SSH Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

131

132

133

134

135

136

137

138

139

140

Entity RESTRICTION-PROFILE fields:

• CONNECT-FROM

• CONNECT-TO

• PERMIT-LISTEN

• PERMIT-OPEN

• FORWARD-FROM

Entity KNOWNHOST fields:

• Name (identifier) of a KNOWNHOST record

• ADDRESSES

Entity PASSWORD fields:

• Name (identifier) of a PASSWORD record

IP Mode

Similar to the FAMILY configuration of TCP/IP monitor process and subnets, the SSH2 process supports control over

the IP mode the SSH2 process is running in. A new SSH2 parameter IPMODE

has been added.

The SSH2 parameter IPMODE allows restricting communication to IPv4 or IPv6 or allowing both types. The accepted

values for parameter IPMODE are:

• IPV4 – allows IPv4 communication only (can be used when accessing a TCP/IP process running object TCPIP

or a TCPIP process running TCP6SAM/CIPSAM with a monitor process configured with FAMILY INET or

DUAL).

• IPV6 – allows IPv6 communication only (can be used when accessing a TCP/IP process running object

TCP6SAM/CIPSAM with a monitor process configured with FAMILY INET6 or DUAL

• DUAL – allows both IPv4 and IPv6 communication (can be used when accessing a TCP/IP process running

object TCP6SAM/CIPSAM with a monitor process configured with FAMILY INET, INET6 or DUAL).

Generally, an SSH2 process can only support a protocol family if the underlying TCP/IP process provides support for

that protocol family. If, for example, SSH2 is configured with IPMODE IPV4 and the TCP/IP process accessed by this

SSH2 process is configured with FAMILY INET6, then no communication is possible at all.

TCP/IPv6 Considerations

Using Link Local Addresses for Loopback

While it is possible to use link local addresses within a network segment without problems, there are restrictions using

link local addresses for a loopback connection with a TCP/IP CLIM involved. The CIP TCP/IP implementation requires

specifying a local TCP/IP address to bind to when trying to establish a loopback connection via CIP TCP/IP. Error 4022

is the result if no specific local IP address is bound in this case.

A local bind address can be specified via the sftp and ssh client option -oBindAddress=<bind-address>, see sections

"SSH Client Command Reference" and "SFTP Client Command Reference

Another way to ensure a local bind address is set depends on the SSH2 parameter INTERFACEOUT: If the value of that

parameter is not the any address (0.0.0.0 or 0::0) but a specific IP address valid for the configured SUBNET, then this

configured local IP address is bound for every outbound connection.

Alternatively the IPv6 address ::1 can be used as target address without the need for specifying a local bind address.

140 • Configuring and Running SSH2 HP NonStop SSH Reference Manual