Page 1 HP NonStop SSH Reference Manual HP Part Number: 544701-014 Published: February 2013 Edition: HP NonStop SSH 4.1 G06.21 and subsequent G-series RVUs H06.07 and subsequent H-series RVUs J06.03 and subsequent J-series RVUs Hewlett-Packard Company 3000 Hanover Street Palo Alto, CA 94304-1185 ©...
Page 2 Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor’s standard commercial license. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services.
Page 3: Table Of Contents
Secure Shell Access from NonStop to Remote Systems ........... 39 Encrypted File Transfer ..................... 41 Using Public Keys to Authenticate Remote Users ............ 43 Using Public Keys to Logon to Remote Systems ............44 Configuring and Running SSH2 Contents • iii HP NonStop SSH Reference Manual...
Page 4 INTERVALLIVEPPUBLICUSERKEY ..............75 INTERVALPENDINGPRIVATEUSERKEY............76 INTERVALPENDINGPUBLICUSERKEY ............. 76 IPMODE ........................77 LICENSE ........................78 LIFECYCLEPOLICYPRIVATEUSERKEY ............78 LIFECYCLEPOLICYPUBLICUSERKEY ............... 79 LOGCACHEDUMPONABORT ................80 LOGCACHESIZE ..................... 80 LOGCONSOLE ......................81 LOGEMS ........................81 iv • Contents HP NonStop SSH Reference Manual...
Page 5 SSHCTL ........................106 SSHCTLAUDIT ...................... 107 SSHKEEPALIVETIME ..................107 STOREDPASSWORDSONLY ................107 STRICTHOSTKEYCHECKING ................108 SUBNET ......................... 108 SUPPRESSCOMMENTINSSHVERSION ............. 109 TCPIPHOSTFILE ....................109 TCPIPNODEFILE ....................110 TCPIPRESOLVERNAME ..................110 USETEMPLATESYSTEMUSER ................111 Contents • v HP NonStop SSH Reference Manual...
Page 6 Startup Values for the MODE and ASSUME USER Commands ......135 Security within SSHCOM ..................135 Ownership and Management of Client Mode Entities ..........137 Miscellaneous commands in SSHCOM ................. 139 MODE ........................139 SET .......................... 139 vi • Contents HP NonStop SSH Reference Manual...
Page 7 ADD KNOWNHOST ....................180 ALTER KNOWNHOST ..................181 DELETE KNOWNHOST ..................181 FREEZE KNOWNHOST ..................182 INFO KNOWNHOST ..................... 182 RENAME KNOWNHOST ..................184 THAW KNOWNHOST ..................184 Status Commands ........................185 Contents • vii HP NonStop SSH Reference Manual...
Page 8 Introduction to Public Key Authentication, Terminology ........216 Public Key Authentication and SSH ............... 216 Assuring Host Authenticity ..................217 Client logon ......................217 STN Reference Introduction ........................... 219 Running STN as Pseudo TTY Server for SSH2 ..............219 viii • Contents HP NonStop SSH Reference Manual...
Page 9 INFO WIN[DOW] | * ..............240 INPUT_TIMEOUT ................241 KILL_DYNAMIC Y|N ................... 242 LICENSE ....................242 LISTOPENS ......................242 MAX_OPENERS .................... 242 MAX_OUTQ ....................243 NBOT Y|N ......................243 NBOT_TIMEOUT ................243 Contents • ix HP NonStop SSH Reference Manual...
Page 10 Customizing the Log Format ................... 282 Audit Messages ........................282 Content of Audit Messages ..................282 Destinations for Audit Messages ................283 Customizing the Audit Format ................283 Audit Reports ......................283 x • Contents HP NonStop SSH Reference Manual...
Page 11 Event Summary ........................315 Event Category ERROR ..................315 Event Category WARNING ..................319 Event Category INFO ....................330 Copyright Statements ......................338 OpenSSL Copyright Statement ................338 OpenSSH Copyright Statement ................340 Contents • xi HP NonStop SSH Reference Manual...
Page 12 • Contents HP NonStop SSH Reference Manual...
Page 13: Preface
Who Should Read This Guide This document is for system administrators who are responsible for installing, configuring and maintaining SSH2 components, including those delivered with the HP NonStop SSH product (T0801), and those that come with comForte's SecurSH or SecurFTP/SSH product.
Page 14 NonStop using remote ssh/sftp/scp clients: • HP NonStop documentation “Guardian User’s Guide” • HP NonStop documentation “Open System Services Shell and Utilities Reference Manual”, if using OSS • HP NonStop documentation “HP NonStop TACL Reference Manual” • HP NonStop documentation “File Utility Program (FUP) Reference Manual”...
Page 15: Document History
Added description for new parameters PARTIALSSHCOMACCESSGROUP and PARTIALSSHCOMACCESSUSER. • Added description for new SFTP[OSS] commands append and lappend. • Added description for new support for creation of format 2 files in an SFTP session. Preface • 15 HP NonStop SSH Reference Manual...
Page 16 DYN_CPU (global cpu/cpu-range specification for dynamic service processes). • NBOT_TIMEOUT Version 3.8a Describes changes in SSH2 release 90a. Documentation modified for the following enhancement: • Alphabetically sorted help items displayed within SFTP and SFTPOSS when 'help' command entered. 16 • Preface HP NonStop SSH Reference Manual...
Page 17 Added section about modified behavior if an OBJECTTYPE USER record exists in Safeguard. • Added section listing all audit messages. • Added section for SSHCOM client mode commands RENAME KNOWNHOST and RENAME PASSWORD Preface • 17 HP NonStop SSH Reference Manual...
Page 18 • Description of newly supported SFTP transfer modes. • Added description for new parameter SFTPEXCLUSIONMODEREAD. Version 3.5 Describes changes in SSH2 release 87. Documentation for the following new features has been added: 18 • Preface HP NonStop SSH Reference Manual...
Page 19 The section "Single Sign-on with GSSAPI Authentication" has been added to the chapter "Configuring and Running SSH2" Version 3.2 Describes changes in SSH2 release 0085. Documentation for the following new features has been added: • New SSH2 parameter RECORDDELIMITER Preface • 19 HP NonStop SSH Reference Manual...
Page 20 INPUT_TIMEOUT, IDLE_WARNING, OUTPUT_RESET, BLAST, BUFFER_SIZE, and ADD SCRIPT, and ADD SERVICE parameters RESILIENT, LIMIT, HOME, USER, LOGON, DEBUGOPT, LOGAUDIT, and SCRIPT. • New SSHCOM commands SET AUDITFILE • New parameter after *MENU* property of USER attribute CI-PROGRAM 20 • Preface HP NonStop SSH Reference Manual...
Page 21 • Changes reflecting support of keyboard-interactive authentication in SSH2 DAEMON run mode. The documentation now reflects that HP NonStop SSH is also delivered as an independent product for G-Series. Version 2.4 The documentation now reflects that SSH2 is also delivered with the HP NonStop H-series release version updates (RVU) for HP Integrity NonStop servers (beginning with H06.11), under the product name HP NonStop SSH.
Page 22 The new property SFTP-GUARDIAN-FILESET has been added to the USER property of the daemon mode database (see chapter "SSHCOM Reference"). • New commands FREEZE KEY, THAW KEY and EXPORT SSHCTL have been added to SSHCOM (see chapter "SSHCOM Reference"). 22 • Preface HP NonStop SSH Reference Manual...
Page 23 USERBASE and USERBASEAUDIT parameters have been renamed to SSHTCL and SSHCTLAUDIT • INFO USER command in SSHCOM now supports brief and DETAILED version of the command Version 1.0 This is the first version of this documentation. Preface • 23 HP NonStop SSH Reference Manual...
Page 24 24 • Preface HP NonStop SSH Reference Manual...
Page 25: Introduction
Kernel for H Series and J Series NonStop platforms. For G Series releases, HP NonStop SSH continues to be available from HP as an RVU for which a license is required to obtain full functionality. For details on licensing and availability, please contact your HP Sales representative.
Page 26: Central Key Store
When used with a Kerberos software package on the NonStop server, this enables integration with Microsoft Active Directory and other Kerberos-based single sign-on solutions. Note: HP does not offer a Kerberos product today, it must be purchased separately from a NonStop partner. TCP/IPv6 Starting with version 0092 SSH2 supports IPv6 specified in RFC 2460 (Internet Protocol, Version 6).
Page 27: Components Of The Ssh2 Software Package
• The SCPOSS component is the scp server implementation. It is started on request of a remote scp client via shell command. The scp client on Guardian/OSS has not been added yet. Introduction • 27 HP NonStop SSH Reference Manual...
Page 28: Architecture Overview
The SSHCOM component is used to maintain the user database, allowing administrators to configure remote user's public keys and control access rights to server functionality and the file system for file transfer. 28 • Introduction HP NonStop SSH Reference Manual...
Page 29: Ssh2 Running As Ssh Client
SSH server or vice versa. The SSHCOM component is used to maintain the key store containing the local system user's key pairs, remote passwords and remote SSH host's public keys. Introduction • 29 HP NonStop SSH Reference Manual...
Page 30 30 • Introduction HP NonStop SSH Reference Manual...
Page 31: Installation & Quick Start
Acquiring the Product Archives The HP NonStop SSH product is delivered with the H-series Release Version Update (RVU) H06.11 and later, or the J- series RVU J06.03 and later. A license file is no longer required for H06.21 and later, or J06.10 and later. These releases correspond to SPR T0801AAQ and later.
Page 32: Installation On The Nonstop Server
Installation on the NonStop Server Note(s): • For SSH2 as part of HP NonStop SSH, the installation procedures are different and the steps outlined in sections "Installing the SSH Components on the NonStop System" and "Quick-starting the SSH2 System" should be skipped.
Page 33: Unlocking The Product With A License File
If the license file is valid you will see the expiration date in a log message during startup. Note: For HP NonStop SSH on S-Series or if you did not purchase NonStop SSH with the NonStop Operating System Kernel for H Series and J Series, the default SSH installation restricts the use of the product to the MR-Win6530 terminal emulator client running on a NonStop System Console, and also restricts the use of the product to certain HP tools, such as HP Systems Insight Manager.
Page 34: Ssh2 License And Version Information
These objects are expected to reside in subvolume $SYSTEM.ZSSH after the standard HP installation process. The retrieved vprocs are then used to execute a consistency check: A warning will be issued if an object exists in both locations $SYSTEM.ZSSH and $SYSTEM.SYSnn and the vproc information differs.
Page 35: Where Configuration Data Is Stored
SFTPAPI is a separately licensed module offering a programmatic interface to SFTP similar to FTPAPI for FTP. In June, 2011, HP started to offer the SFTPAPI product which requires a special license. It enables users to easily convert existing FTP scripts/programs to switch over to SFTP. The minimum SPR supporting this feature is T0801^AAQ for H/J series, and T0801^AAT for G-series.
Page 36: Quick-Starting The Ssh2 System
The parameter "ALLOWTCPFORWARDING" controls whether port forwarding is generally allowed. • The parameter "STRICTHOSTKEYCHECKING" controls whether client access to remote systems is limited to hosts with their public key explicitly configured as a KNOWNHOST entity in the SSHCTL. 36 • Installation & Quick Start HP NonStop SSH Reference Manual...
Page 37 <*> [def ] LOGEMSKEEPCOLLECTOROPENED [def ] LOGFILE <*> [def ] LOGFILERETENTION <10> [def ] LOGFORMATCONSOLE <93> [def ] LOGFORMATEMS <16> [def ] LOGFORMATFILE <93> [def ] LOGLEVELCACHE <50> Installation & Quick Start • 37 HP NonStop SSH Reference Manual...
Page 38: Secure Shell Access To The Nonstop Server
$SSH55|26Mar12 21:01:55.39|30|Host key MD5 fingerprint: 87:33:4c:98:3e:a4: Secure Shell Access to the NonStop Server Note: This functionality is not enabled if you purchased a license restricted to file transfer ("HP NonStop SSH – SecureFTP" or "comForte SecurFTP/SSH"). SSH2 allows remote SSH clients to establish fully functional OSS shell sessions. SSH2 will also support the allocation of pseudo terminals (PTYs), which allow the remote users to execute full screen applications, such as vi or Emacs.
Page 39: Secure Shell Access From Nonstop To Remote Systems
SSH is the Guardian version of the SSH client. It allows you to create remote shells and execute remote commands and it supports port forwarding channels. Note: SSH and SSHOSS will connect to a remote SSH daemon via a SSH2 process, which handles the SSH protocol layer. Installation & Quick Start • 39 HP NonStop SSH Reference Manual...
Page 40 TELNET Client - T9558H01 - (10MAY07) - (IPMAAG) Copyright Tandem Computers Incorporated 2004 Trying...Connected to 127.0.0.1. Escape character is '^]'. Welcome to SuSE Linux 8.2 (i586) - Kernel 2.4.20-4GB (0). np-dev login: 40 • Installation & Quick Start HP NonStop SSH Reference Manual...
Page 41: Encrypted File Transfer
Installation & Quick Start • 41 HP NonStop SSH Reference Manual...
Page 42 230 User m.horst logged in. ftp> dir 200 PORT command successful. 150 Opening BINARY mode data connection for '/bin/ls'. total 2062 -rw-r--r-- 1 m.horst users 6340 Jun 19 2003 .Xdefaults 42 • Installation & Quick Start HP NonStop SSH Reference Manual...
Page 43: Using Public Keys To Authenticate Remote Users
>ssh-keygen -t dsa -C "[email protected]" Generating public/private dsa key pair. Enter file in which to save the key (/home/m.horst/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Installation & Quick Start • 43 HP NonStop SSH Reference Manual...
Page 44: Using Public Keys To Logon To Remote Systems
OK, key comf.tb:test1 successfully generated Now the key has been generated and stored in the database. The next step will export that key and configure it on the remote system. 44 • Installation & Quick Start HP NonStop SSH Reference Manual...
Page 45 After this step you can now retry the step "To connect with a remote SSH client". You will not be prompted for the remote user's password. Instead, SSH2 will use the key pair configured for your NonStop user ID. Installation & Quick Start • 45 HP NonStop SSH Reference Manual...
Page 46 46 • Installation & Quick Start HP NonStop SSH Reference Manual...
Page 47: Configuring And Running Ssh2
The configuration file to be used as a parameter source can only be specified as a PARAM or startup line parameter, not in a configuration file. It is important to note that parameter names are case insensitive, regardless of the manner in which way they are specified. Configuring and Running SSH2 • 47 HP NonStop SSH Reference Manual...
Page 48: The Configuration File
The following example demonstrates how to use a PARAM command to start an SSH2 server listening on $ZTC03, port > PARAM PORT 22 > PARAM SUBNET $ZTC03 > RUN SSH2/ NAME $SSH02 / SERVER 48 • Configuring and Running SSH2 HP NonStop SSH Reference Manual...
Page 49: Startup Line Parameters
Note: When you start SSH2 in NOWAIT mode, make sure you have disabled logging to the home terminal. To do so, set the following PARAM: PARAM LOGCONSOLE * Configuring and Running SSH2 • 49 HP NonStop SSH Reference Manual...
Page 50: Ssh2 Parameter Reference
Specifies the default value for USER attribute CPU-SET. CUSTOMER Allows setting the customer name or overwriting the customer name in the license file. DISCONNECTIFUSERUNKNOWN Controls the handling of unknown user names in incoming connections. 50 • Configuring and Running SSH2 HP NonStop SSH Reference Manual...
Page 51 Sets the filter key to enable round-robin filtering. PTCPIPFILTERTCPPORTS Same effect as DEFINE =PTCPIP^FILTER^TCP^PORTS PTYSERVER Specifies the name of an STN process that functions as a pseudo terminal (PTY) Configuring and Running SSH2 • 51 HP NonStop SSH Reference Manual...
Page 52 Controls if SSH2 version is suppressed in the comment part of the ssh protocol version string exchanged between ssh client and ssh server TCPIPHOSTFILE Same effect as DEFINE =TCPIP^HOST^FILE. TCPIPNODEFILE Same effect as DEFINE =TCPIP^NODE^FILE. 52 • Configuring and Running SSH2 HP NonStop SSH Reference Manual...
Page 53: Allowedauthentications
This parameter can be used to globally restrict the SSH user settings to those subsystems listed in the value for ALLOWEDSUBSYSTEMS, which is a comma separated list of subsystem names. If a subsystem is not mentioned in Configuring and Running SSH2 • 53 HP NonStop SSH Reference Manual...
Page 54: Allowfrozensystemuser
FROZEN. Default If omitted, ALLOWFROZENSYSTEMUSER will be set to FALSE. This is a change compared to releases prior to 0089 as frozen users were allowed before version 0089. Considerations 54 • Configuring and Running SSH2 HP NonStop SSH Reference Manual...
Page 55: Allowinfossh2
FALSE: Any stored PASSWORD will be ignored and users will not be prompted to interactively store passwords. Default Configuring and Running SSH2 • 55 HP NonStop SSH Reference Manual...
Page 56: Allowtcpforwarding
AUDITCONSOLE * | % | $0 | auditdevice Arguments Signifies that no audit messages are written to a console. Means that audit messages are written to the home terminal of the SSH2 process. 56 • Configuring and Running SSH2 HP NonStop SSH Reference Manual...
Page 57: Auditems
If the EMS collector specified cannot be opened during startup, SSH2 will write to the collector $0. • If the EMS collector cannot be opened after it has been changed through SSHCOM, the original collector will stay active. See also: AUDITFORMATEMS Configuring and Running SSH2 • 57 HP NonStop SSH Reference Manual...
Page 58: Auditfile
The file security set for the current audit file (e.g. via FUP SECURE command) will be used for subsequently created audit files. The very first audit file will have the default file security of user SUPER.SUPER. See also: AUDITMAXFILELENGTH, AUDITFILE 58 • Configuring and Running SSH2 HP NonStop SSH Reference Manual...
Page 59: Auditformat
A number is used to represent a bit mask that controls the format. Following are the values and their corresponding format: Bit 1 (decimal 1) Date Bit 2 (decimal 2) Header (log messages a pre-fixed with "[log]") Configuring and Running SSH2 • 59 HP NonStop SSH Reference Manual...
Page 60: Auditformatems
"Audit Messages" in the chapter entitled "Monitoring and Auditing" AUDITFORMATFILE Use this parameter to control the format of the audit messages that are written to the log file. Parameter Syntax AUDITFORMATFILE format Arguments format 60 • Configuring and Running SSH2 HP NonStop SSH Reference Manual...
Page 61: Auditmaxfilelength
Use this parameter to control whether remote users can log on via SSH using a Guardian user ID or alias, without configuring them explicitly via SSHCOM in the SSHCTL. Configuring and Running SSH2 • 61 HP NonStop SSH Reference Manual...
Page 62: Autoaddsystemuserslike
The name of a user. The user must exist in the SSHCTL at the time a new user tries to logon and AUTOADDSYSTEMUSERS has a value of TRUE. 62 • Configuring and Running SSH2 HP NonStop SSH Reference Manual...
Page 63: Backupcpu
BACKUPCPU ANY BANNER Use this parameter to configure an authentication banner message to be displayed to SSH clients connecting to the SSH2 daemon. Parameter Syntax BANNER * | filename Arguments Configuring and Running SSH2 • 63 HP NonStop SSH Reference Manual...
Page 64: Ciphers
For details about the ciphers listed above, please refer to standard SSH documentation, such as the manual for the RFCs available. Default If omitted, SSH2 will accept all ciphers mentioned above. Example CIPHERS 3des-cbc This will enforce the use of only 3DES-encryption. 64 • Configuring and Running SSH2 HP NonStop SSH Reference Manual...
Page 65: Clientallowedauthentications
The following arguments can be used to specify whether compression of the SSH session will be supported: TRUE: allows compressed sessions. FALSE: denies compressed sessions. Default If omitted, SSH2 will allow compressed sessions. Example COMPRESSION FALSE Configuring and Running SSH2 • 65 HP NonStop SSH Reference Manual...
Page 66: Config
Parameters specified in the configuration file can be overwritten by PARAM or startup line settings. CPUSET This parameter allows configuring the default set of CPUs the SSH2 process starts non-SFTPSERV user processes in. Parameter Syntax CPUSET cpu-set 66 • Configuring and Running SSH2 HP NonStop SSH Reference Manual...
Page 67: Customer
CUSTOMER is used. If a license file does not exist and an existing HOSTKEY or SSHCTL file is accessed, the parameter CUSTOMER must be set to the original value for the customer name. Configuring and Running SSH2 • 67 HP NonStop SSH Reference Manual...
Page 68: Disconnectifuserunknown
Statistics will be gathered immediately after the SSH2 process has started. FALSE Gathering statistical data will be enabled only after SSHCOM command ENABLE STATISTICS was issued. Default The default for this parameter is FALSE. Example ENABLESTATISTICSATSTARTUP TRUE 68 • Configuring and Running SSH2 HP NonStop SSH Reference Manual...
Page 69: Fullsshcomaccessgroup
FULLSSHCOMACCESSUSER where is a number between 1 and 99. Parameter Syntax FULLSSHCOMACCESSUSER . Arguments . The Guardian logon name of the account that will have full SSHCOM access. Logon ids and alias names are not supported. Default Configuring and Running SSH2 • 69 HP NonStop SSH Reference Manual...

