using the SSH client to create an FTP port forwarding daemon

Starting FTP port forwarding on the client system

Initiates FTP port forwarding through an SSH session.

Connecting to the port forwarding client with a FTP client

SFTP Client Command Reference

Command-Line Reference

Lists and explains SFTP client command-line options.

Runtime options

Specifying File Names on the NonStop System

Extended Syntax for Creation of New Guardian Files

Transfer Modes for Structured Guardian Files

Fix Command and Command History

Command History

Fix Command

SSH Protocol Reference

Implementation of the SSH protocol

Authentication using User Names and Passwords

Public Key Authentication

Introduction to Public Key Authentication, Terminology

Public Key Authentication and SSH

Assuring Host Authenticity

Client logon

STN Reference

Running STN as Pseudo TTY Server for SSH2

Details on running STN as a pseudo TTY server for SSH2.

Starting STN from TACL

Running STN as Persistent Process

STNCOM

STNCOM Commands

ABEND

ABORT SERVICE

ABORT SESSION

ABORT WINDOW

ADD IPRANGE

ADD SCRIPT

ADD SERVICE

Session and Window Naming

GWN Related STNCOM Commands

Monitoring and Auditing

Log Messages

Content of Log Messages

Log Level

Destinations for Log Messages

Audit Messages

Content of Audit Messages

Destinatinations for Audit Messages

Performance Considerations

Introduction

Performance Analysis of SSH Session Establishment

Performance Running as SSH Daemon

Performance Analysis of SFTP Traffic

SFTPSERV Performance of ls Command with Wildcards

Performance When Running as SSH Client

Summary

Troubleshooting

Information Needed By Support

General SSH2 Error Messages

Session Related SSH2 Errors

Session Related Error Messages of SSH2 Daemon

Session Related Messages of SSH2 in Client Mode

Client Error Messages

Related product manuals