HP NonStop SSH 544701-014 Manuals

Manuals and User Guides for HP NonStop SSH 544701-014. We have 1 HP NonStop SSH 544701-014 manual available for free PDF download: Reference Manual

Hp NonStop SSH 544701-014 Reference Manual

Hp NonStop SSH 544701-014 Reference Manual (344 pages)

Brand: Hp | Category: Software | Size: 1.65 MB

Table of Contents

Table of Contents
3
Preface

13
- Who Should Read this Guide
  13
- Related Reading
  13
- Document History
  15
Introduction

25
- The SSH2 Solution
  25
  - Fully Compliant with the SSH Protocol Specification
    25
  - Strong Authentication and Multiple Cipher Suites
    25
  - Support of Full Screen Terminal Access
    25
  - Built-In User Base
    25
  - Central Key Store
    26
  - Secure SFTP Transfer
    26
  - TCP and FTP Port Forwarding
    26
  - Single Sign-On
    26
  - Tcp/Ipv6
    26
- The SSH Protocol
  26
- Components of the SSH2 Software Package
  27
- Architecture Overview
  28
  - SSH2 Running as SSH Daemon (Server)
    28
  - SSH2 Running as SSH Client
    29
Installation & Quick Start

31
Configuring and Running SSH2

47
- Configuration Overview
  47
  - The Configuration File
    48
  - PARAM Commands
    48
  - Startup Line Parameters
    49
- Starting SSH2
  49
- SSH2 Parameter Reference
  50
  - Parameter Overview
    50
  - Allowedauthentications
    53
  - Allowedsubsystems
    53
  - Allowfrozensystemuser
    54
  - Allowinfossh2
    55
  - Allowpasswordstore
    55
  - Allowtcpforwarding
    56
  - Auditconsole
    56
  - Auditems
    57
  - Auditfile
    58
  - Auditfileretention
    58
  - Auditformat
    59
  - Auditformatconsole
    59
  - Auditformatems
    60
  - Auditformatfile
    60
  - Auditmaxfilelength
    61
  - Autoaddsystemusers
    61
  - Autoaddsystemuserslike
    62
  - Backupcpu
    63
  - Banner
    63
  - Ciphers
    64
  - Clientallowedauthentications
    65
  - Compression
    65
  - Config
    66
  - Config2
    66
  - Cpuset
    66
  - Customer
    67
  - Disconnectifuserunknown
    68
  - Enablestatisticsatstartup
    68
  - Fullsshcomaccessgroup<J
    69
  - Fullsshcomaccessuser<I
    69
  - Gssauth
    70
  - Gssgexkex
    71
  - Gsskex
    71
  - Guardianattributeseparator
    72
  - Hostkey
    72
  - Interface
    73
  - Interfaceout
    74
  - Intervalliveprivateuserkey
    74
  - Intervalliveppublicuserkey
    75
  - Intervalpendingprivateuserkey
    76
  - Intervalpendingpublicuserkey
    76
  - Ipmode
    77
  - License
    78
  - Lifecyclepolicyprivateuserkey
    78
  - Lifecyclepolicypublicuserkey
    79
  - Logcachedumponabort
    80
  - Logcachesize
    80
  - Logconsole
    81
  - Logems
    81
  - Logemskeepcollectoropened
    82
- Logfile
  82
- Logfileretention
  83
- Logformat
  83
- Logformatconsole
  84
- Logformatems
  85
- Logformatfile
  86
- Loglevel
  86
- Loglevelcache
  87
- Loglevelconsole
  87
- Loglevelems
  88
- Loglevelfile
  88
- Logmaxfilelength
  89
- Logmemory
  89
- Macs
  90
- Partialsshcomaccessgroup<N
  90
- Partialsshcomaccessuser<K
  91
- Port
  92
- Ptcpipfilterkey
  92
- Ptcpipfiltertcpports
  93
- Ptyserver
  93
- Recorddelimiter
  94
- Restrictioncheckfaileddefault
  94
- Safeguard-Password-Required
  95
- Sftpallowguardiancd
  95
- Sftpcpuset
  96
- Sftpdisplayguardian
  96
- Sftpeditlinemode
  97
- Sftpeditlinenumberdecimalincr
  97
- Sftpeditlinestartdecimalincr
  98
- Sftpexclusionmoderead
  99
- Sftpidletimeout
  100
- Sftpmaxextents
  100
- Sftpprimaryextentsize
  100
- Sftpsecondaryextentsize
  101
- Sftpupshiftguardianfilenames
  101
- Socketkeepalive
  102
- Socketrcvbuf
  102
- Socketsndbuf
  103
- Socktcpminrxmt
  103
- Socktcpmaxrxmt
  103
- Socktcprxmtcnt
  104
- Socktcptotrxmtval
  104
- Sshautokexbytes
  105
- Sshautokextime
  105
- Sshctl
  106
- Sshctlaudit
  107
- Sshkeepalivetime
  107
- Storedpasswordsonly
  107
- Stricthostkeychecking
  108
- Subnet
  108
- Suppresscommentinsshversion
  109
- Tcpiphostfile
  109
- Tcpipnodefile
  110
- Tcpipresolvername
  110
- Usetemplatesystemuser
  111
  - Enabling Full TTY Access
    112
  - Enabling 6530 Terminal Access
    112
    