Page 70: Gssauth
Considerations • The GSSAUTH interface process is part of the Kerberos installation on your NonStop Server. See also: • GSSKEX, GSSGEXKEX, ALLOWEDAUTHENTICATIONS • Section "Single Sign-on with GSSAPI Authentication". 70 • Configuring and Running SSH2 HP NonStop SSH Reference Manual...

Page 71: Gssgexkex
By default, GSSAPI key exchange is enabled (TRUE). Considerations • GSSKEX only takes effect if GSSAPI authentication is enabled. GSSKEX is ignored if GSSAUTH is set to “*” (disabled). See also: • GSSAUTH, GSSGEXKEX, ALLOWEDAUTHENTICATIONS Configuring and Running SSH2 • 71 HP NonStop SSH Reference Manual...

Page 72: Guardianattributeseparator
NonStop systems (such as a disaster recovery system), you need to make sure the parameter CUSTOMER or the license file of that other system has the same customer 72 • Configuring and Running SSH2 HP NonStop SSH Reference Manual...

Page 73: Interface
The value must be set consistent with the value of parameter IPMODE. • If IPMODE parameter is set to DUAL, then an IPv6 address must be used (IPv4-mapped IPv6 address for IPv4 addresses) Configuring and Running SSH2 • 73 HP NonStop SSH Reference Manual...

Page 74: Interfaceout
The number of days a newly generated user private key will be in state ‘LIVE’ after leaving state ’PENDING’ and before reaching state ‘EXPIRED’. Default The default value for this parameter is 730, i.e. 2 years. 74 • Configuring and Running SSH2 HP NonStop SSH Reference Manual...

Page 75: Intervalliveppublicuserkey
Parameter value is ignored if USER PUBLICKEY attributes LIVE-DATE and EXPIRE-DATE are specified in ALTER USER PUBLICKEY commands (if a user is allowed to specify these attributes according to the key lifecycle policy). See also: LIFECYCLEPOLICYPUBLICUSERKEY, INTERVALPENDINGPUBLICUSERKEY Configuring and Running SSH2 • 75 HP NonStop SSH Reference Manual...

Page 76: Intervalpendingprivateuserkey
The default value for this parameter is 0, i.e. newly added user public keys will go into state ‘LIVE’ immediately if this parameter is not set to a different value than 0. Example 76 • Configuring and Running SSH2 HP NonStop SSH Reference Manual...

Page 77: Ipmode
IPMODE, i.e. if IPMODE is set to IPv4, then the TCP/IP process cannot be configured with FAMILY IPv6 and vice versa. • Similarly, the configuration of SSH2 parameters INTERFACE and INTERFACEOUT must be set consistently with setting of parameter IPMODE. See also: SUBNET, INTERFACE, INTERFACEOUT Configuring and Running SSH2 • 77 HP NonStop SSH Reference Manual...

Page 78: License
By not specifying these attributes in a GENERATE KEY or IMPORT KEY command, the values for LIVE-DATE and EXPIRE-DATE will be automatically set depending on the CREATION-DATE 78 • Configuring and Running SSH2 HP NonStop SSH Reference Manual...

Page 79: Lifecyclepolicypublicuserkey
Users with full SSHCOM access can set or modify USER PUBLICKEY attributes LIVE-DATE and EXPIRE- DATE even when the life-cycle policy for user public keys is set to FIXED. Configuring and Running SSH2 • 79 HP NonStop SSH Reference Manual...

Page 80: Logcachedumponabort
1048576 (1024 * 1024). Considerations • The LOGLEVELCACHE parameter controls what messages are written to the log cache. Default By default, the minimum value (1024) is used. 80 • Configuring and Running SSH2 HP NonStop SSH Reference Manual...

Page 81: Logconsole
Parameter Syntax LOGEMS collector | * Arguments Means that no log messages are written to EMS. collector Specifies the name of the collector to which log messages are written. Default Configuring and Running SSH2 • 81 HP NonStop SSH Reference Manual...

Page 82: Logemskeepcollectoropened
LOGFILE Use this parameter to define whether SSH2 log messages are written, and, if so, to which file. Parameter Syntax LOGFILE * | file Arguments 82 • Configuring and Running SSH2 HP NonStop SSH Reference Manual...

Page 83: Logfileretention
See also: LOGMAXFILELENGTH, LOGFILE LOGFORMAT Use this parameter to control the format of the log messages that are written to the console or log file. Parameter Syntax LOGFORMAT format Configuring and Running SSH2 • 83 HP NonStop SSH Reference Manual...

Page 84: Logformatconsole
A number is used to represent a bit mask that controls the format. Following are the values and their corresponding format: Bit 1 (decimal 1) Date Bit 2 (decimal 2) Header (log messages a pre-fixed with "[log]") Bit 3 (decimal 4) Time Bit 4 (decimal 8) Milliseconds 84 • Configuring and Running SSH2 HP NonStop SSH Reference Manual...

Page 85: Logformatems
The default log format is 93 (date, time, milliseconds, process ID, and log level). Example Display date, time, and milliseconds only: LOGFORMATEMS 13 Display date and time only: LOGFORMATEMS 5 See also: LOGFORMATCONSOLE, LOGFORMATFILE Configuring and Running SSH2 • 85 HP NonStop SSH Reference Manual...

