SSH

Index

Symbols

$HOME, Directory Paths
%APPDATA%, Directory Paths
%USERPROFILE%, Directory Paths
<INSTALLDIR>, Directory Paths

A

access rules, Defining Access Rules Using Selectors (Advanced Mode), Using Selectors in Configuration File
Active Directory, Editing Selectors
address family, The params Block
address, listen, Network, The params Block, Restricting Connections
administrators, Disabling Root Login (Unix)
advanced GUI mode, Tectia Server
agent forwarding, Agent Forwarding (Unix)
AIX
installation, Installing on AIX
uninstallation, Removing from AIX
AIX LAM, The authentication-methods Block
allowed hosts, Restricting Connections
allowing commands, Commands, The services Block
allowing subsystems, Subsystems, The services Block
allowing terminal access, Basic, The services Block
allowing tunneling
local tunnels, Local Tunnels, The services Block
remote tunnels, Remote Tunnels, The services Block
APPDATA, Directory Paths
application tunneling, Tunneling
audit message reference, Audit Messages
audit messages, SFTP, SFTP, The services Block
auditing, Auditing
logins, Auditing with Solaris BSM
authentication, Authentication, Authentication
certificate, Server Authentication with Certificates, User Authentication with Certificates, Configuring Certificates
GSSAPI, User Authentication with GSSAPI
host-based, Host-Based User Authentication
host-based with certificates, Using Certificates
Kerberos, User Authentication with GSSAPI, Forwarding User Authentication to a Kerberos Realm
keyboard-interactive, User Authentication with Keyboard-Interactive, Pluggable Authentication Module (PAM) Submethod, RSA SecurID Submethod, RADIUS Submethod, LAM Submethod on AIX
LAM, User Authentication with Keyboard-Interactive, LAM Submethod on AIX
PAM, The authentication-methods Block, User Authentication with Keyboard-Interactive, Pluggable Authentication Module (PAM) Submethod
password, Parameters, Keyboard-Interactive Submethods, The authentication-methods Block, User Authentication with Passwords, User Logon Rights on Windows, User Authentication with Keyboard-Interactive
public-key, Parameters
server, Identity, The params Block, Server Authentication with Public Keys, User Authentication with Public Keys
user, The authentication-methods Block, Agent Forwarding (Unix)
RADIUS, Keyboard-Interactive Submethods, The authentication-methods Block, User Authentication with Keyboard-Interactive, RADIUS Submethod
SecurID, Keyboard-Interactive Submethods, The authentication-methods Block, User Authentication with Keyboard-Interactive, RSA SecurID Submethod
authentication chain, The authentication-methods Block, Configuring User Authentication Chains
authentication forwarding, Forwarding User Authentication, Agent Forwarding (Unix)
authentication methods, Parameters, The authentication-methods Block, Authentication
authority info access, Server Authentication with Certificates, User Authentication with Certificates
authorization file, Parameters, The authentication-methods Block, Using the Authorization File, Files, Authorization File Options
authorized_keys directory, Parameters, The authentication-methods Block, User Authentication with Public Keys, Files
authorized_keys file, Using Keys Generated with OpenSSH, Files
automated file transfer, Automated File Transfer Script
auxiliary data directory
on Unix, File Locations and Permissions on Unix, ssh-server-config
on Windows, File Locations on Windows

B

banner message, General, The authentication-methods Block, Notification
basic configuration, Configuring Tectia Server
blackboard, adding to, The authentication-methods Block
BSM (Solaris Auditing), Auditing with Solaris BSM