    Configuring an Alternate Command Interpreter
    112
    
    Configuring a Service Menu
    113
    
    Configuring an STN Service or Window
    113
    
    Forcing TACL Access Via Server-Side Configuration
    114
    
    Using TELSERV as Service Provider
    114
  - Granting Access Without SSH Authentication
    115
    
    Configuration of the GSSAPI Interface Process
    116
    
    Enabling GSSAPI Authentication for a User Account
    116
    
    Overview
    116
    
    Prerequisites
    116
    
    Single Sign-On with GSSAPI Authentication
    116
    
    Authorizing Kerberos Principals for Logon
    117
  - Restricting Incoming and Outgoing Connections
    118
    
    Rejecting Gateway Ports
    118
    
    Restricting External Access to SSH2 Process
    118
    
    Restricting Internal Access to Remote SSH2 Hosts
    118
    
    Restricting Local Ports Used for Port Forwarding
    119
    
    Restricting Remote Hosts/Ports for Port Forwarding
    119
    
    Restricting Access to Forwarding Tunnels
    119
  - Load Balancing
    119
    
    Load-Balancing Outbound SSH Sessions
    119
    
    Load-Balancing Inbound SSH Sessions
    120
  - Fault Tolerance
    120
    
    Configuring SSH2 as a Nonstop Process Pair
    120
    
    Configuring SSH2 as a Generic Process
    121
    
    Choosing a Persistence Mechanism
    121
  - Processing of Defines
    122
  - Setting of Environment Variables
    122
    
    Ipv6 Address Formats
    123
    
    Tcp/Ipv6 Configuration
    123
    
    Usage of Ipv6 Addresses
    124
  - Tcp/Ipv6 Migration and Backout
    125
    
    Start Using Tcp/Ipv6
    125
    
    Reverting Back to Pre-Ipv6 SSH2 Release
    125
The SSH User Database

127
- Overview of SSH Operation Modes
  127
- Database for Daemon Mode
  128
- Database for Client Mode
  130
- Creating and Accessing the Database
  131
- Exporting the Database
  131
- SSHCOM Overview
  133
SSHCOM Command Reference