Page 86: Logformatfile
The maximum number should not to be used in production environments. • The recommended level of detail is 30, indicating only startup and problem messages are written, or 50, specifying some usage messages are also written. Considerations 86 • Configuring and Running SSH2 HP NonStop SSH Reference Manual...

Page 87: Loglevelcache
LOGLEVELSIZE, LOGLEVELFILE LOGLEVELCONSOLE Use this parameter to control what messages are written to the log console. Parameter Syntax LOGLEVELCONSOLE detail Arguments detail A number specifying the detail level. Default Configuring and Running SSH2 • 87 HP NonStop SSH Reference Manual...

Page 88: Loglevelems
Different log levels can be used for the outputs to LOGCONSOLE, LOGEMS, and LOGFILE. • With the SSHCOM command interpreter, users can change parameters without having to restart SSH2. 88 • Configuring and Running SSH2 HP NonStop SSH Reference Manual...

Page 89: Logmaxfilelength
Provides an easy way to correlate between memory usage of SSH2 and events in the log output. Do not use if memory usage of SSH2 is not of interest to you. Configuring and Running SSH2 • 89 HP NonStop SSH Reference Manual...

Page 90: Macs
A Guardian group name. All members of the group will have partial SSHCOM access. Default By default, none of the parameters are set, i.e. only users with full SSHCOM access can execute privileged commands. Example 90 • Configuring and Running SSH2 HP NonStop SSH Reference Manual...

Page 91: Partialsshcomaccessuser
Default By default, none of the parameters are set, i.e. only users with full SSHCOM access can execute privileged commands. Example PARTIALSSHCOMACCESSUSER1 admin.joe PARTIALSSHCOMACCESSUSER2 admin.jim PARTIALSSHCOMACCESSUSER3 super.jane Considerations Configuring and Running SSH2 • 91 HP NonStop SSH Reference Manual...

Page 92: Port
A password that serves as a key to enable round-robin filtering of multiple instances of SSH2 servers listening on the same port. The password will override the value of the DEFINE =PTCPIP^FILTER^KEY, which may have been passed to SSH2 at startup. 92 • Configuring and Running SSH2 HP NonStop SSH Reference Manual...

Page 93: Ptcpipfiltertcpports
Specifies the name of an STN process. Default The default for this parameter is $PTY. Considerations • Please refer to the "Enabling Full TTY Access" section for details. Configuring and Running SSH2 • 93 HP NonStop SSH Reference Manual...

Page 94: Recorddelimiter
Use this parameter to define the outcome of restriction checks (related to RESTRICTION-PROFILE) in cases in which no USER record was found for the Guardian user starting an outgoing SSH connection. Parameter Syntax RESTRICTIONCHECKFAILEDDEFAULT [TRUE|FALSE] Arguments TRUE 94 • Configuring and Running SSH2 HP NonStop SSH Reference Manual...

Page 95: Safeguard-Password-Required
Use this parameter to enable the usage of a Guardian style CD command with SFTPSERV. Parameter Syntax SFTPALLOWGUARDIANCD [TRUE|FALSE] Arguments TRUE SFTP clients can use Guardian-style CD commands, such as "CD $data05.mysvol". FALSE SFTP clients can only use Unix-style CD commands. Considerations Configuring and Running SSH2 • 95 HP NonStop SSH Reference Manual...

Page 96: Sftpcpuset
Use this parameter to control file name format (Guardian or OSS) in SFTP informational messages like "Uploading ..." and "Fetching ...". Alternately, define =SFTP^DISPLAY^GUARDIAN can be set; define overrides PARAM. Parameter Syntax SFTPDISPLAYGUARDIAN [TRUE | FALSE ] Arguments TRUE Guardian file name format is used. FALSE 96 • Configuring and Running SSH2 HP NonStop SSH Reference Manual...

Page 97: Sftpeditlinemode
Use this parameter to define the decimal increment used to calculate the next Guardian edit line number when a file transfer is made to a Guardian edit file on the NonStop server. Configuring and Running SSH2 • 97 HP NonStop SSH Reference Manual...

Page 98: Sftpeditlinestartdecimalincr
This parameter controls at which line number the decimal increment defined by parameter SFTPEDITLINENUMBERDECIMALINCR starts. Parameter Syntax SFTPEDITLINESTARTDECIMALINCR Arguments The value is 1000 times the line number. Default The default value is -1, i.e. decimal increment is not used. 98 • Configuring and Running SSH2 HP NonStop SSH Reference Manual...

Page 99: Sftpexclusionmoderead
If a get command is executed by a sftp client on the NonStop server, then the parameter must be set in the environment of the sftp client (as PARAM for SFTP running in the Guardian environment or as environment variable for SFTPOSS running in the OSS environment). Default Configuring and Running SSH2 • 99 HP NonStop SSH Reference Manual...

Page 100: Sftpidletimeout
If omitted, SSH2 will use a value of 900. Example SFTPMAXEXTENTS 950 SFTPPRIMARYEXTENTSIZE Use this parameter to specify the primary extent size for files that are created on the NonStop system. 100 • Configuring and Running SSH2 HP NonStop SSH Reference Manual...

Page 101: Sftpsecondaryextentsize
NonStop server to a remote ssh server. Parameter Syntax SFTPUPSHIFTGUARDIANFILENAMES [TRUE|FALSE] Arguments [TRUE|FALSE] Specifies whether the remote target file names are upshifted when Guardian files are transferred using the "mput" command: Configuring and Running SSH2 • 101 HP NonStop SSH Reference Manual...

Page 102: Socketkeepalive
TCP/IP process is used. Considerations • Setting this parameter to a higher value can increase throughput when transferring files. Normally the value configured in the TCP/IP process is sufficiently high. Default 102 • Configuring and Running SSH2 HP NonStop SSH Reference Manual...

Page 103: Socketsndbuf
• The Cluster I/O Protocols (CIP) subsystem does not support the corresponding socket option TCP_MINRXMT, i.e. the default value must be used for parameter SOCKTCPMINRXMT if CIP is involved. See document "HP NonStop TCP/IPv6 Configuration and Management Manual" for details.

Page 104: Socktcprxmtcnt
• The Cluster I/O Protocols (CIP) subsystem does not support the corresponding socket option TCP_RXMTCNT, i.e. the default value must be used for parameter SOCKTCPRXMTCNT if CIP is involved. See document "HP NonStop TCP/IPv6 Configuration and Management Manual" for details.

Page 105: Sshautokexbytes
The Cluster I/O Protocols (CIP) subsystem does not support the corresponding socket option TCP_TOTRXMTVAL, i.e. the default value must be used for parameter SOCKTCPTOTRXMTVAL if CIP is involved. See document "HP NonStop TCP/IPv6 Configuration and Management Manual" for details. Default The default is 0.

Page 106: Sshctl
SSH database files (configured via SSHCTL) but separate host key files (configured via HOSTKEY) should be configured. Example: SSH for maintenance and public network. Default If omitted, SSH2 will use a file name of SSHCTL. Example SSHCTL $SYSTEM.SSH2.USERDB1 See also: • CUSTOMER 106 • Configuring and Running SSH2 HP NonStop SSH Reference Manual...

Page 107: Sshctlaudit
Use this SSH2 parameter to disable the prompt for password during user authentication with method password in outgoing connections, assuming that the password is stored in the database. Parameter Syntax Configuring and Running SSH2 • 107 HP NonStop SSH Reference Manual...

Page 108: Stricthostkeychecking
If this option is omitted, SSH2 will use a value of TRUE. Example STRICTHOSTKEYCHECKING FALSE SUBNET Use this parameter to specify the TCP/IP process a SSH2 process should listen on for incoming connections. Parameter Syntax SUBNET tcpip-process-name 108 • Configuring and Running SSH2 HP NonStop SSH Reference Manual...

Page 109: Suppresscommentinsshversion
On the other hand, the comments part may indicate specific capabilities of an implementation, i.e. can be helpful information for the remote system. TCPIPHOSTFILE Use this parameter as an alternative to setting a DEFINE =TCPIP^HOST^FILE. Parameter Syntax TCPIPHOSTFILE filename Arguments Configuring and Running SSH2 • 109 HP NonStop SSH Reference Manual...

Page 110: Tcpipnodefile
Use this parameter to pass the value for the DEFINE =TCPIP^NODE^FILE to SSH2 servers configured as generic processes. (DEFINEs cannot be propagated to generic processes.) TCPIPRESOLVERNAME Use this parameter as an alternative to setting a DEFINE =TCPIP^RESOLVER^NAME. Parameter Syntax TCPIPRESOLVERNAME filename Arguments 110 • Configuring and Running SSH2 HP NonStop SSH Reference Manual...

Page 111: Usetemplatesystemuser
SYSTEM-USER of the USER template record is used for newly added USER record. FALSE The SSH user name is used as SYSTEM-USER for newly added USER record. Default The default for this parameter is FALSE. See also: AUTOADDSYSTEMUSERS, AUTOADDSYSTEMUSERSLIKE Configuring and Running SSH2 • 111 HP NonStop SSH Reference Manual...

Page 112: Enabling Full Tty Access
To Start the STN Pseudo Terminal Server Included with SSH2 Note: For cases in which SSH2 was delivered with HP NonStop SSH as part of the RVU or as an independent product for G-Series prior to G06.32, an STN PTY server will be pre-installed as a generic process: SSH-ZPTY ($ZPTY).

Page 113: Configuring A Service Menu
For non-6530 pseudo terminals the STN service or window can be enabled via: >RUN SSHCOM $SSH01 T9000B03_02DEC2009_SSHCOM OPEN $ssh01 % ALTER USER SERVICE.USER, SHELL-PROGRAM *MENU* srvc1 OK, user SERVICE.USER altered. % ALTER USER WINDOW.USER, SHELL-PROGRAM *MENU* #win1 OK, user WINDOW.USER altered. Configuring and Running SSH2 • 113 HP NonStop SSH Reference Manual...

Page 114: Forcing Tacl Access Via Server-Side Configuration
TELSERV environment to SSH, such as an environment with static windows. To forward 6530 shell requests to TELSERV, specify the CI-PROGRAM as follows: >SSHCOM %ALTER USER telnetuser, CI-PROGRAM telnet 114 • Configuring and Running SSH2 HP NonStop SSH Reference Manual...

Page 115: Granting Access Without Ssh Authentication
>RUN SSHCOM $SSH01 T9000B03_02DEC2009_SSHCOM OPEN $ssh01 % ADD USER serviceuser, ALLOWED-AUTHENTICATION (none), & % SYSTEM-USER *NONE*, CI-PROGRAM *MENU*, & % ALLOW-SHELL NO, ALLOWED-SUBSYTEMS (), ALLOW-TCP-FORWARDING NO OK, user serviceuser added. Configuring and Running SSH2 • 115 HP NonStop SSH Reference Manual...

Page 116: Single Sign-On With Gssapi Authentication
GSSAPI/Kerberos-enabled SSH client. Since Microsoft Active Directory supports Kerberos, Windows domain users can be enabled to log onto HP NonStop Servers without being prompted for a password. If credential forwarding (also known as TGT forwarding) was selected for the session, subsequent SSH connections from the NonStop host to other network resources participating in Kerberos single-sign on can also be accessed without additional authentication.

Page 117: Authorizing Kerberos Principals For Logon
SSHCOM ADD USER command. Otherwise, if the SSH2 AUTOADDSYSTEMUSER option is TRUE and gssapi-with-mic is enabled for automatically added users, then creating a Safeguard ALIAS for the Kerberos user principal will be sufficient to grant SSO access. Configuring and Running SSH2 • 117 HP NonStop SSH Reference Manual...

Page 118: Restricting Incoming And Outgoing Connections
Note: You can authorize multiple Kerberos principals to logon as a specific NonStop user by specifying multiple PRINCIPAL attributes in one or more ALTER USER commands. HP does not currently offer a Kerberos solution, but such a solution can be purchased from an HP NonStop partner and applied to your system.

Page 119: Restricting Local Ports Used For Port Forwarding
1. If no explicit SSH2 process is configured (which is done by specifying the –S option on the command line), the client evaluates first the define =SSH2^PROCESS^NAME and then the environment variable SSH2_PROCESS_NAME to determine the process name of the SSH2 instance to connect to. Configuring and Running SSH2 • 119 HP NonStop SSH Reference Manual...

Page 120: Load-Balancing Inbound Ssh Sessions
RUN SSH2/ NAME $SSH00, CPU 0, .../ ALL; BACKUPCPU ANY; ... In case of a failure of the primary CPU, the backup process of SSH2 will take over and restart the operation. 120 • Configuring and Running SSH2 HP NonStop SSH Reference Manual...

Page 121: Configuring Ssh2 As A Generic Process
(DEFINEs cannot be propagated to generic processes.) Likewise, you can use the TCPIPHOSTFILE, TCPIPNODEFILE, and TCPIPRESOLVERNAME parameters to configure TCPIP settings, which are usually passed as DEFINEs. Please refer to the SCF Reference Manual for the Kernel Subsystem in the HP NonStop documentation set for further details. Choosing a Persistence Mechanism Determining whether it is more effective to configure SSH2 as a NonStop process pair or as a generic process depends on your system environment and the expected SSH transfer volume.

Page 122: Processing Of Defines
TERM This environment variable holds the terminal type. Example: TERM=xterm LOGNAME The user name as received from a remote client (the name of a user defined in SSHCTL). Example: 122 • Configuring and Running SSH2 HP NonStop SSH Reference Manual...

