SSH Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

121

122

123

124

125

126

127

128

129

130

SSHCOM T0801H01_22JAN2014_ABK - 2014-01-24 14:42:45.368

OPEN $ssh01

% ALTER USER SERVICE.USER, SHELL-PROGRAM *MENU* srvc1

OK, user SERVICE.USER altered.

% ALTER USER WINDOW.USER, SHELL-PROGRAM *MENU* #win1

OK, user WINDOW.USER altered.

The pre-selected service or window ('srvc1' and '#win1' in the examples above) must exist in the STN configuration.

STN services and windows can be added with STNCOM, using the ADD SERVICE and ADD WINDOW commands.

Please refer to the "STNCOM Commands" section for further details.

Forcing TACL Access via Server-side Configuration

Usually a remote user can select if the ssh client gets access to an OSS shell or a TACL. In case the user executes a

SHELL request e.g.:

ssh usr@host

and the terminal type is TN6530, then a TACL is created. Also, if the user executes a SUBSYSTEM request with

subsystem name tacl, e.g.:

ssh –s usr@host tacl

then a TACL is started. If the user executes a SHELL request like

ssh usr@host

and the terminal type is not TN6530, then a shell is started. In case the user starts an EXEC request specifying a

command like in:

ssh usr@host ls –l

then the command is executed in a shell. If a TACL command should be executed, then the gtacl shell command can be

used, e.g.

ssh usr@host gtacl -c fileinfo

or the command tacl with options –c like

ssh usr@host tacl –c fileinfo

A program can be started in the TACL environment using option –p, e.g.:

ssh usr@host tacl –p fup

A way to force a user to connect to a TACL is to define an STN service and configure the SSH USER record to use this

service.

Assuming a service TACL1 is defined via STNCOM like:

ADD SERVICE TACL1, TYPE DYNAMIC, PROG $system.system.tacl, LOGON REQ

And the SSH user is configured using SSHCOM commands:

ALTER USER usr, SHELL-PROGRAM *MENU* TACL1 FORCE

Then both SHELL and EXEC requests, independent of the terminal type will start a TACL.

If the user was successfully authenticated via a different ssh authentication method than none, i.e. the USER attribute

ALLOWED-AUTHENTICATIONS was not set to (none), the TACL starts already logged on as user usr because the

service was added with “LOGON REQ”.

128 • Configuring and Running SSH2 HP NonStop SSH Reference Manual