133
- Standard Nonstop Commands and Features
  134
- Startup Values for the MODE and ASSUME USER Commands
  135
- Security Within SSHCOM
  135
- Ownership and Management of Client Mode Entities
  137
- Miscellaneous Commands in SSHCOM
  139
  - Mode
    139
  - Info Ssh2
    140
  - Clear Logcache
    142
  - Flush Logcache
    142
  - Info Define
    142
  - PROMPT "<Text
    143
  - Resolve Host-Name
    143
  - Rollover Auditfile
    143
  - Rollover Logfile
    144
  - Export Sshctl
    144
  - Info Host-Key
    145
  - Export Host-Key
    145
  - Add User
    146
- Daemon Mode Commands - Overview
  146
- Daemon Mode Commands Operating on the USER Entity
  146
  - Alter User
    153
  - Delete User
    159
  - Freeze User
    160
  - Info User
    160
  - Rename User
    162
  - Thaw User
    162
  - Add Restriction-Profile
    162
- Daemon Mode Commands Operating on the RESTRICTION-PROFILE Entity
  162
  - Alter Restricton-Profile
    164
  - Delete Restriction-Profile
    166
  - Info Restriction-Profile
    166
  - Rename Restriction-Profile
    166
- Client Mode Commands - Overview
  167
  - Assume User
    168
  - Info System-User
    168
  - Alter Key
    169
- Client Mode Commands Operating on the KEY Entity
  169
  - Delete Key
    170
  - Export Key
    170
  - Freeze Key
    171
  - Generate Key
    171
  - Import Key
    172
  - Info Key
    173
  - Rename Key
    175
  - Thaw Key
    176
  - Add Password
    176
- Client Mode Commands Operating on the PASSWORD Entity
  176
  - Alter Password
    177
  - Delete Password
    177
  - Freeze Password
    178
  - Info Password
    178
  - Rename Password
    179
  - Thaw Password
    180
  - Add Knownhost
    180
- Client Mode Commands Operating on the KNOWNHOST Entity
  180
  - Alter Knownhost
    181
  - Delete Knownhost
    181
  - Freeze Knownhost
    182
  - Info Knownhost
    182
  - Rename Knownhost
    184
  - Thaw Knownhost
    184
- Status Commands
  185
  - Status Ssh2
    185
  - Status Session
    185
  - Status Channel
    187
  - Status Opener
    187
- Statistics Related Commands
  189
  - Statistics Session
    189
  - Disable Statistics
    189
  - Enable Statistics
    189
  - Reset Statistics
    189
  - Status Statistics
    190
  - Abort Session Command
    190
SSH and SFTP Client Reference

191
- Introduction
  191
- Starting the Guardian Client Programs
  191
- Starting the OSS Client Programs
  192
- Inquiring User Name if Not Supplied
  194
- Configuring the SSH2 Process to Use
  194
- Suppressing the Banner Printed by Clients
  195
- Automating the SFTP/SSH Clients
  195
- FILE I/O Parameters for SFTP/SFTPOSS
  195
- SSH Client Command Reference
  196
- SFTP Client Command Reference
  203
  - Command-Line Reference
    203
  - SFTP Commands
    206
  - Transfer Progress Meter
    208
  - Controlling Transfer Summary
    208
  - Specifying File Names on the Nonstop System
    209
  - Extended Syntax (New Guardian Files)
    209
  - Transfer Modes for Structured Guardian Files
    210
  - Transferring ASCII Files
    211
  - Fix Command and Command History
    211
  - History Mode
    212
  - Creation of Format 2 Guardian Files
    213
SSH Protocol Reference

215
- Implementation Overview
  215
  - Supported Versions
    215
  - Cipher Suites
    215
  - Implementation of the SSH Protocol
    215
- Authentication Using User Names and Passwords
  216
- Public Key Authentication
  216
STN Reference