Page 123: Tcp/Ipv6 Configuration
0 to 255, separated by dots, e.g., 172.1.2.3. Each decimal number represents 8 bits (one octet) of the IPv4 address. Configuring and Running SSH2 • 123 HP NonStop SSH Reference Manual...

Page 124: Usage Of Ipv6 Addresses
CONNECT-TO • PERMIT-LISTEN • PERMIT-OPEN • FORWARD-FROM Entity KNOWNHOST fields: • Name (identifier) of a KNOWNHOST record • ADDRESSES Entity PASSWORD fields: • Name (identifier) of a PASSWORD record 124 • Configuring and Running SSH2 HP NonStop SSH Reference Manual...

Page 125: Tcp/Ipv6 Migration And Backout
SSH2 object without IPv6 support accesses this database. Therefore a backout of an SSH2 IPv6 release to a pre-IPv6 SSH2 release does not represent a problem. Configuring and Running SSH2 • 125 HP NonStop SSH Reference Manual...

Page 126 PASSWORD entries cannot be modified or deleted using an SSH2 release without IPv6 support. But again, an SSH2 process that supports IPv6 started in ADMIN mode can be used to do that, if needed. 126 • Configuring and Running SSH2 HP NonStop SSH Reference Manual...

Page 127: The Ssh User Database
To maintain the daemon database content, issue the following command within SSHCOM: % MODE DAEMON or, because SERVER is supported as alternative for DAEMON: % MODE SERVER To maintain the client database content, issue the following command: % MODE CLIENT The SSH User Database • 127 HP NonStop SSH Reference Manual...

Page 128: Database For Daemon Mode
PRIORITY: Priority for a specific ssh user’s non-SFTPSERV processes. If omitted, the priority of the SSH2 process is used as default value. • CPU-SET: List of CPUs ssh user’s non-SFTPSERV processes are started in. 128 • The SSH User Database HP NonStop SSH Reference Manual...

Page 129 CONNECT-FROM: IP addresses the user is allowed to connect from. • CONNECT-TO: IP addresses a user is allowed to connect to. • PERMIT-LISTEN: Local ports the user is allowed to use for port forwarding. The SSH User Database • 129 HP NonStop SSH Reference Manual...

Page 130: Database For Client Mode
NonStop. PASSWORD records are added when a user confirms a password is to be stored or via SSHCOM command ADD PASSWORD. Database key to the PASSWORD entity consists of: 130 • The SSH User Database HP NonStop SSH Reference Manual...

Page 131: Creating And Accessing The Database
MS Access, MS Excel, or any SQL database. For a description how to export the database please refer to the section "Miscellaneous commands in SSHCOM" in chapter "SSHCOM Reference". The SSH User Database • 131 HP NonStop SSH Reference Manual...

Page 132 132 • The SSH User Database HP NonStop SSH Reference Manual...

Page 133: Sshcom Overview
SSHCOM is a command interpreter delivered with the SSH2 component. It is used to view and maintain the SSH2 user database. Using SSHCOM is similar to working with the HP PATHCOM utility. You connect to an existing SSH2 process using the OPEN command, then you issue commands against that instance of SSH2, which will access the corresponding area in the database.

Page 134: Standard Nonstop Commands And Features
Standard behavior is that for each command entered a message is displayed about the outcome, i.e. if the command succeeded or failed (if no message is displayed it should be assumed that the command could not be parsed successfully). 134 • SSHCOM Command Reference HP NonStop SSH Reference Manual...

Page 135: Startup Values For The Mode And Assume User Commands
A user that is allowed to configure SSH USER records can create access to the NonStop system without Safeguard authentication, i.e. configuring SSH USER records is as critical as configuring Safeguard USER records. SSHCOM Command Reference • 135 HP NonStop SSH Reference Manual...

Page 136 Starting with release 89 there is tighter coupling of SSHCOM security with Safeguard security. This does not only include checking if a Safeguard user is frozen (see section "ALLOWFROZENSYSTEMUSER") but also includes support of OBJECTTYPE USER (please refer to HP NonStop manuals "Safeguard Reference Manual" and "Safeguard Administrator's Manual").

Page 137: Ownership And Management Of Client Mode Entities
(under grp1.usr1), then alias a2 can connect to host h1 specifying remote user u1 using the stored password entry, i.e. alias a2 gets access to remote host h1 without knowing the password of remote user u1. SSHCOM Command Reference • 137 HP NonStop SSH Reference Manual...

Page 138 If parameter CLIENTMODEOWNERPOLICY is set to value GUARDIANNAME, then the following applies: • Any attempt to add entries under an alias name will be rejected. Entries will be added under the Guardian name. 138 • SSHCOM Command Reference HP NonStop SSH Reference Manual...

Page 139: Miscellaneous Commands In Sshcom
Determines if the internal log cache is written to the log file in case of process aborting. LOGCACHESIZE Determines the size of the internal log cache. LOGCONSOLE Determines whether log messages are written to a console. LOGEMS Determines whether log messages are written to EMS. SSHCOM Command Reference • 139 HP NonStop SSH Reference Manual...

Page 140: Info Ssh2
] CIPHERS [def ] CLIENTALLOWEDAUTHENTICATIONS [def ] CLIENTMODEOWNERPOLICY [def ] COMPRESSION [def ] CONFIG <> [def ] CONFIG2 <*> [def ] CPUSET <> 140 • SSHCOM Command Reference HP NonStop SSH Reference Manual...

Page 141 ] SOCKTCPRXMTCNT <0> [def ] SOCKTCPTOTRXMTVAL <0> [def ] SSH2PROCESSNAME <$SSH55> [def ] SSHAUTOKEXBYTES <1073741824> [def ] SSHAUTOKEXTIME <3600> [def ] SSHCTL [def ] SSHCTLAUDIT [def ] SSHKEEPALIVETIME <60> SSHCOM Command Reference • 141 HP NonStop SSH Reference Manual...

Page 142: Clear Logcache
The log cache will be automatically cleared after the content of the log cache was written to the current log file. INFO DEFINE The INFO DEFINE command displays information about the DEFINEs as they exist in the SSH2 process context. It has the following syntax: 142 • SSHCOM Command Reference HP NonStop SSH Reference Manual...

Page 143: Prompt "
AUDITFILERETENTION is set to a non-zero value. The command has the following syntax: ROLLOVER AUDITFILE The ROLLOVER command can only be executed by super.super (unless explicitly denied in OBJECTTYPE USER record) or a user granted full SSHCOM access. SSHCOM Command Reference • 143 HP NonStop SSH Reference Manual...

Page 144: Rollover Logfile
All public keys of all users PRIVKEY KEY object data KNWNHOST KNOWNHOST object data RESTRICT RESTRICTION-PROFILE object data %export sshctl, subvol $data1.sshexp OK, all SSHCTL exported to files on $data1.sshexp 144 • SSHCOM Command Reference HP NonStop SSH Reference Manual...

Page 145: Info Host-Key
$temp.sshtemp.hostkey1 OK, written public part of host key to file $temp.sshtemp.hostkey1 The exported file can be used to configure a known host entry on a remote system. SSHCOM Command Reference • 145 HP NonStop SSH Reference Manual...

Page 146: Add User
[,PRINCIPAL { @ | *@ | *@* } ] [,PRIORITY -1 | ] [,PUBLICKEY { FINGERPRINT | FILE } | ( { FINGERPRINT | FILE } [, COMMENT ""] 146 • SSHCOM Command Reference HP NonStop SSH Reference Manual...

Page 147 Password authentication facilitating the NonStop system's password authentication mechanism. The password is validated against the SYSTEM-USER's password. • publickey: Public key authentication using the PUBLIC-KEYs configured for a user. SSHCOM Command Reference • 147 HP NonStop SSH Reference Manual...

Page 148 If the option FORCE is appended, then the user is forced to use the pre-configured STN service or window. In this case, the user will not see the STN menu, even when the configured service or window does not exist. COMMENT 148 • SSHCOM Command Reference HP NonStop SSH Reference Manual...

Page 149 Note: Specifying one or more Kerberos principals using this attribute will override the default Kerberos authorization rule, which implicitly grants access to the Kerberos principal with a matching local account name. The PRINCIPAL attribute may have the following values: SSHCOM Command Reference • 149 HP NonStop SSH Reference Manual...

Page 150 Specifies the name of a RESTRICTION-PROFILE entity. If configured for a user, then the restrictions defined in the RESTRICTION-PROFILE record will be applied for all of a user’s incoming and outgoing connections. 150 • SSHCOM Command Reference HP NonStop SSH Reference Manual...

Page 151 • WRITE: allows uploading of files from the remote system • PURGE: allows deletion of files on the NonStop system • RENAME: allows renaming of files on the NonStop system SSHCOM Command Reference • 151 HP NonStop SSH Reference Manual...

Page 152 PATH is not defined. For this purpose, SHELL-ENVIRONMENT needs to be set via SSHCOM command: % ALTER USER xyz, SHELL-ENVIRONMENT /home/xyz/myPATH In this example, the script /home/xyz/myPATH contains: export PATH=$PATH:/usr/bin The third step is to create an executable shell script /usr/bin/test-script, for example: 152 • SSHCOM Command Reference HP NonStop SSH Reference Manual...

Page 153: Alter User
[,PUBLICKEY FINGERPRINT | FILE | COMMENT ""] | LIVE-DATE ] | EXPIRE-DATE ] | FINGERPRINT ] [, FILE ] [, COMMENT ""] [, LIVE-DATE ] [, EXPIRE-DATE ] ) ]... SSHCOM Command Reference • 153 HP NonStop SSH Reference Manual...

Page 154 PATHWAY PROGRAM as CI-PROGRAM. CAUTION: When specifying ALLOWED-AUTHENTICATIONS (none) user access should be properly locked down to avoid security breaches that bypass any authentication (e.g. by setting SYSTEM-USER *NONE*). ALLOWED-SUBSYSTEMS 154 • SSHCOM Command Reference HP NonStop SSH Reference Manual...

Page 155 The value can be a CPU number (e.g. 2), a range of CPUs (e.g. 3-4), or a comma-separated list of CPU numbers and CPU ranges, enclosed in parentheses, e.g. (2, 5-7, 9). SSHCOM Command Reference • 155 HP NonStop SSH Reference Manual...

Page 156 This pattern will authorize any principal in the given REALM to access this user account • This pattern will authorize any principal in any REALM (i.e. anybody with a valid service ticket) to access this user account 156 • SSHCOM Command Reference HP NonStop SSH Reference Manual...

Page 157 Defines a set of CPUs used when SFTPSERV processes are invoked directly by SSH2 (for non-SFTPSERV processes the attribute CPU-SET is used instead). CPUs are assigned via a round-robin algorithm among all the configured CPUs that are available. SSHCOM Command Reference • 157 HP NonStop SSH Reference Manual...

Page 158 MKDIR: allows creation of directories on the NonStop system • RMDIR: allows removal of directories on the NonStop system • SYMLINK: allows creation of symbolic links on the NonStop system • ALL: shortcut for all operations 158 • SSHCOM Command Reference HP NonStop SSH Reference Manual...

Page 159: Delete User
It is possible to specify the logon id (e.g. 11,23) in double quotes. The logon id will be converted to . before the value for SYSTEM-USER is set. DELETE USER The DELETE USER command deletes a user from the database and has the following syntax: DELETE USER SSHCOM Command Reference • 159 HP NonStop SSH Reference Manual...

Page 160: Freeze User
PUBLICKEY k1 COMMENT used for file transfer from node linux-dev 6b:88:75:78:7e:90:bb:7c:eb:0d:94:64:79:07:1f:bd BABBLE xegop-hyvik-fucud-tubon-nuvin-pugeg-kovac-vipif-vunym-peset-zyxyx CREATION-DATE 20Apr12,15:05 LIVE-DATE *NONE* EXPIRE-DATE *NONE* LIFE-CYCLE-STATE LIVE LAST-MODIFIED 20Apr12,16:07 LAST-USAGE *NONE* PUBLICKEY testkey3 COMMENT 9e:67:60:36:e0:a4:88:ac:19:f1:39:61:19:0e:88:76 BABBLE xezaz-fimuf-gacoz-rorid-zutol-cezuc-pygyf-fypes-ponih-lynol-zaxix 160 • SSHCOM Command Reference HP NonStop SSH Reference Manual...

Page 161 The IP address from which the user last connected. LAST-MODIFIED The timestamp of the last modification of the user attributes. "User attributes" in that context are attributes that can be changed with the ALTER command. SSHCOM Command Reference • 161 HP NonStop SSH Reference Manual...

Page 162: Rename User
One or more patterns used to match addresses or names of hosts. Wildcard characters '*' (any number of characters) and '?' (one character) are allowed. The '~' is supported for expressing negation. 162 • SSHCOM Command Reference HP NonStop SSH Reference Manual...

Page 163 Then the new restriction profile name and any other attributes specified in the ADD RESTRICTION-PROFILE command are applied before the new restriction profile record is added. PERMIT-LISTEN SSHCOM Command Reference • 163 HP NonStop SSH Reference Manual...

Page 164: Alter Restricton-Profile
Specifies a pair of host addresses or names and port ranges, separated by a colon. A port range can be either one port, one port range or a list of port ranges separated by '+' and enclosed in brackets. COMMENT 164 • SSHCOM Command Reference HP NonStop SSH Reference Manual...

