SSH Reference Manual
Likewise, you can use the TCPIPHOSTFILE, TCPIPNODEFILE, and TCPIPRESOLVERNAME parameters to
configure TCPIP settings or the corresponding DEFINEs.
Please refer to the SCF Reference Manual for the Kernel Subsystem in the HP NonStop™ documentation set for further
details.
Choosing a Persistence Mechanism
Determining whether it is more effective to configure SSH2 as a NonStop process pair or as a generic process depends
on your system environment and the expected SSH transfer volume.
For an environment with low volumes of SSH traffic, it may be sufficient to run a single SSH2 process pair. However, if
you expect a higher traffic volume, you may want to distribute the CPU load across the available CPUs on your system.
This can be done by starting multiple SSH2 instances as described in the "Load Balancing" section above. Running
multiple SSH2 instances may have an influence on the fault-tolerance mechanism you choose. Following are key
considerations:
• When running multiple process pairs of SSH2 listening on the same port, you should not start a primary SSH2
process in a CPU that is used as a backup process by another SSH process pair. If you do, there will be a
conflict with two processes trying to listen on the same port in case of failover. Consequently, the maximum
number of SSH2 process pairs listening on the same port is the number of CPUs on your system divided by two.
Furthermore, the CPU load generated by the SSH encryption would only be distributed across the primary
CPUs of the SSH2 instances.
• When running SSH2 as a generic process, you can rely on the persistence manager to restart SSH2. It is not
necessary to start SSH2 as a process pair. Hence, if you want to distribute the load evenly across all processors,
it may be better to configure a generic SSH process in each CPU that would be restarted automatically when a
CPU comes up after a failure.
Processing of DEFINEs
SSH2 has been enhanced to propagate almost all defines found in the SSH2 process context to TACL and shell processes
started by SSH2 directly. Exceptions are:
The =_DEFAULTS DEFINE is set from the Guardian user configuration.
In case parameters PTCPIPFILTERKEY, TCPIPHOSTFILE, TCPIPNODEFILE or TCPIPRESOLVERNAME
were
specified the corresponding defines propagated contain the values taken from these parameters, i.e. the defines in SSH2
process context will be overwritten.
If define =TCPIP^PROCESS^NAME exists in the process context it will be propagated and the SUBNET parameter
value will be ignored (see parameter SUBNET). If define =TCPIP^PROCESS^NAME does not exist in the process
context the SUBNET parameter value will be used to create a define =TCPIP^PROCESS^NAME and it will be
propagated to newly started TACL and shell processes.
If define =CIP^COMPAT^ERROR exists in the SSH2 process context it will be propagated and the
CIPCOMPATERROR parameter value will be ignored (see parameter CIPCOMPATERROR
). If define
=CIP^COMPAT^ERROR does not exist in the process context a CIPCOMPATERROR parameter value other than '*'
will be used to create a define =CIP^COMPAT^ERROR and it will be propagated to newly started processes.
The processing of TCP/IP related defines and corresponding parameters is limited to creation/overwriting of defines. If
neither of the SSH2 TCP/IP parameters are set, then the existing TCP/IP defines/parameters determine the processing.
The actual processing is solely done in the TCP/IP runtime libraries, i.e. if the relevant TCP/IP parameters like
=TCPIP^RESOLVER^ORDER and TCP/IP related defines are set, then the resolver order should be as configured.
There is a special processing the SSH2 process executes regarding name resolving during startup: Without explicit
settings the TCP/IP stack uses DNS for name resolving. This causes long delays if name resolving is incorrectly
configured. If a name resolving test at startup takes too long, then the SSH2 process assumes the name resolving is not
136 • Configuring and Running SSH2 HP NonStop SSH Reference Manual