Manualshelf

SSH Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series
61626364656667686970
can not add/read/manipulate entries for associated aliases. In other words, a Guardian or alias user can
add/manipulate entries for that Guardian or alias user only.
The value LOGINNAME is recommended if different people are using the various aliases configured with the
same Guardian user identifier.
GUARDIANNAME
The default owner is the Guardian user identifier, independent if the logon name is an alias or a Guardian user.
Entries are read using the Guardian user ID only. This means that a Guardian user can add/read/manipulate
entries for associated alias users, and vice versa.
The assumption is that the same person uses the aliases of a Guardian user identifier and the Guardian user
identifier itself. This was the default before this enhancement was introduced (in release 89) and therefore value
GUARDIANNAME needs to be used if the client mode policy of previous releases should be kept.
BOTH
The default owner is the login name but a guardian user can add or manipulate entries stored under an alias or a
guardian user identifier. Entries are read for both the login name and the guardian user in case these are
different (entries of the alias are read first, then entries of the guardian id). The value BOTH is only
recommended if a guardian user and all aliases configured for this guardian user are solely used by one person
and client mode records are to be stored under Guardian user identifier as well as alias names.
Example: Assume, an alias entry is present, but not an entry for the associated Guardian ID, and the user is
logged on as the alias. With client mode owner policy set to LOGINNAME, privileges to read/alter the entry
would be granted, for GUARDIANNAME they would not be granted because a matching entry is not found,
and for BOTH they would be granted. If the Guardian entry is present but not the alias, and the user is logged
on as the alias, LOGINNAME access would not be allowed, GUARDIANNAME would be allowed, and BOTH
would also be allowed.
Considerations
The value (list of authentication methods) is only relevant for outgoing ssh connections. For incoming
connections the list of authentication methods is configured for each user (attribute ALLOWED-
AUTHENTICATIONS).
The authentication methods actually allowed at the client side consist of those methods that are specified in the
client side option "AllowedAuthentications" as well as in the value of SSH2 parameter
CLIENTALLOWEDAUTHENTICATIONS.
Default
The default value is BOTH.
Examples
CLIENTMODEOWNERPOLICY LOGINNAME
See also
Section on Ownership and Management of Client Mode Entities.
COMPRESSION
Use this parameter to specify whether compressed SSH sessions will be supported.
Parameter Syntax
COMPRESSION TRUE|FALSE
Arguments
TRUE|FALSE
70 Configuring and Running SSH2 HP NonStop SSH Reference Manual