SSH Reference Manual
PASSWORD entries cannot be modified or deleted using an SSH2 release without IPv6 support. But again, an SSH2
process that supports IPv6 started in ADMIN mode can be used to do that, if needed.
Multiple IP Process, Multiple IP Address
Considerations
Multiple IP Process Configuration
If the define =TCPIP^PROCESS^NAME is used to specify the TCP/IP process SSH2 should use, then it is not possible
to configure multiple IP processes. Instead of this define it is required to use parameter SUBNET (and the define must be
deleted from the TACL environment before starting the SSH2 process as the define has precedence over parameter
SUBNET).
Parameter SUBNET can be a list of IP process names, e.g. $ZTC0,$ZTC1,$ZSAM1,$ZSAM2. Assuming that
parameters INTERFACE and INTERFACEOUT are not set (defaulting to the ANY address), SSH2 will start a listener
for each of the configured IP processes on the ANY address on the configured port.
Such a configuration can be helpful to simplify the SSH configuration in environments with many TCP/IP processes but
little traffic over each IP process.
Multiple Allowed Listen IP Address Configuration
Before the introduction of support for multiple IP processes there has been support for multiple IP addresses. There was
just the restriction that all IP addresses had to be configured in one IP process and it was not possible to start a listen on a
subnet of configured IP addresses. It had to be either one IP address or all (achieved by using the ANY address for
listening).
Now it is possible to listen on a set of IP addresses which can be configured in a set of IP processes. The set of listen IP
addresses is specified via parameter INTERFACE and the set of IP processes is configured via parameter SUBNET.
Example:
Assuming INTERFACE is set to 1.2.3.4,1.2.3.5 and SUBNET is configured as $ZTC1, which has configured subnets for
1.2.3.6 in addition to 1.2.3.4 and 1.2.3.5. In this case two listens are initiated against the IP process $ZTC1, one for IP
address 1.2.3.4 and one listen against IP address 1.2.3.5.
In a different scenario the address 1.2.3.4 may be configured in process $ZTC1 and 1.2.3.5 in process $ZTC0. Both
processes are assumed to have other subnets. With INTERFACE again set to 1.2.3.4,1.2.3.5 and SUBNET set to
$ZTC0,$ZTC1 the SSH2 process will again issue two listen operations but this time one for IP address 1.2.3.4 against IP
process $ZTC1 and for IP address 1.2.3.5 against IP process $ZTC0.
Should all IP addresses configured in a specific IP process be listed in parameter INTERFACE, then only one listener for
the ANY address is started against that IP process and not one for all listed/configured IP addresses of that IP process.
If at least one IP address is listed in the parameter INTERFACE value that is configured in an IP process, then there will
be at least one listen started against the IP address. If none of the IP addresses of the INTERFACE value match, then no
listener gets started.
If one IP process is configured (via define =TCPIP^PROCESS^NAME or parameter SUBNET), then all IP addresses
configured in INTERFACE must correspond to a subnet in the one IP address.
If more than one IP process is configured (via parameter SUBNET), then the values in INTERFACE may belong to any
of the configured IP processes. Listeners will only be started for those IP addresses that match a subnet of an IP process.
In case none of the INTERFACE values correspond to any of the subnets of an IP process, then no listeners get started
for that IP process.
142 • Configuring and Running SSH2 HP NonStop SSH Reference Manual