Manualshelf

SSH Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series
141142143144145146147148149150
The RESTRICTION-PROFILE entity has the following properties:
RESTRICTION-PROFILE: The name for the restriction profile, referenced by a USER entity.
COMMENT: Comment text for the restriction profile.
CONNECT-FROM: IP addresses the user is allowed to connect from.
CONNECT-TO: IP addresses a user is allowed to connect to.
PERMIT-LISTEN: Local ports the user is allowed to use for port forwarding.
PERMIT-OPEN: Target host and port combinations the user is allowed to use for port forwarding.
FORWARD-FROM: Remote hosts the user can access ssh tunnels from.
LAST-MODIFIED: Record maintenance: Last time the record was modified.
Database for Client Mode
Format and Content of the Database
In client mode, the SSH2 database contains three entities, which are all related to a local Guardian system user:
KEYs are private user keys used to authenticate to remote systems.
PASSWORDs are passwords used to authenticate to remote systems
KNOWNHOSTs are remote systems that are authenticated by configuring their IP addresses, port numbers,
and public keys
All three entities contain a set of properties that are used when a local Guardian system user initiates an outgoing
connection. Access to the client mode records is controlled by the local Guardian user name, which is stored in client
mode records.
Client mode record type KEY holds user key information for the local Guardian user initiating a client connection on
NonStop. The key information in the client mode database includes the complete Public Key pair, i.e. both public and
private part. KEY records are created via SSHCOM command GENERATE KEY. Database key to the KEY entity
consists of:
KEY: the name of the public key pair generated for the Guardian user
USER: the name of the local Guardian user the public key was generated for
The KEY entity has the following additional properties:
COMMENT: a free text field allowing you to enter a descriptive comment
TYPE: The type of the key, supported key types are RSA and DSA
BITS: The number of bits of the key.
PUBLICKEY-FINGERPRINT: The fingerprints of the public key associated with that private key.
STATUS: whether the key is frozen or thawed.
CREATION-DATE: the time the key was generated, if available. A key is in state ‘PENDING’ if LIVE-DATE
has not been reached yet.
LIVE-DATE: the time the key changes or has changed to state ‘LIVE’. If the attribute LIVE-DATE is not set,
then a key is automatically in state ‘LIVE’. A key stays in this state until EXPIRE-DATE is reached.
EXPIRE-DATE: the time the key changes or has changed to state ‘EXPIRED’.
150 The SSH User Database HP NonStop SSH Reference Manual