Page 165 The configuration requires the specification of a host and a port range, but for PERMIT-LISTEN the "host" must either be 0.0.0.0 (indicating gateway ports to follow after the ':') or 127.0.0.1 (indicating non-gateway ports to follow). PERMIT-OPEN SSHCOM Command Reference • 165 HP NonStop SSH Reference Manual...

Page 166: Delete Restriction-Profile
If the restriction profile is in use, that is, if user entries have the RESTRICTION-PROFILE attribute set to the specified , the renaming of the restriction profile will be rejected. 166 • SSHCOM Command Reference HP NonStop SSH Reference Manual...

Page 167: Client Mode Commands - Overview
These commands will be discussed in detail in the following subsections. Please also see "Database for Client Mode" in "The SSH User Database" chapter, for an overview of the database content. SSHCOM Command Reference • 167 HP NonStop SSH Reference Manual...

Page 168: Assume User
ASSUME USER command or the issuer of the INFO SYSTEM-USER command will be used as the default. A prefix that is used to match system users owning knownhost, password and key entries in the SSHCTL database. 168 • SSHCOM Command Reference HP NonStop SSH Reference Manual...

Page 169: Alter Key
OBJECTTYPE USER record) or those configured with full SSHCOM access. In case the SSH2 parameter LIFECYCLEPOLICYPRIVATEUSERKEY is set to VARIABLE, then every user can change field EXPIRE-DATE for those keys the user owns. SSHCOM Command Reference • 169 HP NonStop SSH Reference Manual...

Page 170: Delete Key
The format of the resulting key file. Format can be either OPENSSH or SSH2. If this attribute is omitted, SSH2 will be used as the default. Export of the private key part is not supported when exporting in format SSH2. PRIVATE 170 • SSHCOM Command Reference HP NonStop SSH Reference Manual...

Page 171: Freeze Key
The name of the key owned by the current user. Date or date and time in either of the following formats: • DD Mon YYYY hh:mm • "DDMonYY,hh:mm" SSHCOM Command Reference • 171 HP NonStop SSH Reference Manual...

Page 172: Import Key
If is specified, it MUST be followed by a ':' to separate it from the key name. The name of the key owned by the current user. Multiple owners can have keys with same name. FILE 172 • SSHCOM Command Reference HP NonStop SSH Reference Manual...

Page 173: Info Key
ASSUME USER command or the issuer of the ALTER KEY command will be used as the default. If is specified, it MUST be followed by a ':' to separate it from the key name. SSHCOM Command Reference • 173 HP NonStop SSH Reference Manual...

Page 174 The system user who owns the private key. TYPE The type of the key. BITS The key length in bits. PUBLICKEY-FINGERPRINT Both the MD5 and bubble-babble fingerprint of the public key. 174 • SSHCOM Command Reference HP NonStop SSH Reference Manual...

Page 175: Rename Key
If is specified, it MUST be followed by a ':' to separate it from the key name. Specifies the name of a key entry, which must already exist in the user database, before it is renamed. SSHCOM Command Reference • 175 HP NonStop SSH Reference Manual...

Page 176: Thaw Key
Only the SUPER.SUPER user (unless explicitly denied in OBJECTTYPE USER record) or those configured with full SSHCOM access can add a password entry for other users. 176 • SSHCOM Command Reference HP NonStop SSH Reference Manual...

Page 177: Alter Password
The DNS name or IP address of the target system. The listening port of the remote SSH server. If this optional attribute is omitted, the default of 22 is used. SSHCOM Command Reference • 177 HP NonStop SSH Reference Manual...

Page 178: Freeze Password
LAST-MODIFIED 20Apr12,19:11 STATUS THAWED Specifying a prefix followed by a wildcard is supported: % info password superu*:u*,detail info password superu*:u*,detail PASSWORD USER STATUS [email protected] superulrich THAWED USERID@HOST [email protected] USER superulrich 178 • SSHCOM Command Reference HP NonStop SSH Reference Manual...

Page 179: Rename Password
The IP address or the DNS name of the targeted system. The listening port of the remote SSH server. If this optional attribute is omitted, the default of 22 is used. SSHCOM Command Reference • 179 HP NonStop SSH Reference Manual...

Page 180: Thaw Password
The user name ALL means that all users can access that known host. Only the SUPER.SUPER user (unless explicitly denied in OBJECTTYPE USER record) or those configured with full SSHCOM access can add a known host entry for other users. 180 • SSHCOM Command Reference HP NonStop SSH Reference Manual...

Page 181: Alter Knownhost
ASSUME USER command or the issuer of the ADD KNOWNHOST command will be used as the default. If is specified, it MUST be followed by a ':' to separate it from the known host name that follows. SSHCOM Command Reference • 181 HP NonStop SSH Reference Manual...

Page 182: Freeze Knownhost
If used without the DETAIL modifier, INFO KNOWNHOST will provide a brief summary for each known host displayed. The following is an example of the output of INFO KNOWNHOST: % info knownhost *:* info knownhost *:* KNOWNHOST KNOWNBY STATUS 10.0.0.11.22 super.super THAWED 10.0.0.194.55022 superulrich THAWED 182 • SSHCOM Command Reference HP NonStop SSH Reference Manual...

Page 183 An optional comment associated with the known host entry. The comment must be enclosed in double quotes if it contains spaces. LAST-USE The timestamp of the last usage of the known host. LAST-MODIFIED The timestamp of the last modification of the known host. SSHCOM Command Reference • 183 HP NonStop SSH Reference Manual...

Page 184: Rename Knownhost
Only the SUPER.SUPER user (unless explicitly denied in OBJECTTYPE USER record) or those configured with full SSHCOM access can thaw a known host entry for another user.. The name of the known host to be thawed. 184 • SSHCOM Command Reference HP NonStop SSH Reference Manual...

Page 185: Status Commands
must be one of the names displayed in the detailed status output. STATUS SESSION Status information about the currently existing ssh sessions in the SSH2 process will be displayed. The command has the following syntax: SSHCOM Command Reference • 185 HP NonStop SSH Reference Manual...

Page 186 If it is of interest to determine the number of sessions matching the filter conditions, the option FILTER-STATISTICS can be specified. If the optional ONLY is added, then the status data is not displayed but just the total number of sessions and the number of matching sessions. 186 • SSHCOM Command Reference HP NonStop SSH Reference Manual...

Page 187: Status Channel
STATUS OPENER Status information about the currently existing openers, i.e. processes that have opened the SSH2 process will be displayed. The command has the following syntax: SSHCOM Command Reference • 187 HP NonStop SSH Reference Manual...

Page 188 If it is of interest to determine the number of openers matching the filter conditions, the option FILTER-STATISTICS can be specified. If the optional ONLY is added, then the status data is not displayed but just the total number of openers and the number of matching openers. 188 • SSHCOM Command Reference HP NonStop SSH Reference Manual...

Page 189: Statistics Related Commands
ONLY flag set, the output will be written to the log file, if logging to a file is enabled. DISABLE STATISTICS Disables gathering of statistics data. Syntax: DISABLE {STATISTICS | STATS} ENABLE STATISTICS Enables gathering of statistics data. Syntax: ENABLE {STATISTICS | STATS} RESET STATISTICS Resets statistics counters/rates. SSHCOM Command Reference • 189 HP NonStop SSH Reference Manual...

Page 190: Status Statistics
Only users with full SSHCOM access are allowed to execute the ABORT SESSION command. Warning: Any unsaved changes made by processes related to the aborted session may be lost. 190 • SSHCOM Command Reference HP NonStop SSH Reference Manual...

Page 191: Ssh And Sftp Client Reference
38662 Apr 16 14:22 abc -rwxr-xr-x 1 SUPER.SUPER SUPER 2222 Nov 23 2010 c -rwxr-xr-x 1 SUPER.SUPER SUPER 11183778 Jan 20 09:24 crypto -rwxr-xr-x 1 SUPER.SUPER SUPER 2286 Sep 30 2011 test SSH and SFTP Client Reference • 191 HP NonStop SSH Reference Manual...

Page 192: Starting The Oss Client Programs
In the subsequent sections of this chapter, we will assume the client program files are part of your current search path under the OSS shell. If you start the program without any parameters, it will display a brief syntax summary and terminate: 192 • SSH and SFTP Client Reference HP NonStop SSH Reference Manual...

Page 193 STN00 Connected to STN version B17 2012/04/23 12:36 \NPNS01.$PTY54.#ZWN0015 STN46 Secure SSH session: xterm password aes256-cbc hmac-sha1 STN81 Client IP address: fe80::a00:8eff:fe00:d14e port 4196 STN82 SSH external user comf.us, Guardian system user COMF.US SSH and SFTP Client Reference • 193 HP NonStop SSH Reference Manual...

Page 194: Inquiring User Name If Not Supplied
SFTP[OSS] and SSH[OSS] clients now prompt the user for the username: > ssh 10.0.0.196 comForte SSH client version T9999G06_12Feb2009_SSH_0084 User name @10.0.0.196: test You have no private keys in the key store. Trying password authentication. Enter [email protected]'s password: 194 • SSH and SFTP Client Reference HP NonStop SSH Reference Manual...

Page 195: Suppressing The Banner Printed By Clients
For details on these parameters, please see description in section "SSH2 Parameter Reference" in chapter "Configuring and Running SSH2"). The following table shows which parameter can be used in the client environment when sending or receiving files. SSH and SFTP Client Reference • 195 HP NonStop SSH Reference Manual...

Page 196: Ssh Client Command Reference
Log in using this user name. Tty; allocate a tty even if command is given. Do not allocate a tty. Display version number only. Suppress ssh client banner. 196 • SSH and SFTP Client Reference HP NonStop SSH Reference Manual...

Page 197 CAST-128 in CBC mode If this option is not specified, the client will negotiate a cipher from list configured for the SSH2 server using the CIPHERS parameter. SSH and SFTP Client Reference • 197 HP NonStop SSH Reference Manual...

Page 198 Specify a comma-separated list of ciphers for encrypting the session. This option has the same effect as the –c command line option. • MACS=macs Specify a comma-separated list of MAC algorithms. This option has the same effect as the –m command line option. • USER=user 198 • SSH and SFTP Client Reference HP NonStop SSH Reference Manual...

Page 199 Do not execute a shell or command. This is useful for just forwarding ports. Allows remote hosts to connect to local forwarded ports. By default, only connections originating from "localhost" (127.0.0.1) will be forwarded. Using –g will forward any connection. SSH and SFTP Client Reference • 199 HP NonStop SSH Reference Manual...

Page 200: Using The Ssh Client To Create A Shell Controlling A Remote System
SSH client version T9999H06_16Apr2008_comForte_SSH_0079 You have no private keys in the key store. Trying password authentication. Enter [email protected]'s password: Add password for [email protected] to the password store (yes/no)? yes 200 • SSH and SFTP Client Reference HP NonStop SSH Reference Manual...

Page 201: Using The Ssh Client To Create A Port Forwarding Daemon
The following log message will show up in the SSH2 log file indicating that the session was indeed forwarded over the SSH session: $TBS79|08Jul08 07:54:46.08|50|\NPNS01.$Z0D3: forwarding TCP connection from 127.0.0.1:5030 to 127.0.0.1:23 SSH and SFTP Client Reference • 201 HP NonStop SSH Reference Manual...

Page 202: Using The Ssh Client To Create An Ftp Port Forwarding Daemon
2006 gnumisc drwxrwxrwx 1 COMF.TB COMF 4096 Jan 08 2008 hertz -r-xr-xr-x 1 SUPER.SUPER SUPER 389152 Mar 03 2005 ls -rwxrwxrwx 1 COMF.TB COMF 128 Mar 28 06:35 rc0071 202 • SSH and SFTP Client Reference HP NonStop SSH Reference Manual...

Page 203: Sftp Client Command Reference
Starts the SFTP client in batch mode. The commands contained in the file are executed one by one until completion or a failure in execution. The client then terminates. SSH and SFTP Client Reference • 203 HP NonStop SSH Reference Manual...

Page 204 A typical usage of this option is to connect to an SSH2 daemon is running on a different port than the standard port 22: > sftposs –oPort=2222 -S '$tba01' [email protected] Connecting to 10.0.0.201... sftp> -R 204 • SSH and SFTP Client Reference HP NonStop SSH Reference Manual...

Page 205 Examples for usage of runtime parameters The following set of commands: > sftposs -S '$TBA01' –oPort=2222 [email protected] SFTPOSS client version T9999H06_17Apr2012_comForte_SFTPOSS_0092 Connecting to 10.0.0.201 via SSH2 process $TBA01 ... SSH and SFTP Client Reference • 205 HP NonStop SSH Reference Manual...

Page 206: Sftp Commands
Once you are connected to a remote system, the SFTP client issues a prompt "sftp>" and from then on supports the standard set of commands implemented in the SFTP protocol. The "help" command gives a brief syntax summary: 206 • SSH and SFTP Client Reference HP NonStop SSH Reference Manual...

Page 207 Remote working directory: /home/burgt sftp> List files on remote system (detailed output): sftp> ls -l drwxr-xr-x 0 513 1200 Feb 11 15:10 . drwxr-xr-x 608 Dec 31 12:04 .. SSH and SFTP Client Reference • 207 HP NonStop SSH Reference Manual...

