SSH Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

151

152

153

154

155

156

157

158

159

160

• Processing of a file through the standard TACL way of RUN SSHCOM /IN file/.

• Pausing the display with the PAUSE command.

• Line continuation through the usage of the "&" character.

Standard behavior is that for each command entered a message is displayed about the outcome, i.e. if the command

succeeded or failed (if no message is displayed it should be assumed that the command could not be parsed successfully).

It is possible to add comments in IN files, OBEY files and at the interactive prompt. Any text following an exclamation

mark is considered as comment text. A comment line is continued on the next line if the last character is an ampersand.

Note: A single exclamation mark alone entered at the SSHCOM terminal prompt means "repeat last command

unchanged" while a single exclamation mark in an IN or OBEY file is treated as comment line.

Startup Values for the MODE and ASSUME USER Commands

When being started from TACL, SSHCOM applies some heuristics to set the startup values for the MODE and

ASSUME USER commands. (The ASSUME USER command is described later in subsection "

Client Mode Commands

- Introduction"). It will determine the startup values as follows:

• If SSHCOM is started by the Guardian User SUPER.SUPER, it will set DAEMON mode and assume the user

SUPER.SUPER.

• For any other user, CLIENT mode will be set and that user will be assumed.

Security within SSHCOM

SSHCOM implements security by checking the user who has started SSHCOM from TACL.

The following commands are considered sensitive and can only be executed from users or groups who are explicitly

given full SSHCOM access:

• Exporting any private key with the EXPORT KEY,..,PRIVATE command. This means that the private key of

the user, for instance COMF.MH, can only be exported by users with full SSHCOM access — not even by the

user COMF.MH (unless user COMF.MH was given full SSHCOM access).

• Commands operating on client mode entities that are associated with a user other than the user starting

SSHCOM.

• Commands operating on daemon mode entities.

Configuration of Users with Full SSHCOM Access

There are two ways for allowing full SSHCOM access:

• Create a Safeguard OBJECTTYPE USER record or

• Set parameter sets FULLSSHCOMACCESSUSER<i> and FULLSSHCOMACCESSGROUP<j>

The existence of an OBJECTTYPE USER record overwrites any FULLSSHCOMACCESSUSER<i> and

FULLSSHCOMACCESSGROUP<j> configuration.

Only super.super user has full access to all SSHCOM commands if there is no thawed OBJECTTYPE USER record

defined and none of the above mentioned parameter sets are defined.

User super.super does not have full SSHCOM access only if explicitly denied Create authority in a thawed

OBJECTTYPE USER record.

The following sections explain the SSHCOM access rights in more detail.

HP NonStop SSH Reference Manual SSHCOM Command Reference • 155