Manualshelf

SSH Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series
51525354555657585960
Arguments
subsystem
Specifies an SSH subsystem to be allowed for incoming connections. Valid values are…
o tacl
o sftp
Default
If omitted, ALLOWEDSUBSYSTEMS will be set to "sftp,tacl".
Considerations
In an environment with more than one SSH2 process accessing the same SSHCTL database this parameter can
be used to force users to use one SSH2 process for SFTP sessions and the other SSH2 process for TACL
sessions.
Although shell/exec requests are not subsystem requests, the parameter ALLOWEDSUBSYSTEMS can be
used to generally prevent a user from starting a TACL: If parameter ALLOWEDSUBSYSTEM does not
include subsystem tacl, then any request for a TACL is prevented even when ALLOW-CI is set to TRUE.
If in this case CI-PROGRAM is configured as “*MENU* …” or “telnet …”, i.e. a TACL is not directly started,
then the telnet service menu or the telnet forwarding is processed as configured. A user cannot get a TACL
prompt but it is possible to execute single commands in this case, see section "
TACL Subsystem and Command
Interpreter Configuration".
Example
ALLOWEDSUBSYSTEMS sftp
ALLOWFROZENSYSTEMUSER
This parameter controls the behavior when SSH2 detects that the configured SYSTEM-USER of the ssh user is in state
FROZEN in Safeguard.
Parameter Syntax
ALLOWFROZENSYSTEMUSER TRUE|FALSE
Arguments
TRUE|FALSE
Specifies whether Safeguard users in state frozen are allowed to access the NonStop. Valid values are:
o TRUE: A frozen user is not rejected, i.e. can authenticate via configured authentication methods.
o FALSE: Authentication fails without trying any of the configured authentication methods if a Safeguard
user is in state FROZEN.
Default
If omitted, ALLOWFROZENSYSTEMUSER will be set to FALSE. This is a change compared to releases prior to 0089
as frozen users were allowed before version 0089.
Considerations
This parameter should be set to TRUE only if compatibility to previous behavior is required.
Even if ALLOWFROZENSYSTEMUSER is set to TRUE, the methods password and keyboard-interactive will
always fail due to the FROZEN state (because Safeguard is involved and will not authenticate a frozen user).
Example
HP NonStop SSH Reference Manual Configuring and Running SSH2 55