Table of Contents
Advertisement
•
PERMIT-OPEN: Target host and port combinations the user is allowed to use for port forwarding.
•
FORWARD-FROM: Remote hosts the user can access ssh tunnels from.
•
LAST-MODIFIED: Record maintenance: Last time the record was modified.
Database for Client Mode
Format and Content of the Database
In client mode, the SSH2 database contains three entities, which are all related to a local Guardian system user:
•
KEYs are private user keys used to authenticate to remote systems.
•
PASSWORDs are passwords used to authenticate to remote systems
•
KNOWNHOSTs are remote systems that are authenticated by configuring their IP addresses, port numbers,
and public keys
All three entities contain a set of properties that are used when a local Guardian system user initiates an outgoing
connection. Access to the client mode records is controlled by the local Guardian user name, which is stored in client
mode records.
Client mode record type KEY holds user key information for the local Guardian user initiating a client connection on
NonStop. The key information in the client mode database includes the complete Public Key pair, i.e. both public and
private part. KEY records are created via SSHCOM command GENERATE KEY. Database key to the KEY entity
consists of:
•
KEY: the name of the public key pair generated for the Guardian user
•
USER: the name of the local Guardian user the public key was generated for
The KEY entity has the following additional properties:
•
COMMENT: a free text field allowing you to enter a descriptive comment
•
TYPE: The type of the key, supported key types are RSA and DSA
•
BITS: The number of bits of the key.
•
PUBLICKEY-FINGERPRINT: The fingerprints of the public key associated with that private key.
•
STATUS: whether the key is frozen or thawed.
•
CREATION-DATE: the time the key was generated, if available. A key is in state 'PENDING' if LIVE-DATE
has not been reached yet.
•
LIVE-DATE: the time the key changes or has changed to state 'LIVE'. If the attribute LIVE-DATE is not set,
then a key is automatically in state 'LIVE'. A key stays in this state until EXPIRE-DATE is reached.
•
EXPIRE-DATE: the time the key changes or has changed to state 'EXPIRED'.
•
LIFE-CYCLE-STATE: the life-cycle state the user private key is in. Possible values are 'PENDING', 'LIVE'
and 'EXPIRED'. This is actually not an explicit database field but its value will be determined by the three
database fields CREATION-DATE, LIFE-DATE and EXPIRE-DATE.
The database also contains some additional information collected by SSH2 about each key record:
•
LAST-USE: Record usage: Last time the record was used.
•
LAST-MODIFIED: Record maintenance: Last time the record was modified.
Client mode record type PASSWORD holds user password information for the Guardian user initiating a client
connection on NonStop. PASSWORD records are added when a user confirms a password is to be stored or via
SSHCOM command ADD PASSWORD. Database key to the PASSWORD entity consists of:
130 • The SSH User Database
HP NonStop SSH Reference Manual
- Quick Links:
- The Ssh2 Solution
- Secure Sftp Transfer
Hide quick links:
Advertisement
Table of Contents
