EasyManua.ls Logo

HP NonStop SSH 544701-014 User Manual

HP NonStop SSH 544701-014
344 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #276 background imageLoading...
Page #276 background image
276 • STN Reference HP NonStop SSH Reference Manual
STN94 Userid <alias> provided by SSH not valid
SSH sessions with *MENU* and an SSH Guardian system user in alias format that matches SERVICE USER, but the
STN object does not have PRIV-LOGON set via the command:
Safecom ADD DISKFILE STN,
PRIV-LOGON ON
STN Application I/O Handling
Standard SETMODE Functions:
6 line spacing
7 automatic LF
8 block mode / conversational mode
9 interrupt character definitions
11 break owner
12 break mode
14 interrupt character enable/disable
20 echo
22 set /retrieve baud rate. Only used to retrieve values detected by setmode 204
23 character size (always in 8 bit mode)
28 initialize all setmodes to default values, then apply any SCRIPT associated with the window
144 set ignored; retrieve always returns hex 8200 0900
258 full duplex
Extended SETMODE Functions (unique to STN):
201
Only used with special terminals. Enable timing mark flow control. P1=0 (default) disables the feature. 0<P1<10000
specifies the number of bytes to send before sending IAC DO TM and waiting for a response. P2 is a timeout in seconds
(range 1-3600, default 3600); if no response is received to IAC DO TM, output proceeds after the timeout.
202
Only used with special terminals. Enable baud rate detection from remote client using rfc 1079. Default P1=0 disables,
P1>0 enables. P2 presently unused. The baud rate detected can be retrieved by setmode 204 as a 32-bit integer or by
setmode 22 which maps selected baud rates 75-19200 to values 1-15 (using the traditional ATP coding for setmode 22)
and other baud rates to 0.
203
Only used with special terminals. P1=0 default compatible with previous releases. P1=1 discard any data after an
application read is satisfied due to maximum read count up to and including the next line end (ascii CR). P2 presently
unused.
204
Only used with special terminals. Retrieves the speed detected by setmode 202. P1 is the high order word, P2 is the low
order word. Setting this value affects only the value returned in future setmode 204 calls.
205
Only used with special terminals. p1=1 disables echo of ascii EOT (hex 04). p1=0 (default) is compatible with previous
releases and handles EOT like other characters for echo purposes
206
Only used with special terminals. P1=1 disables interrupt character handling for ascii BS/CTRL-H (hex 06), ascii
CAN/CTRL-X (hex 18), and EM/CTRL-Y (hex 19), and also the 6530 control character ascii ENQ (hex 05), p1=0
(default) is compatible with previous releases

Table of Contents

Question and Answer IconNeed help?

Do you have a question about the HP NonStop SSH 544701-014 and is the answer not in the manual?

HP NonStop SSH 544701-014 Specifications

General IconGeneral
Product NameHP NonStop SSH
Part Number544701-014
CategorySoftware
TypeSecure Shell (SSH) Server
PlatformHP NonStop
FunctionalitySecure remote access, file transfer
Protocol SupportSSHv2
EncryptionAES, 3DES, Blowfish, and others
Authentication MethodsPublic Key, password

Summary

Components of the SSH2 Software Package

Architecture Overview

SSH2 Running as SSH Daemon (Server)

Illustrates how components work together in SSH daemon mode.

SSH2 Running as SSH Client

Installation & Quick Start

System Requirements

Installation on the NonStop Server

Installing the SSH Components on the NonStop System

Unlocking the Product with a License File

Updating to a new version of the SSH2 file set

Installation of the new version

Quick Start and Guided Tour

Quick-Starting the SSH2 System

To start the STN Pseudo Terminal Server

To Start the SSH2 Component

Secure Shell Access to the NonStop Server

To Open an OSS Shell Using a Remote SSH Client

Details on establishing an OSS shell session via SSH client.

Secure Shell Access from NonStop to Remote Systems

To Connect to a Remote SSH Daemon with the NonStop SSH Client

To Establish a Port Forwarding Tunnel with the NonStop SSH Client

Forwarding Local Port to Remote Port

Describes how to establish a port forwarding tunnel from local to remote.