Page 208: Transfer Progress Meter
" bytes transferred in seconds (MB/s)". Command "progress ?" will display the current setting (on, off, or min). Controlling Transfer Summary Summary information about each file transfer gets generated, e.g.: 208 • SSH and SFTP Client Reference HP NonStop SSH Reference Manual...

Page 209: Specifying File Names On The Nonstop System
"$data1.testvol.myfile", you can use the notation "/G/data1/testvol/myfile". Note: Unlike with HP NonStop FTP, there is no explicit command ("quote oss" or "quote guardian") to switch between the two notations. The Guardian file name notation is only allowed if parameter SFTPALLOWGUARDIANCD is set to true, and if a "cd /G"...

Page 210: Transfer Modes For Structured Guardian Files
The transfer mode and file attributes can be used at the same time; the transfer mode is appended to the file name first, then file attributes: ,, 210 • SSH and SFTP Client Reference HP NonStop SSH Reference Manual...

Page 211: Transferring Ascii Files
Historic commands are displayed when the HISTORY command is entered, e.g.: sftp> history 1> ls -l k* 2> get file678 3> put report89 4> cd $disk.subvol 5> cd $data1.reports 6> pwd sftp> SSH and SFTP Client Reference • 211 HP NonStop SSH Reference Manual...

Page 212: History Mode
R, D and I (see “Guardian Procedure Calls Reference Manual”, section FIXSTRING for details). sftp> fc 2 get file678 d//i5 get fle5678 r4// 9 get fl456789 Couldn't stat remote file: No such file or directory File "/G/data1/reports/fl456789" not found. sftp> 212 • SSH and SFTP Client Reference HP NonStop SSH Reference Manual...

Page 213: Creation Of Format 2 Guardian Files
The indication of a format 2 file is a plus sign directly appended to the file code of the Guardian file attributes, similar to the file code shown by FILEINFO for format files. Examples: sftp> get remote local,101+,28,56,128 sftp> put local remote,0+ SSH and SFTP Client Reference • 213 HP NonStop SSH Reference Manual...

Page 214 214 • SSH and SFTP Client Reference HP NonStop SSH Reference Manual...

Page 215: Ssh Protocol Reference
The following code has been used as part of the SSH2 software package: • a commercial SSH implementation (bitvise sshlib, see http://www.bitvise.com/products.html) which is based on the popular crypto library crypto++ (see http://sourceforge.net/projects/cryptopp/). SSH Protocol Reference • 215 HP NonStop SSH Reference Manual...

Page 216: Authentication Using User Names And Passwords
The SSH protocol uses public key cryptography for authentication both of the server (daemon) to the client as well as – optionally - for authenticating the client. This implies that if the client uses a key pair to log on to the server, both the client and the server will: 216 • SSH Protocol Reference HP NonStop SSH Reference Manual...

Page 217: Assuring Host Authenticity
The client can also use a key pair to authenticate against the server; in this case the server will use that information instead of a password supplied by the client. The SSH protocol supports authentication of the client through various means: • By providing a username and a password SSH Protocol Reference • 217 HP NonStop SSH Reference Manual...

Page 218 CLIENT mode of the SSHCOM command interpreter. The public key to be configured on the remote system can be displayed using the INFO KEY command or exported into a file using the EXPORT KEY command. 218 • SSH Protocol Reference HP NonStop SSH Reference Manual...

Page 219: Stn Reference
Running STN as Pseudo TTY Server for SSH2 Note: For cases in which SSH2 was delivered with HP NonStop SSH as part of the RVU or as an independent product for G-Series prior to G06.32, an STN PTY server will be pre-installed as a generic process: SSH-ZPTY ($ZPTY).

Page 220 M (megawords), which multiplies by 1,048,576. The default is 100K. PARAM TRACE^SIZE should precede PARAM TRACE^FILE. Tracing is normally started using STNCOM commands, so this parameter is rarely used. 5 – run stn … 220 • STN Reference HP NonStop SSH Reference Manual...

Page 221: Running Stn As Persistent Process
The INFILE (STN1KIN in this example) contains STNCOM commands to configure WINDOWs and SERVICEs, and also may contain PARAM commands as described above, but should always include the following: PARAM GFTCOM^OBJECT $SYSTEM.STN.STNCOM PARAM GFTCOM^IN $SYSTEM.STN.STN1KIN PARAM GFTCOM^OUT $ZHOME BANNER $SYSTEM.STN.BANNER1 STN Reference • 221 HP NonStop SSH Reference Manual...

Page 222: Stncom
------------------------------------------------------------------------------ \T $STN STN B21 04JAN2013 T0801H01_24JAN2013_ABE 14:55 ------------------------------------------------------------------------------ % version version Version STN B21 04JAN2013 Vproc T0801H01_24JAN2013_ABE Link gmt 04JAN2013_230358 Program object file $QAHPSSH.T0801ABE.STN type 800 Node Process $STN 0,1164 222 • STN Reference HP NonStop SSH Reference Manual...

Page 223: Comments
Immediately stops the STN process, creating a ZZSA dump file. If STN is running with a backup, the backup will take over. Use this command only on direction from support staff. ABORT SERVICE Same as STOP SERVICE. ABORT SESSION Same as STOP SESSION. STN Reference • 223 HP NonStop SSH Reference Manual...

Page 224: Abort Window
SCRIPT and ADD SERVICE/WINDOW may be performed in any order, although the script must be defined before a session attempts to use it. Example script to turn off echo and turn off automatic LF on CR: ADD SCRIPT NOECHO 20,0 7,0 224 • STN Reference HP NonStop SSH Reference Manual...

Page 225: Add Service
PARAM optional not allowed optional not allowed PROG required not allowed RESILIENT optional not allowed SWAP optional not allowed USER optional not allowed IPRANGE optional optional LOGAUDIT optional optional STN Reference • 225 HP NonStop SSH Reference Manual...

Page 226 Default is (0,15) or as specified by DYN_CPU. Only allowed with the TYPE DYNAMIC parameter. Specifies the CPU number, or range of CPU numbers, in which STN will start the dynamic service application. If a range is specified, STN 226 • STN Reference HP NonStop SSH Reference Manual...

Page 227 TERM_TYPE controls the inclusion of services on STN02 Service menus. The default is ANY. Workstation terminal emulators are divided into two groups. Those that support HP 6530 telnet extensions and which are configured for the HP 6530 protocol are considered type TN6530; all others are considered type ANSI. For TN6530 emulators, the STN02 will include only those services with TERM_TYPE TN6530 or ANY.

Page 228 Without the HOME parameter, while the Pathway application starts and runs normally, a problem arises if the session is terminated from the workstation client. This results in PATHCOM creating a ZZSA dump file, usually in subvol $SYSTEM.SYSTEM. LOGON REQ | NONE 228 • STN Reference HP NonStop SSH Reference Manual...

Page 229 RESILIENT is an option for TYPE DYNAMIC services that allows the application to remain active after the terminal session is disconnected. The STN implementation of RESILIENT is similar in general functionality to that of HP Telserv, but with some key differences.

Page 230 28. A script can be referenced by ADD SERVICE and ADD WINDOW commands. ADD SCRIPT and ADD SERVICE/WINDOW may be performed in any order, although the script must be defined before a session attempts to use it. See also ADD SCRIPT command. 230 • STN Reference HP NonStop SSH Reference Manual...

Page 231: Add Window
TYPE DYNAMIC Normally used only internally by the dynamic window mechanism. SERVICE and TERM_TYPE are required, and IPADDR is not allowed. The window will be automatically deleted when the session terminates. STN Reference • 231 HP NonStop SSH Reference Manual...

Page 232: Auditcoll Off |
AUDITCOLL OFF | AUDITCOLL names an EMS collector to receive EMS events for Audit-type events. OFF is the default. No Audit-type EMS events are generated. Also used to stop generation of events. 232 • STN Reference HP NonStop SSH Reference Manual...

Page 233: Auditmsg
0 to 20. A value of zero disables the feature, deleting the window immediately when the last opener closes. The default is 3 (3.0 seconds). Starting with SPR T0801^ABE, this command is not relevant with regard to AUTO_ADD_WIN since that parameter is no longer supported. STN Reference • 233 HP NonStop SSH Reference Manual...

Page 234: Backup[Cpu] | None | Buddy | Any
The exact format of the STN35 and STN36 messages depends on the terminal type: • 6530: Message is displayed at the cursor location and also on Line 25 • ANSI: Message is displayed at the cursor location See also: 234 • STN Reference HP NonStop SSH Reference Manual...

Page 235: Blast
DELETE IPRANGE command: IPRANGE deleted - Warning: 1 SERVICE(s) still reference this iprange DELETE SCRIPT | * The specified script, or all scripts, can be removed from the configuration. STN Reference • 235 HP NonStop SSH Reference Manual...

Page 236: Delete Service
is the maximum number of window names, including zero (0). must be in the range 100 to 100000, default is 100000. DYN_WIN_MAX may be used to reduce the number of windows allowed by GWN^TEMPLATE. For example: PARAM GWN^TEMPLATE #Z0000 236 • STN Reference HP NonStop SSH Reference Manual...

Page 237: Exit
ALLOC is intended for development use only. Any window names reserved by a previous GWN^FILE allocation but not yet used are discarded. The next session will begin with the number just allocated. STN Reference • 237 HP NonStop SSH Reference Manual...

Page 238: Help
B05COMP DEFAULT SERVICE *NONE* DYNAMIC_PRI DYN_CPU (0,15) DYN_WIN_MAX 100000 EMS_3270_CONN FESESSDOWN IDLE_WARNING INPUT_TIMEOUT KEEPALIVE KILL_DYNAMIC LUNAME_ECHO MAX_OPENERS MAX_OUTQ NBOT NBOT_TIMEOUT NEGOT_TIMEOUT NODE NAME \BWNS02 OPENER_WAIT OUTPUT_RESET RECV_SIZE 1000 REPLY_DELAY_MAX RFC860TM RSCMGR_DEPTH 238 • STN Reference HP NonStop SSH Reference Manual...

Page 239: Info Script
PARAM BACKUPCPU Note: Some commands displayed are not supported in HP T0801, for example CONN_CLR_TELNET and 3270_IN_SIZE. These commands are not documented in this manual and should not be used by HP T0801 users. Comments Config \BWNS02.$ZPTYE 075536 T0801H01_24JAN2013_ABE LG:04JAN2013_230358 Expand node name, STN process name, system serial number, STN vproc and LINKGMT.

Page 240: Info Stn
Client IP address,- Client IP port :shows the remote IP address and remote port number of the SSH session. • Client channel: Shows the SSH channel number of the terminal session. • External user name: The user name that was used with SSH authentication. 240 • STN Reference HP NonStop SSH Reference Manual...

Page 241: Input_Timeout
Line 25 ANSI message is displayed at the cursor location See also: BANNER_TIMEOUT, OUTPUT_RESET, and IDLE_WARNING. BANNER_TIMEOUT and INPUT_TIMEOUT can be used individually or in combination. STN Reference • 241 HP NonStop SSH Reference Manual...

Page 242: Kill_Dynamic Y|N
Defines the maximum application openers of a window. may be in the range 1-64 and defaults to 32. Any open attempts beyond the maximum will be rejected with feopenstop 61. This feature prevents an ill-behaved application from monopolizing STN resources. 242 • STN Reference HP NonStop SSH Reference Manual...

Page 243: Max_Outq
STN38 No application program active on this terminal for nnn seconds. Session terminated. This message will be displayed for several seconds, then the session will be terminated. STN Reference • 243 HP NonStop SSH Reference Manual...

Page 244: Output_Reset Y | N
$T – target system LCT time in format HH:MM • $D – target system LCT date in format yyyy/mm/dd Example: PROMPT "$X.$P $D $T STN> " \DEV.$STN2 2010/08/06 23:59 STN> PROMPT "$T $P> " 23:59 $STN2> 244 • STN Reference HP NonStop SSH Reference Manual...

Page 245: Pty_Reply_Len
IDLE_TIMEOUT and WELCOME, as well as ADD commands for listeners, services, windows (types STATIC, SU, and DEDICATED only), scripts, and ip ranges. ADD commands will span multiple lines using "&" (ampersand) as a STN Reference • 245 HP NonStop SSH Reference Manual...

Page 246: Security []
Activates a service previously STOPPED or ABORTED. New session requests for the service will be accepted. START is automatically performed by ADD SERVICE, and is generally not used. STATUS SERVICE [ | * ] Displays current status information for the specified service or for all services. 246 • STN Reference HP NonStop SSH Reference Manual...

Page 247: Status Session [ | * ]
A resilient window has been reconnected to a new session. This state is usually immediately replaced by CONNECTED. • MENU STN is waiting for a service name (or window name) from the remote SSH 6530 client, usually after displaying a menu of service names. STN Reference • 247 HP NonStop SSH Reference Manual...

Page 248: Status Window [ <#Window-Name> | * ]
Displays cumulative statistics on the number of sessions. STIX displays the counters; STIX RESET displays then resets. STNCOM_PROMPT "" This command redefines the prompt sent by STNCOM to the terminal for new command input. This requires the H39 version of STNCOM. 248 • STN Reference HP NonStop SSH Reference Manual...

Page 249 STNCOM, or use the OPEN command to reopen the same STN process. The new STNCOM_PROMPT setting will then be used by STNCOM. STNCOM_PROMPT Example: STN Reference • 249 HP NonStop SSH Reference Manual...