219
- Introduction
  219
- Running STN as Pseudo TTY Server for SSH2
  219
  - Starting STN from TACL
    219
- Running STN as Persistent Process
  221
  - Stncom
    222
  - Comments
    223
  - Abend
    223
  - Abort Service
    223
  - Abort Session
    223
- STNCOM Commands
  223
  - Abort Window
    224
  - Add Iprange
    224
  - Add Script
    224
  - Add Service
    225
  - Add Window
    231
  - AUDITCOLL off | <Ems-Collector
    232
  - AUDITMSG <Text
    233
  - Auto_Add_Win Dynamic | Static | off
    233
  - AUTODEL_WAIT <Seconds
    233
  - BACKUP[CPU] <Cpu> | NONE | BUDDY | any
    234
  - BANNER_TIMEOUT <Minutes
    234
  - BLAST <Message
    235
  - Break_On_Discon Y|N
    235
  - Buffer_Size
    235
  - Choice_Prompt y | N
    235
  - CHOICE_TEXT <Text
    235
  - Conn_Clr_Ssh y | N
    235
  - DELETE IPRANGE <Iprange-Name
    235
  - DELETE SCRIPT <Script-Name
    235
  - DELETE SERVICE <Service-Name
    236
  - DELETE WIN[DOW] <Window-Name
    236
  - DEV_SUBTYPE B05COMP | WINDOW | <Nn
    236
  - DYNAMIC_PRI <Nnn
    236
  - DYN_CPU (Cpu,Cpu)
    236
  - DYN_WIN_MAX <Nnn
    236
  - Exit
    237
  - FESESSDOWN <Error-Code
    237
  - FRAGSIZE <N
    237
  - Gwn [Alloc]
    237
  - Help
    238
  - IDLE_WARNING <N
    238
  - Info All
    238
  - INFO IPRANGE <Iprange-Name
    238
  - Info Process
    238
  - INFO SCRIPT <Script-Name
    239
  - INFO SER[VICE] <Service-Name
    239
  - Info Stn
    240
  - INFO WIN[DOW] <Window-Name
    240
  - INPUT_TIMEOUT <Minutes
    241
  - Kill_Dynamic Y|N
    242
  - LICENSE <Location
    242
  - Listopens
    242
  - MAX_OPENERS <N
    242
  - MAX_OUTQ <N
    243
  - Nbot Y|N
    243
  - NBOT_TIMEOUT <Seconds
    243
  - NEGOT_TIMEOUT <Seconds
    243
  - OBEY <Edit-File-Name
    243
  - OPEN <STN-Process-Name
    243
  - OPENER_WAIT <Seconds
    243
  - Output_Reset y | N
    244
  - Pause
    244
  - Pool
    244
  - PROMPT "<Text
    244
  - PTY_REPLY_LEN <N
    245
  - REPLY_DELAY_MAX <Seconds
    245
  - RESET SERVICE <Service-Name
    245
  - RSCMGR_DEPTH <N
    245
  - SAVECFG <Filename
    245
  - SECURITY [<Letter>]
    246
  - Shutdown
    246
  - SSH_DEFAULT_SVC <Service-Name> | *NONE
    246
  - START SERVICE <Service-Name
    246
  - START WINDOW <#Window-Name
    246
    
    STATUS SERVICE [ <Service-Name> | * ]
    246
    
    STATUS SESSION [ <Session-Name> | * ]
    247
    
    STATUS WINDOW [ <#Window-Name> | * ]
    248
  - Stix [Reset]
    248
  - STNCOM_PROMPT "<Text
    248
  - STNLOG <Text
    250
  - STOP SERVICE <Service-Name
    250
  - STOP SESSION <Session-Name
    250
  - STOP WINDOW <#Window-Name
    250
  - Time
    250
  - Trace
    250
  - Version
    251
  - Welcome_Seq before | after | both
    251
  - WELCOME <Filename> | off | LIST
    251
  - Win_Avail_Always y | N
    252
  - Win_Avail_C11 y | N
    252
  - Wsinfo None | Query | Required | Match
    252
  - Winscript_First y | N
    252
- Session and Window Naming
  253
  - GWN Related STNCOM Commands
    254
  - GWN Related EMS Events
    255
- Client Messages at the Remote Workstation
  269
- STN Application I/O Handling
  276
Monitoring and Auditing

279
- Content of Log Messages
  279
- Introduction
  279
- Log Level
  280
- Destinations for Log Messages
  281
- Customizing the Log Format
  282
- Content of Audit Messages
  282
- Destinations for Audit Messages
  283
- Customizing the Audit Format
  283
- Audit Reports
  283
- List of Audit Messages
  283
- Log File/Audit File Rollover
  293
- Viewing File Contents from Guardian with SHOWLOG
  294
- Viewing File Contents from OSS
  297
Performance Considerations

299
- Introduction
  299
- Performance Analysis of SFTP Traffic
  300
  - SFTPSERV Performance of Ls Command with Wildcards
    300
  - Performance When Running as SSH Client
    301
- Performance Analysis of SSH Session Establishment
  300
  - Performance Running as SSH Daemon
    300
- Summary
  301
Troubleshooting

303
- Information Needed by Support
  303
- Introduction
  303
- General SSH2 Error Messages
  304
- Session Related SSH2 Errors
  305
  - Session Related Error Messages of SSH2 Daemon
    305
  - Session Related Messages of SSH2 in Client Mode
    309
- Client Error Messages
  312
Appendix

315
- Event Summary
  315
  - Event Category ERROR
    315
  - Event Category WARNING
    319
  - Event Category INFO
    330
- Copyright Statements
  338
  - Openssl Copyright Statement
    338
  - Openssh Copyright Statement
    340

Advertisement

Advertisement

Related Products

HP Categories

Desktop

Laptop

Monitor

Switch

More HP Manuals