Forwarding Remote Port to Local Port

Encrypted File Transfer

To Connect a Remote SFTP Client to the NonStop Server

To Configure the Public Key on the Remote System

Using Public Keys to Authenticate Remote Users

To Generate a Key Pair on an OpenSSH System

Steps to generate an SSH key pair on an OpenSSH system.

To Add the Public Key to the NonStop SSH2 User Database

Using Public Keys to Logon to Remote Systems

To Generate a Key Pair for a NonStop User

Steps to generate an SSH key pair for a NonStop user.

To Export the Public Key and Configure it on the Remote System

Configuring and Running SSH2

Configuration Overview

Explains methods for specifying SSH2 configuration parameters.

The Configuration File

PARAM Commands

Startup Line Parameters

Starting SSH2

SSH2 Parameter Reference

Parameter Overview

Introduces the table of available SSH2 parameters and their meanings.

BACKUPCPU

CIPHERS

CONFIG

CUSTOMER

FULLSSHCOMACCESSGROUP<j>

FULLSSHCOMACCESSUSER<i>

GSSAUTH

HOSTKEY

INTERFACE

INTERFACEOUT

IPMODE

LIFECYCLEPOLICYPRIVATEUSERKEY

LIFECYCLEPOLICYPUBLICUSERKEY

PARTIALSSHCOMACCESSGROUP<n>

PARTIALSSHCOMACCESSUSER<k>

PORT

PTYSERVER

SSHCTL

STRICTHOSTKEYCHECKING

SUBNET

Enabling Full TTY Access

To Start the STN Pseudo Terminal Server Included with SSH2

Enabling 6530 Terminal Access

Configuring an Alternate Command Interpreter

Configuring a Service Menu

Configuring an STN Service or Window

Forcing TACL Access via Server-side Configuration

Using TELSERV as Service Provider

Granting Access without SSH Authentication

Single Sign-on with GSSAPI Authentication

Overview

Prerequisites

Configuration of the GSSAPI Interface Process

Details the configuration steps for the GSSAPI authentication interface process.

Enabling GSSAPI Authentication for a User Account

Describes how to enable GSSAPI authentication on a per-user basis.

Authorizing Kerberos Principals for Logon

Explicit Authorization

Restricting Incoming and Outgoing Connections

Rejecting Gateway Ports

Restricting External Access to SSH2 Process

Restricting Internal Access to Remote SSH2 Hosts

Restricting Local Ports used for Port Forwarding

Restricting Remote Hosts/Ports for Port Forwarding

Restricting access to forwarding tunnels

Load Balancing

Load-Balancing Outbound SSH Sessions

Techniques for distributing CPU load for outbound SSH sessions.

Load-Balancing Inbound SSH Sessions

Fault Tolerance

Configuring SSH2 as a NonStop Process Pair

Configuring SSH2 as a Generic Process

TCP/IPv6 Configuration

IPv6 Address Formats

Usage of IPv6 Addresses

IP Mode

TCP/IPv6 Migration and Backout

Start Using TCP/IPv6

Reverting Back to Pre-IPv6 SSH2 Release

The SSH User Database

Overview of SSH Operation Modes

Describes daemon and client modes for SSH database access.

Database for Daemon Mode

Database for Client Mode

Creating and Accessing the Database

SSHCOM Command Reference

SSHCOM Overview

Introduces the SSHCOM command interpreter for managing the SSH2 user database.

Security within SSHCOM

Configuration of Users with Full SSHCOM Access

Dependency on Safeguard OBJECTTYPE USER Record

SSHCOM Security with existing Safeguard OBJECTTYPE USER Record

Miscellaneous commands in SSHCOM

INFO SSH2

EXPORT SSHCTL

INFO HOST-KEY

EXPORT HOST-KEY

Daemon Mode Commands - Overview

Commands operating on the USER entity

Describes commands for managing USER entities in daemon mode.

ADD USER

Adds a new user to the SSH2 database.

ALLOW-TCP-FORWARDING

ALLOWED-AUTHENTICATIONS

ALLOWED-SUBSYSTEMS

CI-PROGRAM

PRINCIPAL

PUBLICKEY

RESTRICTION-PROFILE

SFTP-SECURITY

ALTER USER

DELETE USER

FREEZE USER

INFO USER

RENAME USER

THAW USER

Daemon Mode Commands Operating on the RESTRICTION-PROFILE Entity

ADD RESTRICTION-PROFILE

Adds a new restriction profile to the database.