Page 250: Stnlog
This command controls writing of a trace to a disk file. The GTRED utility that is distributed in the SSH subvolume can be used to format the trace: GTRED / in , OUT / 250 • STN Reference HP NonStop SSH Reference Manual...

Page 251: Version
Loads specified edit-101 file as welcome text. Text is limited to displayable ascii characters (hex 20-7e), 79 columns per line, and 50 lines. The text is saved in STN memory and the file is closed. INFO STN will show the status of WELCOME, but not the text. STN Reference • 251 HP NonStop SSH Reference Manual...

Page 252: Win_Avail_Always Y | N
SSH sessions use the script, if any, defined for the service. If none is defined, then the script defined for the window, if any, is used; otherwise, no script. This allows SSH sessions to access STN services which specify their own scripts. 252 • STN Reference HP NonStop SSH Reference Manual...

Page 253: Session And Window Naming
If the file exists, it is validated as containing a valid GWN record. If the GWN record is valid, STN allocates an initial block of window names as described below. The window name stored in the file overrides any GWN^TEMPLATE. STN Reference • 253 HP NonStop SSH Reference Manual...

Page 254: Gwn Related Stncom Commands
STNCOM $STN ; DYN_WIN_MAX 250 cycles from #Z0000 to #Z0249, then back to #Z0000. STNCOM displays the GWN filename and details about the window name and option and optionally a new block of names. 254 • STN Reference HP NonStop SSH Reference Manual...

Page 255: Gwn Related Ems Events
CAUSE: The listener attached to TCP/IP process <2> port number <3> initialized successfully. • EFFECT: The listener is ready to accept new session requests. • ACTION: None; informational only. zstn-evt-listener-down value is 1002 " Subnet <2> Port <3> Listener now DOWN" STN Reference • 255 HP NonStop SSH Reference Manual...

Page 256 CAUSE: The number of days <2> until license expiration is less than 32. This is checked at STN process startup time and every morning at 9:00 AM LCT. • EFFECT: None; advisory message. • ACTION: Contact your distributor for a new license file. zstn-evt-license-badparam value is 1007 256 • STN Reference HP NonStop SSH Reference Manual...

Page 257 EFFECT: The specified MPWDFAST file was used for audit initialization as directed by a STNCOM MPWDFAST command. • ACTION: None; informational only. zstn-evt-stncnfg value is 1012 " Starting AUDIT Using STNCNFG file <2>" STN Reference • 257 HP NonStop SSH Reference Manual...

Page 258 CAUSE: ADD LISTENER was attempted when Protocol TELSERV was unlicensed, or ADD WINDOW, TYPE PTY (usually only done by SecurSH) was attempted when protocol PTY was unlicensed. • EFFECT: The ADD command is rejected. 258 • STN Reference HP NonStop SSH Reference Manual...

Page 259 LICENSE file parameter USERS is exceeded. This event is written to the specified collector, not to the standard $0 EMS event collector. • EFFECT: T None; informational only. • ACTION: None; informational only. STN Reference • 259 HP NonStop SSH Reference Manual...

Page 260 CAUSE: A terminal session has a large amount of output that cannot be sent to the terminal. • EFFECT: The session is terminated. • ACTION: This is usually caused by an ill-behaved application. If the problem persists, contact support. 260 • STN Reference HP NonStop SSH Reference Manual...

Page 261 Use the POOL command to monitor pool usage. For larger configurations, increase PARAM POOL_SIZE. zstn-evt-th-open-err value is 1034 "<1> Open TH <2> error <3>" <1> - STN process name <2> - Terminal Handler process name <3> - Guardian open file error code STN Reference • 261 HP NonStop SSH Reference Manual...

Page 262 Cause: STN created a new GWN file based in GWN^FILE because the file did not already exist. • Effect: GWN startup continues. • Action: None. Informational only. zstn-evt-gwn-file-init value is 1060 "<1> GWN File <2> Initialized to <3>" <1> - STN process name 262 • STN Reference HP NonStop SSH Reference Manual...

Page 263 Cause: This STN process allocated (reserved) a block of window names from the GWN file. • Effect: The specified window names will be used for future sessions for this STN process • Action: None. Informational only. STN Reference • 263 HP NonStop SSH Reference Manual...

Page 264 <4>. • EFFECT: The param is ignored, and STN startup proceeds without the parameter. Since this command is generally used for essential configuration commands, STN will probably not operate properly. 264 • STN Reference HP NonStop SSH Reference Manual...

Page 265 Cause: STN object not properly configured under Safeguard. • Effect: STN cannot start dynamic service applications when SERVICE USER or LOGON is used. • Action: Start Safeguard, then perform the following Safecom command for the STN object file: STN Reference • 265 HP NonStop SSH Reference Manual...

Page 266 " Trace started to file <2> size <3>" • CAUSE: An STN trace was started to file <2> of size <3>. • EFFECT: None; informational only. • ACTION: None; informational only. 266 • STN Reference HP NonStop SSH Reference Manual...

Page 267 EFFECT: Tracing is not enabled. • ACTION: Contact support. Retry the TRACE command. zstn-evt-trace-size-file value is " PARAM TRACE^SIZE must precede PARAM TRACE^FILE" • CAUSE: PARAM TRACE^SIZE followed PARAM TRACE^FILE STN Reference • 267 HP NonStop SSH Reference Manual...

Page 268 CAUSE: An inspect session from a previous DEBUG command finished. • EFFECT: STN operation continues. Active sessions may timeout if the time spent in inspect mode was too long. • ACTION: None; informational only. 268 • STN Reference HP NonStop SSH Reference Manual...

Page 269: Client Messages At The Remote Workstation
User entered #WINDOW name in response to the menu, but the specified window is not configured. STN08 Window is not Type SU User entered #WINDOW name in response to the menu, but the specified window is not configured as type SU. STN Reference • 269 HP NonStop SSH Reference Manual...

Page 270 Self-explanatory. Enter a valid username. STN16 Enter password: This prompt follows the response to STN15. STN17 Input error; proper syntax is group.user Improper response to STN15 prompt. STN18 Unknown userid or incorrect password Self-explanatory. 270 • STN Reference HP NonStop SSH Reference Manual...

Page 271 STN28 PROGRAM file format error PROCESS_CREATE_ error 12: PROGRAM file error, see detail. STN29 LIB file format error PROCESS_CREATE_ error 13: LIB file error, see detail. STN30 no pcb available STN Reference • 271 HP NonStop SSH Reference Manual...

Page 272 The application has closed the window and AUTODEL_WAIT seconds have elapsed. This is normal termination for some applications. After session termination, 6530 terminals will always be left in conversational (ITI) mode, and the terminal display is erased. 272 • STN Reference HP NonStop SSH Reference Manual...

Page 273 This is an informational message to echo the response to the menu prompt. This is especially useful when the service name is automatically entered by the terminal emulator. STN50 Negotiation timeout - check Line Mode setting in terminal emulator. Session terminated. Telnet IAC negotiations did not complete within 20 seconds. STN Reference • 273 HP NonStop SSH Reference Manual...

Page 274 When reconnecting to a resilient window, existing applications are listed for informational purposes. STN71 Userid not allowed for this service The selected SERVICE requires a specific userid. STN72 Using userid from SSH SYSTEM-USER is being used instead of STN15/STN16 prompt. 274 • STN Reference HP NonStop SSH Reference Manual...

Page 275 STN94 Userid provided by SSH not valid SSH sessions with *MENU* and an SSH Guardian system user in group.user format that do not match SERVICE USER are now terminated with this message. STN Reference • 275 HP NonStop SSH Reference Manual...

Page 276: Stn Application I/O Handling
Only used with special terminals. P1=1 disables interrupt character handling for ascii BS/CTRL-H (hex 06), ascii CAN/CTRL-X (hex 18), and EM/CTRL-Y (hex 19), and also the 6530 control character ascii ENQ (hex 05), p1=0 (default) is compatible with previous releases 276 • STN Reference HP NonStop SSH Reference Manual...

Page 277 Kerberos Principal Name if available for PTY sessions. Info from WSINFO domain or empty string. Info from WSINFO netbios or empty string. Info from WSINFO client or empty string STN Reference • 277 HP NonStop SSH Reference Manual...

Page 278 278 • STN Reference HP NonStop SSH Reference Manual...

Page 279: Monitoring And Auditing
$SSH42|09Dec09 20:00:17.84|20|DEFINE =SSH2^PROCESS^NAME was set to <\NPNS01.$SSH42> $SSH42|09Dec09 20:00:17.84|10|Initializing SSH2 ADMIN run mode. $SSH42|09Dec09 20:00:17.84|10|Initializing SSH2 CLIENT run mode. $SSH42|09Dec09 20:00:17.84|10|Initializing SSH2 DAEMON run mode. $SSH42|09Dec09 20:00:18.04|10|Loading private key from HOSTKEY $SSH42|09Dec09 20:00:18.23|30|Host key algorithm: ssh-dss Monitoring and Auditing • 279 HP NonStop SSH Reference Manual...

Page 280: Log Level
70: detailed diagnostic messages. Should only be set if the additional verbosity is really required. • 100: very detailed diagnostic messages. This configuration is not recommended for production environments as it will create significant overhead. 280 • Monitoring and Auditing HP NonStop SSH Reference Manual...

Page 281: Destinations For Log Messages
SSHCOM command FLUSH LOGCACHE (see section "SSHCOM Command Reference"). The SSHCOM command ROLLOVER LOGFILE can be used to force the log file rollover allowing to keep the log file small. Monitoring and Auditing • 281 HP NonStop SSH Reference Manual...

Page 282: Customizing The Log Format
$SSH49|22Dec10 15:31:25|10.0.0.78:1256(COMF.US): [email protected] close /G/data1/ushome/test6: size 173, 173 bytes read, 0 bytes written The following shows an audit message for a user trying to access the system with a non-existing username ("wronguser"): 282 • Monitoring and Auditing HP NonStop SSH Reference Manual...

Page 283: Destinations For Audit Messages
"Viewing File Contents from OSS"), it is possible to create flexible reports with brief commands. If you need help in doing so, please contact the HP or comForte support team, depending on which product you are using. List of Audit Messages The following table shows the complete list of audit messages as created from release 89 on.

Page 284 %user: SSH username %remoteAddress: remote IP address Subsystem Successful "%sessionId: %user@%remoteAddress %sessionId: SESSION-LOG-ID Event %action %object %outcome" %user: SSH username %remoteAddress: remote IP address %action: ‘subsystem’ %object: name of subsystem %outcome: ‘granted’ 284 • Monitoring and Auditing HP NonStop SSH Reference Manual...

Page 285 %mode: file open mode (‘read’ or ‘write’) SftpTouchF Successful "%sessionId: %user@%remoteAddress %sessionId: SESSION-LOG-ID ileEvent %action %object %outcome (mode %user: SSH username %mode)" %remoteAddress: remote IP address %action: ‘touch’ %object: file name %outcome: ‘granted’ Monitoring and Auditing • 285 HP NonStop SSH Reference Manual...

Page 286 %action %object %outcome" %user: SSH username available %remoteAddress: remote IP address %action: ‘read’ (remote error) or ‘write local file (local error)’ %object: file name %outcome: ‘denied’ or ‘failed’ 286 • Monitoring and Auditing HP NonStop SSH Reference Manual...

Page 287 %bytes_written: number of bytes written Failed, error "%sessionId: %user@%remoteAddress %sessionId: SESSION-LOG-ID detail not %action %object: size %size, %user: SSH username available %bytes_read bytes read, %bytes_written %remoteAddress: remote IP bytes written" Monitoring and Auditing • 287 HP NonStop SSH Reference Manual...

Page 288 %newname: new file name %outcome: ‘denied’ or ‘failed’ %error: error detail Failed, error "%sessionId: %user@%remoteAddress %sessionId: SESSION-LOG-ID detail not %action %object to %newname %user: SSH username available %outcome" %remoteAddress: remote IP 288 • Monitoring and Auditing HP NonStop SSH Reference Manual...

Page 289 %error: error detail Failed, error "%sessionId: %user@%remoteAddress %sessionId: SESSION-LOG-ID detail not %action %object %outcome" %user: SSH username available %remoteAddress: remote IP address %action: ‘mkdir’ %object: directory name %outcome: ‘denied’ or ‘failed’ Monitoring and Auditing • 289 HP NonStop SSH Reference Manual...

Page 290 "%sessionId: %user@%remoteAddress %sessionId: SESSION-LOG-ID detail not %action %object target %link %outcome" %user: SSH username available %remoteAddress: remote IP address %action: ‘symlink’ %object: file name %link: link name %outcome: ‘denied’ or ‘failed’ 290 • Monitoring and Auditing HP NonStop SSH Reference Manual...

Page 291 "%sessionId: %sessionId: %sessionId: SESSION-LOG-ID command %user@%remoteAddress %action %user: SSH username %object %outcome (forced command: %remoteAddress: remote IP %forcedcommand)" address %action: ‘exec’ %object: shell program %outcome: ‘granted’, ‘denied’ or ‘failed’ %forcedCommand: forced Monitoring and Auditing • 291 HP NonStop SSH Reference Manual...

Page 292 %action: ‘idle timeout’ %object: module experiencing timeout (currently always ‘SFTPSERV’) SftpServerF “%sessionId: %user@%remoteAddress %sessionId: SESSION-LOG-ID atalErrorEv %action %object error info: '%errInfo', %user: SSH username %processType process %processName %remoteAddress: remote IP stopping..." address 292 • Monitoring and Auditing HP NonStop SSH Reference Manual...

