1. Manuals
  2. Brands
  3. HP Manuals
  4. Software
  5. NonStop SSH 544701-014
  6. Reference manual

Alter Restricton-Profile - HP NonStop SSH 544701-014 Reference Manual

Hide thumbs
Table of Contents

Advertisement

The PERMIT-LISTEN attribute restricts a user's ability to do port forwarding. Only the configured ports are allowed for
listening on the host opening the forwarding tunnel.
The configuration requires the specification of a host and a port range, but for PERMIT-LISTEN the "host" must either
be 0.0.0.0 (indicating gateway ports to follow after the ':') or 127.0.0.1 (indicating non-gateway ports to follow).
PERMIT-OPEN
The PERMIT-OPEN attribute restricts a user's ability to do port forwarding.
Only the configured host/port combinations are allowed for <targethost> and <targetport> when port forwarding is
specified, such as in the following example:
ssh -L <localport>:<targethost>:<targetport> <user>@<host>
ssh -R <remoteport>:<targethost>:<targetport> <user>@<host>
The PERMIT-OPEN attribute corresponds to the OpenSSH parameter permitopen=.
If localhost or 127.0.0.1 is specified as <targethost>, then the specified <host> is used for restriction checking.
The PERMIT-OPEN restrictions are applied whenever the user tries to establish a local port forwarding channel via
SSH2 using the SSH and SSHOSS clients.
For more information regarding format and examples of the attribute value please see the CONNECT-TO attribute
section. The format of values for PERMIT-OPEN and CONNECT-TO is the same. The values are just interpreted
differently.

ALTER RESTRICTON-PROFILE

The ALTER RESTRICTON-PROFILE command changes one or more attributes of an existing restriction profile and
has the following syntax:
ALTER RESTRICTON-PROFILE <profile-name>
[,COMMENT <comment> | "<comment containing spaces>" ]
[,CONNECT-FROM <host-pattern> | ( <host-pattern>, <host-pattern, ... ) ]
[,CONNECT-TO <host-ports> | ( <host-ports>, <host-ports>, ... ) ]
[,PERMIT-LISTEN <host-ports> | ( <host-ports>, <host-ports>, ... ) ]
[,PERMIT-OPEN <host-ports> | ( <host-ports>, <host-ports>, ... ) ]
[,FORWARD-FROM <host-pattern> | ( <host-pattern>, <host-pattern, ... ) ]
The <profile-name> is mandatory in the command, and no wild cards are allowed in the profile name. At least one
attribute needs to be specified in the command.
The individual attributes have the following meaning and syntax:
<profile-name>
The name of the restriction profile to be altered.
<comment>
A comment describing the restriction profile. If the comment contains spaces, it must be enclosed in double quotes.
<host-pattern>
One or more patterns used to match addresses or names of hosts. Wildcard characters '*' (any number of characters) and
'?' (one character) are allowed. The '~' is supported for expressing negation.
<host-ports>
Specifies a pair of host addresses or names and port ranges, separated by a colon. A port range can be either one port,
one port range or a list of port ranges separated by '+' and enclosed in brackets.
COMMENT
164 • SSHCOM Command Reference
HP NonStop SSH Reference Manual
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for HP NonStop SSH 544701-014

Related Content for HP NonStop SSH 544701-014

Table of Contents