Quick-Starting The Ssh2 System - HP NonStop SSH 544701-014 Reference Manual

Quick-Starting the SSH2 System

This section illustrates how to quickly start the SSH2 system and provides an overview of the functionality available. For
production installation, you will need to consider availability, load balancing and security related issues. Please refer to
the "Configuring and Running
To start the STN Pseudo Terminal Server
To enable remote SSH clients to allocate a pseudo terminal for full screen access, you will need to start an STN process
to act as a PTY server for SSH2. You may omit this step if full screen access is not required.
1. At the TACL prompt, issue the following commands:
CLEAR ALL PARAM
PARAM BACKUPCPU ANY
RUN STN/NAME $PTY, NOWAIT/
2. Verify if the process started successfully by checking its status and EMS for any error messages.
Note: For productive use of the STN component, it is recommended that you install the EMS template file ZSTNTMPL
using standard installation procedures. This will ensure that STN EMS messages will be displayed correctly.
To Start the SSH2 Component
Note: The SSH2 process must be started and run under the SUPER.SUPER logon. When started using a different user
ID, the process will issue a warning message and terminate.
1. SSH2 can be started easily. At the TACL prompt, issue the following commands:
CLEAR ALL PARAM
RUN SSH2/NAME $SSH01, CPU 1/ ALL; &
PORT 22; &
AUTOADDSYSTEMUSERS true; &
ALLOWTCPFORWARDING true; &
STRICTHOSTKEYCHECKING false
Following are details on these instructions:
•
"$SSH01" is the process name of the SSH2 process. Setting the process name to "$SSHnn"—with nn being
the number of the CPU in which SSH2 is started—will allow the NonStop SSH and SFTP clients to
automatically find the SSH2 process handling the SSH protocol layer for them.
•
In a production environment it is recommended to specify run option NOWAIT as well as run options
TERM and OUT with a virtual home terminal as value, e.g. TERM $ZHOME, OUT $ZHOME (Please
replace $ZHOME with $VHS or other process name as needed.) When you start SSH2 in NOWAIT mode,
make sure you have disabled logging to the home terminal. To do so, set PARAM LOGCONSOLE *.
•
The keyword "ALL" designates that the SSH2 component will be allowing all supported functionality. (For
more information, see chapter
process.)
•
The parameter "PORT" reflects the port number SSH2 will listen on for incoming SSH connections.
•
The parameter "AUTOADDSYSTEMUSERS" controls whether remote users can log on via SSH using a
Guardian user ID or alias, without configuring them explicitly via SSHCOM in the SSHCTL.
•
The parameter "ALLOWTCPFORWARDING" controls whether port forwarding is generally allowed.
•
The parameter "STRICTHOSTKEYCHECKING" controls whether client access to remote systems is
limited to hosts with their public key explicitly configured as a KNOWNHOST entity in the SSHCTL.
36 • Installation & Quick Start
SSH2" chapter for details.
"Configuring and Running SSH2" for details on the run modes of the SSH2
HP NonStop SSH Reference Manual