SSH Reference Manual
• In order to prevent unauthorized access, the user database is stored in a proprietary format and encrypted. The
database file is secured as "----".
• The customer name configured via parameter CUSTOMER
or, if that does not exist, the customer name held
within the license file for the SSH2 program is used as an input for host-based key encryption. When you plan
to duplicate the host key and user database onto other NonStop systems (such as a disaster recovery system),
you need to make sure the parameter
CUSTOMER or the license file of that other system has the same customer
name in it. Otherwise, the host key file and user data base cannot be used on the other system. If you purge the
HOSTKEY and SSHCTL files and restart the SSH2 process, a new HOSTKEY and SSHCTL file will be
created using either the value of parameter CUSTOMER or, if that does not exist, the customer name from the
license file.
Although a license file is no longer required for NonStop SSH on H and J operating systems, any existing
HOSTKEY
and SSHCTL file requires the customer name that was used to create the file. If a license file exists,
the customer name will be extracted from that file (entry SSH2.customer), unless parameter CUSTOMER is set
in which case the value of CUSTOMER is used. If a license file does not exist and an existing HOSTKEY or
SSHCTL file is accessed, the parameter CUSTOMER must be set to the original value for the customer name.
• Multiple instances of the SSH2 object can share the same user database or use different user databases.
• If the SSHCTL parameter points to a non-existing file, a new and empty user database will be created on
startup. SSH2 will abort at startup if the SSH database does not exist, parameter SSHCTLAUDIT
is true but the
SSHCTL parameter value (or its default value) does not reference an audited disk. An appropriate error message
is issued in this case. The parameters
SSHCTLAUDIT and SSHCTL must be set consistently to avoid this
abend: If SSHCTLAUDIT is true at time of ssh database creation, then SSHCTL must point to a volume that is
audited.
• The user database can be created as an audited file, allowing automatic replication of changes to another system,
as well as roll-back of changes through TMF. See the "SSHCTLAUDIT
" section for details.
• If multiple SSH2 processes started from the same subvolume but used for different purposes, then not only
separate SSH database files (configured via SSHCTL) but separate host key files (configured via HOSTKEY
)
should be configured. Example: SSH for maintenance and public network.
Default
If omitted, SSH2 will use a file name of SSHCTL.
Example
SSHCTL $SYSTEM.SSH2.USERDB1
See also
• CUSTOMER
SSHCTLAUDIT
Use this parameter to specify whether a newly created user database will be set up as an audited file.
Parameter Syntax
SSHCTLAUDIT TRUE|FALSE
Arguments
TRUE|FALSE
Specifies whether a new user data base file will be set up as an audited file. Following are the possible
arguments:
o TRUE: file will be created as audited file.
120 • Configuring and Running SSH2 HP NonStop SSH Reference Manual