C

C-API, Component Terminology
CA certificate, Certificate Validation, The params Block, Configuring Certificates
intermediate, Certificate Validation, The params Block
trusted, Certificate Validation, The params Block
certificate authentication
server, Identity, The params Block, Server Authentication with Certificates
user, Certificate Validation, The params Block, User Authentication with Certificates, Configuring Certificates, Configuring User Authentication with Certificates on Windows
certificate cache file, Certificate Validation, The params Block
certificate revocation list (CRL)
auto update, Certificate Validation, The params Block
disabling, Certificate Validation, The params Block
distribution point, Server Authentication with Certificates, User Authentication with Certificates
prefetching, Certificate Validation, The params Block
certificate viewer, ssh-certview-g3
certificates
enrolling, Certificate Enrollment Using ssh-cmpclient-g3
revoked, Server Authentication with Certificates
validating, Certificate Validation, The params Block
certificates in host-based authentication, Using Certificates
certification authority (CA), Certificate Validation, The params Block, Server Authentication with Certificates
certification, FIPS 140-2, General, The params Block
changing host key, Notifying the Users of Host Key Changes
channel, Tunneling
chroot, Special Considerations on Windows
chrooting, Chrooting (Unix), Chrooting SFTP
ciphers, Parameters, The connections Block
clients
CMP enrollment, ssh-cmpclient-g3
CMP enrollment client, ssh-cmpclient-g3
command-line tools, Command-Line Tools and Man Pages
commands, Commands, The services Block
configuration
in multiple files, Dividing the Configuration into Several Files
server, Tectia Server Configuration Tool
configuration file
backing up, Upgrading Previously Installed Tectia Server Software
divided, Dividing the Configuration into Several Files
server, Files Related to Tectia Server, Configuration File for Tectia Server, ssh-server-config
syntax, Server Configuration File Syntax
configuration tool, Tectia Server Configuration Tool
configuring
RSA Agent, Configuring RSA Authentication Agent for PAM
selectors, Using Selectors in Configuration File
server, Configuring Tectia Server
connection rules, Connections and Encryption, The connections Block
connections
maximum number, General, The params Block
total number (per servant), General, The params Block
CRL (certificate revocation list)
auto update, Certificate Validation, The params Block
disabling, Certificate Validation, The params Block
distribution point, Server Authentication with Certificates, User Authentication with Certificates
prefetching, Certificate Validation, The params Block
CryptiCore, Enabling CryptiCore
cryptographic library, General, The params Block
customer support, Customer Support

D

debug log, Tectia Server
debugging
on Unix, Starting Tectia Server in Debug Mode on Unix
on Windows, Starting Tectia Server in Debug Mode on Windows
user authentication with certificates, Troubleshooting User Authentication with Certificates
default port, Network, The params Block
default settings, restoring, Tectia Server
default-path, The params Block
denying commands, Commands, The services Block, Disabling Remote Commands
denying connection attempts, Restricting Connections
denying file transfers, Disabling File Transfers
denying subsystems, Subsystems, The services Block
denying terminal access, Basic, The services Block, Disabling Terminal Access , Disabling Terminal Access
denying tunneling, Disabling Tunneling
local tunnels, Local Tunnels, The services Block
remote tunnels, Remote Tunnels, The services Block
detecting dead connections, Parameters
Diffie-Hellman key exchange, Server Authentication with Certificates
directories
installation (Unix), File Locations and Permissions on Unix
installation (Windows), File Locations on Windows
profile, Special Considerations on Windows
root, Special Considerations on Windows
virtual, SFTP, Defining SFTP Virtual Folders (Windows)
disabling CRL, Certificate Validation, The params Block
disclaimer before login, Notification
disk space requirement, Hardware and Disk Space Requirements
Document Type Definition (DTD), Server Configuration File Syntax
documentation, About This Document
documentation conventions, Documentation Conventions
DoD PKI, Certificate Validation, The params Block
domain controller, User Logon Rights on Windows
domain policy, Domain Policy, The params Block
domain user account, User Logon Rights on Windows, Special Considerations on Windows
downloading software, Downloading Tectia Releases
DSA key
private, Identity
public, Identity
DSA key pair, Server Authentication with Public Keys

I

IAS, RADIUS Submethod
IBM AIX, Installing on AIX
identity, Identity
ignore-nisplus-no-permission, The params Block
ignoring AIX login restriction, The params Block
ignoring AIX rlogin restriction, The params Block
incoming tunnels, Remote Tunnels
installation
planning, Preparing for Installation
silent, Silent Installation
upgrading, Upgrading Previously Installed Tectia Server Software
installation packages, Installation Packages
INSTALLDIR, Directory Paths
installed files, Files Related to Tectia Server
installing Tectia Server
on AIX, Installing on AIX
on HP-UX, Installing on HP-UX
on Linux, Installing on Linux
on Linux on IBM System z, Installing on Linux on IBM System z
on Solaris, Installing on Solaris
on VMware ESX, Installing on VMware ESX
on Windows, Installing on Windows
interactive forced commands, Commands, The services Block
intermediate CA certificate, Certificate Validation, The params Block
Internet Authentication Service (IAS), RADIUS Submethod
invalid host key permissions, Invalid Host Key Permissions on Windows

