Manualshelf

SSH Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series
51525354555657585960
ALLOWEDAUTHENTICATIONS
Use this parameter to specify the authentication mechanisms that are allowed for system users that are automatically
added to the SSHCTL database upon first login.
Parameter Syntax
ALLOWEDAUTHENTICATIONS (method[,method,...])
Arguments
method
Specifies an SSH authentication method to be allowed. Valid values are…
o password
Password for the NonStop system's authentication mechanism. The password is validated against the
SYSTEM-USER's password.
o publickey
Public key authentication using the PUBLIC-KEYs configured for this user.
o keyboard-interactive
Authentication according to RFC 4256 mapped to the standard GUARDIAN user authentication dialog
verifying the SYSTEM-USER’s password.
o gssapi-with-mic
GSSAPI user authentication in accordance with the RFC 4462 standard. Including this method will also
enable “gssapi-keyex” authentication, if the initial key exchange was performed over GSSAPI. See section
"Single Sign-on with GSSAPI Authentication
" for further details.
Default
If omitted, ALLOWEDAUTHENTICATIONS will be set to (keyboard-interactive,password,publickey).
Considerations
ALLOWEDAUTHENTICATIONS is only relevant if AUTOADDSYSTEMUSERS
is set to TRUE.
ALLOWEDAUTHENTICATIONS will not override any list of authentication methods explicitly configured
for a user (using SSHCOM ADD USER or ALTER USER).
Example
ALLOWEDAUTHENTICATIONS (keyboard-interactive,publickey)
See also
AUTOADDSYSTEMUSERS
ALLOWEDSUBSYSTEMS
This parameter can be used to globally restrict the SSH user settings to those subsystems listed in the value for
ALLOWEDSUBSYSTEMS, which is a comma separated list of subsystem names. If a subsystem is not mentioned in
both this global list and the SSH user's attribute ALLOWED-SUBSYSTEMS, then the incoming subsystem request will
be denied.
Parameter Syntax
ALLOWEDSUBSYSTEMS subsystem[,subsystem,...]
Double quotes are required when setting the parameter via PARAM and more than one subsystem is listed:
PARAM ALLOWEDSUBSYSTEMS "sftp,tacl"
54 Configuring and Running SSH2 HP NonStop SSH Reference Manual