Manualshelf

SSH Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series
141142143144145146147148149150
The SSH User Database
Overview of SSH Operation Modes
As explained in the Introduction, the SSH2 process accesses a database to …
discover allowed operations for remote users as well as their logon credentials when running as SSH daemon,
allowing remote systems running an SSH or SFTP client to connect to the local NonStop system. This mode of
operation is referred to as "daemon mode" within this chapter.
find local system users' key files and remote host public keys when SSH and SFTP clients on the NonStop
system connect to remote systems running an SSH/SFTP implementation. This mode of operation is referred to
as "client mode" within this chapter.
This chapter describes the content of the database for both modes and shows how to create and maintain the database.
While all database content is kept in a single file, the content of the database is distinctly different for the daemon and
client mode:
In daemon mode, the SSH2 process allows remote SFTP clients to connect to the NonStop system. The
database therefore contains remote user credentials as well as public keys of remote systems. See the next
section for a detailed description of the database content in daemon mode.
In client mode, the SSH2 process will connect to remote systems and authenticate NonStop users on the remote
system. To do so, the SSH2 process will map NonStop user ID's to private key files stored in the database. It
also keeps public keys of known hosts in the database in order to authenticate the remote system. See the
section entitled "Database for Client Mode
" for details about the database content in client mode.
In order to separate the two different "sections" of the database, the SSHCOM command interpreter, which is used to
maintain the database, implements a MODE command that is used to switch between maintaining the data base content
for daemon and client modes.
To maintain the daemon database content, issue the following command within SSHCOM:
% MODE DAEMON
or, because SERVER is supported as alternative for DAEMON:
% MODE SERVER
To maintain the client database content, issue the following command:
% MODE CLIENT
HP NonStop SSH Reference Manual The SSH User Database 147