M

MACs, Parameters, The connections Block
maintenance release, Downloading Tectia Releases
man pages, Command-Line Tools and Man Pages
man-in-the-middle attack, Notifying the Users of Host Key Changes, Server Authentication with Certificates
maximum number of connections, General, The params Block
maximum number of processes, General, The params Block
message before login, Notification
message of the day (MOTD), The services Block
Microsoft IAS, RADIUS Submethod
Microsoft Windows, Installing on Windows
MSI package, Installing on Windows
multiple configuration files, Dividing the Configuration into Several Files
multiple host keys, Server Authentication with Public Keys

N

network access server (NAS), The authentication-methods Block, RADIUS Submethod
network address family, General, The params Block
Network Address Translation (NAT), Server Configuration
network interface binding, Restricting Connections
network interface card, Network
network logon, Accessing Resources on Windows Network from Logon Sessions Created by Tectia Server
network settings, Network
non-interactive installation, Silent Installation

P

PAM authentication, The authentication-methods Block, User Authentication with Keyboard-Interactive, Pluggable Authentication Module (PAM) Submethod
upgrading, PAM on AIX
with LDAP, PAM Used with LDAP on Red Hat Linux
PAM library
upgrading, PAM on AIX
pam-account-checking-only, The params Block
password authentication, Parameters, Keyboard-Interactive Submethods, The authentication-methods Block, User Authentication with Passwords, User Logon Rights on Windows, User Authentication with Keyboard-Interactive
password cache, Password Cache, Parameters, The params Block
PEM encoding, Options
Personal Information Exchange (PFX), Identity
PKCS #7 package, Configuring Certificates
planning the installation, Preparing for Installation
Pluggable Authentication Module (PAM), User Authentication with Keyboard-Interactive, Pluggable Authentication Module (PAM) Submethod
pluggable-authentication-modules, The params Block
port forwarding, Tunneling
local, Local Tunnels
remote, Remote Tunnels
restricting, Tunneling
port number
default, Network, The params Block
private key
DSA, Identity
host, Identity, The params Block, Server Authentication with Public Keys, Certificate Enrollment Using ssh-cmpclient-g3
privileged users, Disabling Root Login (Unix)
problem situations, Solving Problem Situations
processes
maximum number, General, The params Block
profile directory, Special Considerations on Windows
proxy scheme, The params Block
proxy server, Configuring Certificates
proxy settings, Proxy Rules
public key
host, Identity, The params Block
user, User Logon Rights on Windows
public-key authentication, Parameters
server, Identity, The params Block, Server Authentication with Public Keys
user, The authentication-methods Block, User Authentication with Public Keys, Agent Forwarding (Unix)

Q

quiet-login, The params Block

R

RADIUS authentication, Keyboard-Interactive Submethods, The authentication-methods Block, User Authentication with Keyboard-Interactive, RADIUS Submethod
random_seed file, Files
recording ptyless sessions, The params Block
Red Hat Linux, Installing on Linux , Installing on Linux on IBM System z
registry keys, Registry Keys on Windows
rekeying interval, Parameters, The connections Block
related documents, About This Document
remote administration, System Administration
remote port forwarding, Remote Tunnels
remote tunnels, Remote Tunnels, The services Block, Tunneling, Remote Tunnels
removing OpenSSL, Removing OpenSSL from Tectia Server
removing Tectia Server
from AIX, Removing from AIX
from HP-UX, Removing from HP-UX
from Linux, Removing from Linux
from Linux on IBM System z, Removing from Linux on IBM System z
from Solaris, Removing from Solaris
from VMware ESX, Removing from VMware ESX
from Windows, Removing from Windows
old versions, Upgrading Previously Installed Tectia Server Software
reporting failed logins, Reporting User Login Failures
requirements
for disk space, Hardware and Disk Space Requirements
for hardware, Hardware and Disk Space Requirements
for upgrading, Upgrading Previously Installed Tectia Server Software
resolve client hostname, General
resolve-client-hostname, The params Block
restoring default settings, Tectia Server
restricting services, Services, The services Block, Restricting Services, Restricting Services
restricting tunneling, Tunneling, Restricting Services
local tunnels, Local Tunnels, The services Block
remote tunnels, Remote Tunnels, The services Block
revoked certificate, Server Authentication with Certificates
RFC 4253, Options
RFC 4716, Options
rights
log on locally, User Logon Rights on Windows
root directory, Special Considerations on Windows
RPM packages, Installing on Linux , Installing on Linux on IBM System z
RSA Authentication Agent, RSA SecurID Submethod
RSA Authentication Server, RSA SecurID Submethod
RSA key
private, Identity
public, Identity
RSA key pair, Server Authentication with Public Keys
RSA SecurID, RSA SecurID Submethod

