SSH Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

171

172

173

174

175

176

177

178

179

180

This attribute is used to add or alter a public key with the provided <key-name>. For details on the syntax of that

attribute, please see the "ADD USER" command.

To delete a specific public key for a user use the DELETE PUBLICKEY <key-name> attribute syntax. To delete all

public keys for a user, use the DELETE PUBLICKEY * attribute syntax.

Both the PUBLICKEY and the DELETE PUBLICKEY attributes can be repeated multiple times within a single ALTER

USER command.

RESET

This option is used to reset an attribute of the current user to the default value. For each attribute that should be reset,

there must be a separate occurrence of the RESET option. An attempt to set and reset an attribute will result in an error

message.

The following attributes can be reset:

• SFTP-INITIAL-DIRECTORY

• SYSTEM-USER

• SFTP-SECURITY

• SFTP-PRIORITY

• SFTP-GUARDIAN-FILESET

RESTRICTION-PROFILE

Specifies the name of a RESTRICTION-PROFILE entity. If configured for a user, then the restrictions defined in the

RESTRICTION-PROFILE record will be applied for all incoming and outgoing connections related to the user.

SFTP-CPU-SET

Defines a set of CPUs used when SFTPSERV processes are invoked directly by SSH2 (for non-SFTPSERV processes

the attribute CPU-SET is used instead). CPUs are assigned via a round-robin algorithm among all the configured CPUs

that are available.

The value can be a CPU number (e.g. 2), a range of CPUs (e.g. 3-4), or a comma-separated list of CPU numbers and

CPU ranges, enclosed in parentheses, e.g. (2, 5-7, 9).

The default is to start user processes in the same CPU in which the SSH2 process is running. In this case, the processing

load is spread by using multiple SSH2 processes and starting these SSH2 processes in different CPUs).

If no value is specified, the value will be reset to the default. The default is to use the value of SSH2 parameter

SFTPCPUSET to determine a CPU or, if that is not set, the CPU the SSH2 process is running in is used.

SFTP-GUARDIAN-FILESET

A list of patterns identifying the GUARDIAN systems, volumes, subvolumes and files the user is allowed to access. The

default for this attribute is as follows:

('\*.$*.*.*)

This enables access (limited by the SFTP-SECURITY attribute) to any GUARDIAN system, volume, subvolume, or file.

In each pattern configured with the GUARDIAN file set, the '*' sign is used as a wildcard for any sequence of characters.

The '?' sign is used in a pattern as a wildcard for one single character.

SFTP-INITIAL-DIRECTORY

This attribute specifies the initial server-side directory the user will access after establishing the SFTP session. The

default value for the initial directory is either the value taken from INITIAL-DIRECTORY when defined in Safeguard or

from the Guardian default subvolume of the SYSTEM-USER.

If the option LOCKED is used, a user will not be allowed to leave that path, by issuing a "cd .." command. For example,

if a value of "/home/jdoe" is used, only access to directories below is allowed. Access to upper level directories such as

180 • SSHCOM Command Reference HP NonStop SSH Reference Manual