SSH Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

161

162

163

164

165

166

167

168

169

170

CAUTION: When specifying ALLOWED-AUTHENTICATIONS (none) user access should be properly locked down

to avoid security breaches that bypass any authentication (e.g. by setting SYSTEM-USER *NONE*).

ALLOWED-SUBSYSTEMS

This attribute is used to control access to specific subsystems. <subsystem> is one of the following subsystems provided

by SSH2:

• SFTP: The SFTP subsystem allows the user to transfer files with the SFTP transfer protocol.

• TACL: The TACL subsystem provides direct TACL access without requiring OSS on the NonStop server.

CI-COMMAND

This attribute specifies the startup string to be passed to CI-PROGRAM. Specify CI-COMMAND without <command>

to reset the attribute to its default (an empty startup string).

CI-COMMAND is ignored if CI-PROGRAM is set to *MENU*.

CI-PROGRAM

Sets the command interpreter to be started on a 6530 pseudo TTY after this user is authenticated. The filename is the

name of the command interpreter’s object file. It must be a local file name.

If you omit any attribute value, CI-PROGRAM will be reset to its default (TACL).

Startup parameters can be specified for the configured program, which is especially of interest for the program value

TELNET (please refer to section "Using TELSERV as Service Provider

").

Please note: Specifying startup parameters in addition to the program file name requires double quotes around the CI-

PROGRAM attribute value, for example:

ADD USER ...., CI-PROGRAM "TELNET <ip-addr> <port>".

If *MENU* is specified, 6530 shell will be connected to the service menu provided by the STN PTYSERVER. This

resembles the functionality of TELSERV, which provides dynamic services, as well as services connecting to static

windows. The services offered by the STN PTYSERVER process can be configured using STNCOM.

ALLOW-PTY must be set to YES for this attribute to be accepted for 6530 SSH clients, such as MR-Win6530 or J6530.

If *MENU* is followed by a service or window name, the corresponding service or window is automatically selected. If

the service or window does not exist, the STN menu will be displayed.

If the option FORCE is appended, then the user is forced to use the pre-configured STN service or window. In this case,

the user will not see the STN menu, even when the configured service or window does not exist.

COMMENT

Enables the input of free text enabling administrators to describe an entity or provide a short explanation of the intended

use of the USER entity or, when COMMENT is used for a PUBLICKEY, for the user public key. The whole comment

must be enclosed in double quotes if the comment includes spaces. The content will not be used for any processing.

CPU-SET

Defines a set of CPUs used when processes (except SFTPSERV processes) are invoked directly by SSH2 (for

SFTPSERV processes the attribute SFTP-CPU-SET is used instead). CPUs are assigned via a round-robin algorithm

among all the configured CPUs that are available.

The value can be a CPU number (e.g. 2), a range of CPUs (e.g. 3-4), or a comma-separated list of CPU numbers and

CPU ranges, enclosed in parentheses, e.g. (2, 5-7, 9).

The default is to start user processes in the same CPU in which the SSH2 process is running. In this case, the processing

load is spread by using multiple SSH2 processes and starting these SSH2 processes in different CPUs).

170 • SSHCOM Command Reference HP NonStop SSH Reference Manual