Parameter Types
Each parameter has a data type associated with it: integer, string, list, or
mlist. The data type affects how the value in the name/value pair is
interpreted. For the integer type the value must be a decimal integer
(e.g. 22),the 3 other types take character strings as their values. If
a string value contains space characters, surround the entire string with
double quotes (").
Parameters with the list data type take multiple string values as the parameter's
data. Each value in the list is specified with a separate name/value
pair (i.e. NOT a comma-delimited list). The mlist data type is a multi-level
form of the list type, each value is of the form keyword=value.
Parameter Names
- administrator (list)
-
Specifies usernames that are allowed to connect to the server's administrator
interface.
- allow_authtype (list)
-
Specifies SSH authentication types the server is permitted to accept.
The value is one of the keywords: password, RSA.
- allow_cipher (list)
-
Specifies the cipher types the server will permit the client to use for
the connection. Cipher types supported are: none, idea, des, 3des, rc4, and
blowfish. If the value "all" is specified, all supported ciphers except
"none" are allowed.
- cmd_task (string)
-
Specifies the wrapper procedure or DECnet task specification for
command mode execution, default value is "@sylogin-dirSSHEXEC.COM",
where sylogin-dir is directory containing sys$sylogin procedure.
- decnet_cmd (integer)
- Flag value to indicate operating mode
for 'command mode' (non-PTY) connections. If value is zero (the default), client
processes are created as detached processes using mailboxes. A non-zero
will execute the requested commands via DECnet netserver processes using
task specified by cmd_task parameter.
- event_formatter (string)
- Reserved.
- event_log (string)
- File specification of server's log file.
Log file notes connections, disconnections, logins, and other miscellaneous
events.
- host_key (string)
-
File specification of the SSH host key. The host key is an RSA private
key, stored in a PEM (privacy enhanced mail) file format, that the client
uses to authenticate the host. Note that the file cannot be password
protected and therefore must be carefully protected against access by
non-privileged users.
- initiator (string)
-
Specifies the DCL command to be executed by the initiator helper process.
The initiator process handles creation of the client processes under the
correct username.
- key_generator (string)
-
Specifies the DCL command to be executed by the key generator process.
The key generator handles the periodic creation of new server keys. Since
RSA key generation is CPU intensive, a separate process allows this background
task to run at lower priority. The server_key file get overwritten
each time a new key is generated.
The current key generator takes the refresh time as a command line argument.
- login_info_table (string)
-
Specifies the name of the logical name table used to store protected
login information (default table name is SSH_LOGIN_INFO). The protected
information includes last login times, newmail counts and X11 server
assignment data.
- login_table (string)
-
Specifies the name of the logical name table used to store non-protected
login information (default table name is SSH_LOGIN_MAP). The non-protected
data includes the terminal name and remote connection info (accpornam data).
- login_timeout (integer)
-
Maximum number of seconds the server will wait for a new connection to
complete login.
- max_clients (integer)
-
Maximum number of clients, this number may be reduced by available process
quotas and/or system-wide resource limits.
- multi-user (list)
-
Specifies the IP addresses of client hosts that the server is to
consider multi-user hosts for breaking detection puposes. Normally, a
login failure will be added to the intrusion database using a source
of the form ip-address::SSH_CLIENT. If the ip address in on the
multi-user list, the server will instead use
ip-address::username as the source.
- port (list)
-
TCP/IP port number server is to listen on for SSH connections.
- port_forward (integer)
-
Flags for setting port forwarding options, integer value is interpreted
as a bit mask. The default value is 3.
- Bits
- <0> - Allow SSH_MSG_PORT_OPEN by client.
<1> - Allow client SSH_CMSG_PORT_FORWARD_REQUEST by client.
- pty_map_table (string)
-
Specifies name of logical name table to store PTY mapping information. The
logical names are the pseudo-terminal names with the values being the
remote host/port information and the authenticated username.
- pty_mode (integer)
-
Specifies type of pseudo-terminal (PTY) login to perform. A value of 0 disables
creation of PTYs. A value of 1 (the default) logs in the user using the
same authentication information provided to setup the SSH connection. A
value of 2 causes the PTY to prompt for a username/password independant of
the SSH authentication information.
- required_id (list)
-
Specifies VMS rightslist identifiers that allow/disallow access to the
the server via SSH. Each identifier may be negated or non-negated (precede
identifier name with a minus sign(-)). If the required_id list is not empty,
a user must be granted at least one of the non-negated identifiers on the
list and none of the negated identifiers.
- rsa_engine (string)
-
Specifies the DCL command to be executed by the RSA helper process. The
RSA helper process handles the RSA decryption of the session keys, off-loading
the server process of this CPU intensive task. This parameter is optional,
if not present the server will handle the RSA decryption internally.
- server_key (string)
-
File specification of the current SSH server key. The server key is an RSA
private key, stored in PEM (privacy enhanced mail) file format, that is used
for secure key exchange during connection setup. The server key changes
relatively frequently (see key_generator) to limit the window for
known plaintext attacks on the server. Note that the file cannot be password
protected and therefore must be carefully protected against access by
non-privileged users.
- tt_char (mlist)
-
Defines terminal characteristics. The keyword portion of each value is
the TERM type supplied by the client for the remote terminal and the value
is a keyword is a VMS terminal characteristic to set/reset. To reset
a characteristic, precede the value with a minus sign (e.g. vt52=-form).
The value keywords follow the definitions in the ttdef, the SET TERMINAL
command. The null TERM type defines the default settings for all terminals.
- tt_type (mlist)
-
Defines terminal types. The keyword portion of the value is the TERM
type supplied by the client and the value is the corresponding VMS
terminal type (set term/device_type=...) for that terminal type.
The only VMS types currently recognized are UNKNOWN, VT100, VT200_series,
VT300_series, VT400_series, and PRO_series.
- user_keyfile (string)
-
Specifies the relative location and name of the per-user authorized keys
file for RSA authentication. The authorized keys file contains the
public keys for clients that are allowed to perform RSA logins to that user
account. The target user's login directory is converted to Unix syntax
and prepended to the user_keyfile string, therefore the string must be
in Unix file specification syntax (e.g. ssh/authorized_keys.dat).
The user keyfile must be owned by the target user. The format of the
keyfile matches that used by the Unix ssh clients (size exp key comment).
- x11_server_number (integer)
-
Specifies the starting X11 server number for X11 pseudo-servers, must
be a number greater than 0
- x11_servers (integer)
-
Specifies the maximum number of X11 pseudo-servers to create in response
to client forwarding requests.
- x11_table_size (integer)
-
Specifies the maximum number of channels each pseudo-server can open. This
number includes the link back to the SSH client as well as the TCP listen
socket, so should be a minimum of 3.