ALTER RESTRICTON-PROFILE

DELETE RESTRICTION-PROFILE

INFO RESTRICTION-PROFILE

RENAME RESTRICTION-PROFILE

Client Mode Commands - Overview

Commands operating on the KEY, PASSWORD, and KNOWNHOST entity

Lists commands for managing KEY, PASSWORD, and KNOWNHOST entities.

Commands operating on the KEY entity

Details commands for managing SSH keys.

ASSUME USER

INFO SYSTEM-USER

Client Mode Commands Operating on the KEY Entity

ALTER KEY

Changes properties of an existing user private key.

DELETE KEY

EXPORT KEY

FREEZE KEY

GENERATE KEY

IMPORT KEY

INFO KEY

RENAME KEY

THAW KEY

Client Mode Commands Operating on the PASSWORD Entity

ADD PASSWORD

Adds a new password to the database.

ALTER PASSWORD

DELETE PASSWORD

FREEZE PASSWORD

INFO PASSWORD

RENAME PASSWORD

Client Mode Commands Operating on the KNOWNHOST Entity

ADD KNOWNHOST

Adds a new known host to the database.

ALTER KNOWNHOST

DELETE KNOWNHOST

FREEZE KNOWNHOST

INFO KNOWNHOST

RENAME KNOWNHOST

THAW KNOWNHOST

Status Commands

STATUS SSH2

Displays current status information for the SSH2 process.

STATUS SESSION

STATUS CHANNEL

STATUS OPENER

Statistics Related Commands

STATISTICS SESSION

Displays statistics for active SSH sessions.

Abort Session Command

SSH and SFTP Client Reference

Starting the Guardian Client Programs

Starting the OSS Client Programs

Configuring the SSH2 Process to Use

Automating the SFTP/SSH clients

SSH Client Command Reference

General Runtime options

Using the SSH client to create a shell controlling a remote system

Creating a full shell

Steps to establish a full interactive shell session to a remote system.

Executing a single command

How to connect and execute a single command on a remote system.

Using the SSH client to create a port forwarding daemon

Starting port forwarding on the client system

Initiates a port forwarding daemon on the client system.

Connecting to the port forwarding client with a Telnet client

Using the SSH client to create an FTP port forwarding daemon

Starting FTP port forwarding on the client system

Initiates FTP port forwarding through an SSH session.

Connecting to the port forwarding client with a FTP client

SFTP Client Command Reference

Command-Line Reference

Lists and explains SFTP client command-line options.

Runtime options

Specifying File Names on the NonStop System

Extended Syntax for Creation of New Guardian Files

Transfer Modes for Structured Guardian Files

Fix Command and Command History

Command History

Fix Command

SSH Protocol Reference

Implementation of the SSH protocol

Authentication using User Names and Passwords

Public Key Authentication

Introduction to Public Key Authentication, Terminology

Public Key Authentication and SSH

Assuring Host Authenticity

Client logon

STN Reference

Running STN as Pseudo TTY Server for SSH2

Details on running STN as a pseudo TTY server for SSH2.

Starting STN from TACL

Running STN as Persistent Process

STNCOM

STNCOM Commands

ABEND

ABORT SERVICE

ABORT SESSION

ABORT WINDOW

ADD IPRANGE

ADD SCRIPT

ADD SERVICE

Session and Window Naming

GWN Related STNCOM Commands

Monitoring and Auditing

Log Messages

Content of Log Messages

Log Level

Destinations for Log Messages

Audit Messages

Content of Audit Messages

Destinatinations for Audit Messages

Performance Considerations

Introduction

Performance Analysis of SSH Session Establishment

Performance Running as SSH Daemon

Performance Analysis of SFTP Traffic

SFTPSERV Performance of ls Command with Wildcards

Performance When Running as SSH Client

Summary

Troubleshooting

Information Needed By Support

General SSH2 Error Messages

Session Related SSH2 Errors

Session Related Error Messages of SSH2 Daemon

Session Related Messages of SSH2 in Client Mode

Client Error Messages

Related product manuals