Manualshelf

SSH Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series
81828384858687888990
The host key is the private key that is used to authenticate the host against the clients. The fingerprint of the host
key will need to be configured on the remote systems that connect to the SSH2 process running on the NonStop
system. The fingerprint of the host key file is displayed during startup of the process. It can also be seen via
SSHCOM command INFO HOST-KEY
.
In order to prevent unauthorized usage of the host key file (i.e. moving it to other systems), the file is stored in a
proprietary format and encrypted. The host key file is secured as "----".
The customer name configured via parameter CUSTOMER
or, if that does not exist, the customer name held
within the license file for the SSH2 program is used as an input for host-based key encryption. When you plan
to duplicate the host key and user database onto other NonStop systems (such as a disaster recovery system),
you need to make sure the parameter CUSTOMER or the license file of that other system has the same customer
name in it. Otherwise, the host key file and user data base cannot be used on the other system. If you purge the
HOSTKEY and
SSHCTL files and restart the SSH2 process, a new HOSTKEY and SSHCTL file will be
created using either the value of parameter CUSTOMER or, if that does not exist, the customer name from the
license file.
Although a license file is no longer required for NonStop SSH on H and J operating systems, any existing
HOSTKEY and SSHCTL
file requires the customer name that was used to create the file. If a license file exists,
the customer name will be extracted from that file (entry SSH2.customer), unless parameter CUSTOMER is set
in which case the value of CUSTOMER is used. If a license file does not exist and an existing HOSTKEY or
SSHCTL file is accessed, the parameter CUSTOMER must be set to the original value for the customer name.
The public key part of the host key can be exported using the SSHCOM daemon mode command EXPORT
HOST-KEY.
If multiple SSH2 processes started from the same subvolume but used for different purposes, then not only
separate SSH database files (configured via SSHCTL
) but separate host key files (configured via HOSTKEY)
should be configured. Example: SSH for maintenance and public network.
Default
If omitted, SSH2 will use a file name of HOSTKEY.
Example
HOSTKEY $SYSTEM.SSH2.SSHKEY
See also
CUSTOMER, HOSTKEYBITS, HOSTKEYTYPE
HOSTKEYBITS
A local host key is generated whenever the SSH2 process detects at startup that no local host key file exists. The size of
local host key that gets generated can be configured using parameter HOSTKEYBITS.
Parameter Syntax
HOSTKEYBITS keysize
Arguments
keysize
Integer that specifies the size of the local host key in case one needs to be generated. Valid values are:
o 1024 or 2048 if type of host key is RSA.
o 1024 if type of host key is DSA.
Default
If omitted, 1024 is the default value, as before introduction of this parameter.
82 Configuring and Running SSH2 HP NonStop SSH Reference Manual