SSH Reference Manual
Default
If omitted, SSH2 will accept all ciphers mentioned above.
Example
CIPHERS 3des-cbc
This will enforce the use of only 3DES-encryption.
CLIENTALLOWEDAUTHENTICATIONS
Use this parameter to restrict the authentication methods the NonStop ssh clients (SSH[OSS], SFTP[OSS]) can try.
Parameter Syntax
CLIENTALLOWEDAUTHENTICATIONS method | "method,method,…"
Arguments
method
A supported authentication method
Considerations
• The value (list of authentication methods) is only relevant for outgoing ssh connections. For incoming
connections the list of authentication methods is configured for each user (attribute ALLOWED-
AUTHENTICATIONS).
• The authentication methods actually allowed at the client side consist of those methods that are specified in the
client side option "AllowedAuthentications" as well as in the value of SSH2 parameter
CLIENTALLOWEDAUTHENTICATIONS.
Default
The default value is to allow all methods that are supported.
Examples
CLIENTALLOWEDAUTHENTICATIONS "password,keyboard-interactive"
CLIENTALLOWEDAUTHENTICATIONS publickey
See also
• Ssh clients option AllowedAuthentications, see section "SSH and SFTP Client Reference
", General Runtime
options.
• User attribute ALLOWED-AUTHENTICATIONS
CLIENTMODEOWNERPOLICY
Defines security granularity for client mode SSH2 database.
Parameter Syntax
CLIENTMODEOWNERPOLICY LOGINNAME | GUARDIANNAME | BOTH
Arguments
LOGINNAME
The default owner is the login name, which can be a Guardian user identifier or an alias. An alias user cannot
add/read/manipulate entries for the Guardian user the alias is configured with; vice versa, a Guardian user also
HP NonStop SSH Reference Manual Configuring and Running SSH2 • 69