Page 293: Log File/Audit File Rollover
With LOGFILERETENTION set to 10 (the default value), the archive files for a LOGFILE of SLOG will be called SLOG0, SLOG1, ... SLOG9. With LOGFILERETENTION set to 1000, the archive files for a LOGFILE of SLOG will be called SLOG000, SLOG001, ... SLOG999. Monitoring and Auditing • 293 HP NonStop SSH Reference Manual...

Page 294: Viewing File Contents From Guardian With Showlog
] ALLOWEDSUBSYSTEMS [par ] ALLOWFROZENSYSTEMUSER [def ] ALLOWINFOSSH2 [def ] ALLOWPASSWORDSTORE [run ] ALLOWTCPFORWARDING [par ] AUDITCONSOLE <%;> [run ] AUDITFILE [def ] AUDITFILERETENTION <10> 294 • Monitoring and Auditing HP NonStop SSH Reference Manual...

Page 295 ] SFTPCPUSET <> [par ] SFTPEDITLINEMODE [def ] SFTPEDITLINENUMBERDECIMALINCR <1000> [def ] SFTPEDITLINESTARTDECIMALINCR <-1> [par ] SFTPEXCLUSIONMODEREAD [def ] SFTPIDLETIMEOUT <-1> [def ] SFTPMAXEXTENTS <900> [def ] SFTPPRIMARYEXTENTSIZE <2> Monitoring and Auditing • 295 HP NonStop SSH Reference Manual...

Page 296 SHOWLOG log file converter Version T9999A05_16Apr2009_HP_SHOWLOG_0022 starting at offset 5000000 dumping at most 10000 bytes ---processing in-file 'SSH2log' (output not shown here) ---finishing dump of file before end-of-file ---done 34> 296 • Monitoring and Auditing HP NonStop SSH Reference Manual...

Page 297: Viewing File Contents From Oss
Standard OSS filter tools such as grep, awk, or wc can also be applied. This allows users to make use of the powerful Unix syntax for doing text processing. Monitoring and Auditing • 297 HP NonStop SSH Reference Manual...

Page 298 298 • Monitoring and Auditing HP NonStop SSH Reference Manual...

Page 299: Performance Considerations
Note: All measurements referred to in this chapter have been performed on a 2 processor S7600. HP provides performance metrics that allow you to extrapolate those results to other systems. These metrics can be provided upon request.

Page 300: Performance Analysis Of Ssh Session Establishment
In case of a wildcard (e.g. ls test*) the SFTP client will do the pattern matching after all file attributes have been retrieved from the SFTP server. After the pattern matching the SFTP client could display the file listing but there are 300 • Performance Considerations HP NonStop SSH Reference Manual...

Page 301: Performance When Running As Ssh Client
Your driving habits. Using the data provided in this chapter should allow you to get an estimate of the CPU resources that should be utilized by SSH2 within your specific environment. Performance Considerations • 301 HP NonStop SSH Reference Manual...

Page 302 302 • Performance Considerations HP NonStop SSH Reference Manual...

Page 303: Troubleshooting
Error Message: Is there an error message generated? Please specify the exact text. The error message may be taken from EMS, from a log file or captured from a screen. Reproduction: Please describe the exact steps that led to the problem. Troubleshooting • 303 HP NonStop SSH Reference Manual...

Page 304: General Ssh2 Error Messages
because type () is REMOTE specific Cause: SSH2 found an OBJECTTYPE USER entry with network id Effect: SSH ignores that entry Recovery: Add a local ACL OBJECTTYPE USER entry, i.e. one without \node-spec. 304 • Troubleshooting HP NonStop SSH Reference Manual...

Page 305: Session Related Ssh2 Errors
Effect: The remote SSH user cannot be authenticated. Recovery: Configure an authentication method for SSH client that is supported by SSH2, e.g. "public key" authentication. : Authentication of user failed: Troubleshooting • 305 HP NonStop SSH Reference Manual...

Page 306 Cause: The SSH client has more than ten public keys that did not match any public key stored for the user in the SSHCTL. Effect: The public key authentication is aborted. The user cannot be authenticated. 306 • Troubleshooting HP NonStop SSH Reference Manual...

Page 307 : could not launch program , error , detail Is the name of the program file that SSH2 tried to start. Is the error number that was raised by the PROCESSCREATE function. Troubleshooting • 307 HP NonStop SSH Reference Manual...

Page 308 Is the IP address of the socket client the SSH client tries to forward a connection from. Is the IP address the SSH client requested to forward the connection to. 308 • Troubleshooting HP NonStop SSH Reference Manual...

Page 309: Session Related Messages Of Ssh2 In Client Mode
:= is the name of the NonStop client process initiating the SSH connection. : client access to known host denied, host is frozen Troubleshooting • 309 HP NonStop SSH Reference Manual...

Page 310 Recovery: Additional error information is returned to the SSH client (e.g. SFTP). Check the user’s credentials (private keys or password) for accuracy. Check if any of the user’s private keys are made known to the SSH server. 310 • Troubleshooting HP NonStop SSH Reference Manual...

Page 311 Describes the error. Cause: An error occurred on the SSH session. Typical errors are network related. Effect: The SSH session is closed. Recovery: Any corrective action depends on . Troubleshooting • 311 HP NonStop SSH Reference Manual...

Page 312: Client Error Messages
SSHCTL database. Otherwise, the client process terminates. If STRICTHOSTKEYCHECKING is FALSE, the client will display the following messages: For convenience the host identification has been added FROZEN. Host name is 312 • Troubleshooting HP NonStop SSH Reference Manual...

Page 313 Obtain the remote host’s new public key or public key fingerprint and update the relevant KNOWNHOST using SSHCOM as follows: ALTER KNOWNHOST , PUBLICKEY ... b) Using SSHCOM, delete the existing KNOWNHOST entry as follows: DELETE KNOWNHOST Troubleshooting • 313 HP NonStop SSH Reference Manual...

Page 314 Cause: The client failed to receive/send a packet from/to the SSH2/SFTP channel. Typical causes are that the remote SSH server has terminated the SSH session of SFTP channel. Effect: The client process terminates. Any ongoing file transfer will be aborted. Recovery: Any corrective action depends on . 314 • Troubleshooting HP NonStop SSH Reference Manual...

Page 315: Appendix
: Value of lowest 16Bit of GSSAPI minor status : GSS calls completed with errors (major status [//], minor status [//]) : Session Name : GSSAPI major status : Value of highest byte of GSSAPI major status Appendix • 315 HP NonStop SSH Reference Manual...

Page 316 : Value configured for parameter SFTPEDITLINEMODE Value for SFTPEDITTABSIZE not acceptable, . : Number of spaces replacing a TAB : Error description Value for SFTPEXCLUSIONMODEREAD not a supported value. : Value configured for parameter SFTPEXCLUSIONMODEREAD 316 • Appendix HP NonStop SSH Reference Manual...

Page 317 Functionality is restricted to HP internal usage Please contact [email protected] for a full license No valid license found: functionality is restricted to HP internal usage Could not listen on interface , port : : Interface the SSH2 process listens on : Port...

Page 318 : failed to create passive data connection tunnel from to () : Session Name : Normalized originator host address and port : Normalized target host address and port : Description Invalid state in FtpTunnelLayer::Notify, closing channel : State 318 • Appendix HP NonStop SSH Reference Manual...

Page 319: Event Category Warning
: Session Name : Guardian user name : TCP/IP ModeText : request rejected: : Session Name : Text : session rejected: NonStop SSH not licensed for general usage. : Session Name Appendix • 319 HP NonStop SSH Reference Manual...

Page 320 : client access to unknown host at denied. Local system user: : Session Name : Normalized target host address and port : Login name : exception during host verification (local system user ): 320 • Appendix HP NonStop SSH Reference Manual...

Page 321 : aborting SSH session, reason: : Session Name : Reason : forwarding from to denied, SSH2 parameter set to false : Session Name : Normalized originator host address and port Appendix • 321 HP NonStop SSH Reference Manual...

Page 322 : Normalized address and port to bind : User name : listen request on denied, RESTRICTION-PROFILE PERMIT-LISTEN for USER does not include local address/port : Session Name : Normalized address and port to bind 322 • Appendix HP NonStop SSH Reference Manual...

Page 323 : Requested authentication method : request rejected: authentication requested from host with unknown SSH user name (and is set to FALSE). : Session Name : Remote host TCP/IP address : User name Appendix • 323 HP NonStop SSH Reference Manual...

Page 324 : Exception textError messageReason : public key authentication failed, algorithm not supported : Session Name : public key authentication failed, too many keys : Session Name : public key authentication failed, invalid signature 324 • Appendix HP NonStop SSH Reference Manual...

Page 325 : Session Name : channel shell for 6530 command interpreter denied (due to the SSH user's ALLOW-CI settings) : Session Name : shell request from 6530 client rejected, configured system user unknown Appendix • 325 HP NonStop SSH Reference Manual...

Page 326 : Pseudo terminal name used for authentication : pty request denied: pseudo terminal access not allowed for user : Session Name : User name : Could not allocate PTY: (authentication dummy pty: ) : Session Name 326 • Appendix HP NonStop SSH Reference Manual...

Page 327 : Parameter name : TCP/IP mode : Value configured for parameter : Normalized interface address value Expected IPv4 address for parameter because IP mode is but found IPv6 address . Using Appendix • 327 HP NonStop SSH Reference Manual...

Page 328 : failed to create active data connection tunnel from to () : Session Name : Normalized originator host address and port : Normalized target host address and port : Description : SSH FTP Error '' : Session Name : Exception text 328 • Appendix HP NonStop SSH Reference Manual...

Page 329 Deleting user sessions records (user ) created by no longer existing SSH2 processes failed: : User name : Exception text Updating sessions record for user '' failed: : User name : Exception text Updating sessions record (removing port ) for user '' failed: Appendix • 329 HP NonStop SSH Reference Manual...

Page 330: Event Category Info
: caching credentials for user '' : Session Name : User initiating GSSAPI authentication : credentials cache file name is '' : Session Name : Kerberos credentials cache file name : processing GSSAUTH_GET_MIC_REQUEST : Session Name 330 • Appendix HP NonStop SSH Reference Manual...

Page 331 : Session Name : Protocol : Normalized originator host address and port : Normalized target host address and port : forwarding connection from (accepted on ) to remote : Session Name Appendix • 331 HP NonStop SSH Reference Manual...

Page 332 : Normalized target host address and port : Reason : client session opened : Session Name Please contact [email protected] for a full license. : added host as KNOWNHOST to database upon user request. : Session Name : Known host : local system user ...

Page 333 : session disconnected by server: : Session Name : Reason for disconnect DEFINE =TCPIP^PROCESS^NAME has value '' : TCP/IP process name define parameter SUBNET will be ignored and the define value will be used Appendix • 333 HP NonStop SSH Reference Manual...

Page 334 : User name : User name : user '' automatically added to SSHCTL upon first authentication request : Session Name : User name : signature ok, authentication of successful : Session Name 334 • Appendix HP NonStop SSH Reference Manual...

Page 335 : channel request for 6530 shell, launching : Session Name : Program : channel request for 6530 shell, connecting to PTYSERVER : Session Name : Pseudo terminal server : Service name Appendix • 335 HP NonStop SSH Reference Manual...

Page 336 : routing connection to target ftp port : Session Name : Target port No valid license found: restricting functionality to HP internal usage CRYPTOPP version : Crypto++ library version Invalid value specified for parameter : . Using default value .

Page 337 : Normalized target host address and port : SSH server version is : Session Name : Server version : Host key MD5 is : Session Name : Host key MD5 value Appendix • 337 HP NonStop SSH Reference Manual...

Page 338: Copyright Statements
All advertising materials mentioning features or use of this software must display the following acknowledgment: This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org) 338 • Appendix HP NonStop SSH Reference Manual...

Page 339 INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT Appendix • 339 HP NonStop SSH Reference Manual...

Page 340: Openssh Copyright Statement
- IDEA is no longer included, its use is deprecated - DES is now external, in the OpenSSL library - GMP is no longer used, and instead we call BN code from OpenSSL - Zlib is now external, in a library 340 • Appendix HP NonStop SSH Reference Manual...

Page 341 YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. The 32-bit CRC compensation attack detector in deattack.c was Appendix • 341 HP NonStop SSH Reference Manual...

Page 342 * Optimised ANSI C code for the Rijndael cipher (now AES) * @author Vincent Rijmen * @author Antoon Bosselaers * @author Paulo Barreto * This code is hereby placed in the public domain. 342 • Appendix HP NonStop SSH Reference Manual...

Page 343 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. Appendix • 343 HP NonStop SSH Reference Manual...

Page 344 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ $OpenBSD: LICENCE,v 1.19 2004/08/30 09:18:08 markus Exp $ 344 • Appendix HP NonStop SSH Reference Manual...

HP NonStop SSH 544701-014 Reference Manual

Preface

Introduction

Installation & Quick Start

Configuring and Running SSH2

The SSH User Database

SSHCOM Command Reference

SSH and SFTP Client Reference

SSH Protocol Reference

Quick Links

Related Manuals for HP NonStop SSH 544701-014

Summary of Contents for HP NonStop SSH 544701-014