Sshctl - HP NonStop SSH 544701-014 Reference Manual

SSHAUTOKEXBYTES

SSHCTL

Use this parameter to specify the filename of the user database file.
Parameter Syntax
SSHCTL filename
Arguments
filename
Specifies the name of the user database file.
Considerations
•
The user data base stores information about remote users accessing the NonStop system. The user database is
stored in a single ENSCRIBE file and maintained through the SSHCOM command interpreter. For more details
of the user database, please see the "The SSH User Database" chapter.
•
In order to prevent unauthorized access, the user database is stored in a proprietary format and encrypted. The
database file is secured as "----".
•
The customer name configured via parameter CUSTOMER or, if that does not exist, the customer name held
within the license file for the SSH2 program is used as an input for host-based key encryption. When you plan
to duplicate the host key and user database onto other NonStop systems (such as a disaster recovery system),
you need to make sure the parameter CUSTOMER or the license file of that other system has the same customer
name in it. Otherwise, the host key file and user data base cannot be used on the other system. If you purge the
HOSTKEY and SSHCTL files and restart the SSH2 process, a new HOSTKEY and SSHCTL file will be
created using either the value of parameter CUSTOMER or, if that does not exist, the customer name from the
license file.
Although a license file is no longer required for NonStop SSH on H and J operating systems, any existing
HOSTKEY and SSHCTL file requires the customer name that was used to create the file. If a license file exists,
the customer name will be extracted from that file (entry SSH2.customer), unless parameter CUSTOMER is set
in which case the value of CUSTOMER is used. If a license file does not exist and an existing HOSTKEY or
SSHCTL file is accessed, the parameter CUSTOMER must be set to the original value for the customer name.
•
Multiple instances of the SSH2 object can share the same user database or use different user databases.
•
If the SSHCTL parameter points to a non-existing file, a new and empty user database will be created on
startup.
•
The user database can be created as an audited file, allowing automatic replication of changes to another system,
as well as roll-back of changes through TMF. See the "SSHCTLAUDIT" section for details.
•
If multiple SSH2 processes started from the same subvolume but used for different purposes, then not only
separate SSH database files (configured via SSHCTL) but separate host key files (configured via HOSTKEY)
should be configured. Example: SSH for maintenance and public network.
Default
If omitted, SSH2 will use a file name of SSHCTL.
Example
SSHCTL $SYSTEM.SSH2.USERDB1
See also:
•
CUSTOMER
106 • Configuring and Running SSH2
HP NonStop SSH Reference Manual