S

SCEP client, ssh-scepclient-g3
secure application connectivity, Tunneling
secure file transfer, File Transfer
Secure File Transfer Protocol (SFTP), Special Considerations on Windows
Secure Shell server
starting, Starting and Stopping the Server
stopping, Starting and Stopping the Server
secure system administration, System Administration
SecurID authentication, Keyboard-Interactive Submethods, The authentication-methods Block, User Authentication with Keyboard-Interactive, RSA SecurID Submethod
selector handling rules, Selector Processing
selectors, Defining Access Rules Using Selectors (Advanced Mode), Using Selectors in Configuration File
administrator, Editing Selectors
blackboard, The authentication-methods Block
certificate, Editing Selectors, The authentication-methods Block
host certificate, Editing Selectors, The authentication-methods Block
interface, Editing Selectors, The connections Block, The authentication-methods Block
IP, Editing Selectors, The connections Block, The authentication-methods Block
public key passed, Editing Selectors, The authentication-methods Block
user, Editing Selectors, The authentication-methods Block
user group, Editing Selectors, The authentication-methods Block
user password change needed, The authentication-methods Block
user privileged, Editing Selectors, The authentication-methods Block
servant lifetime, General
server
starting, Starting and Stopping the Server
stopping, Starting and Stopping the Server
server authentication
with certificates, Server Authentication with Certificates
with external key, Server Authentication using External Host Keys
with public key, Server Authentication with Public Keys
server authentication methods, Identity, The params Block, Authentication
server banner message, Notification
server certificate, Identity, The params Block, Server Authentication with Certificates
server configuration, Configuring Tectia Server
server configuration file, Files Related to Tectia Server, Configuration File for Tectia Server, ssh-server-config
server configuration tool, Tectia Server Configuration Tool
server host key, Files Related to Tectia Server
server settings, Tectia Server
server status, Tectia Server
services
restricting, Services, The services Block, Restricting Services, Restricting Services
setting user, The authentication-methods Block
setting users to a group, Selectors (Advanced Mode), Services, The authentication-methods Block, The services Block
settings, default, Tectia Server
SFTP audit messages, SFTP, The services Block
SFTP subsystem, Enabling the SFTP Subsystem
SFTP virtual folders, SFTP, Defining SFTP Virtual Folders (Windows)
shared user account, Using a Shared Account
shell access, Disabling Root Login (Unix)
signature algorithms, The params Block
silent installation, Silent Installation
simple GUI mode, Tectia Server
socket, Network
SOCKS server URL, Certificate Validation, The params Block
Solaris
BSM, Auditing with Solaris BSM
installation, Installing on Solaris
uninstallation, Removing from Solaris
ssh-certview-g3, ssh-certview-g3
ssh-cmpclient-g3, ssh-cmpclient-g3
commands, Commands
examples, Examples
options, Options
ssh-ekview-g3, ssh-ekview-g3
ssh-keyfetch, ssh-keyfetch
environment variables, Environment Variables
examples, Examples
options, Options
ssh-keygen-g3, Generating the Host Key, ssh-keygen-g3
examples, Examples
options, Options
ssh-scepclient-g3, ssh-scepclient-g3
commands, Commands
examples, Examples
options, Options
ssh-server-config.xml, Files Related to Tectia Server, Configuration File for Tectia Server, ssh-server-config
ssh-server-ctl, ssh-server-ctl
commands, Commands
options, Options
ssh-server-g3, ssh-server-g3
environment variables, Environment Variables
options, Options
ssh-troubleshoot, Collecting System Information for Troubleshooting, ssh-troubleshoot
commands, Commands
options, Options
starting the server, Starting and Stopping the Server
status, Tectia Server
stopping the server, Starting and Stopping the Server
subsystems, Subsystems, The services Block
denying audit messages, The services Block
executing directly, The services Block
support, Customer Support
supported platforms, System Requirements
SUSE Linux, Installing on Linux , Installing on Linux on IBM System z
system audit
on Solaris, Auditing with Solaris BSM
system configuration, Configuring Tectia Server
system log, Tectia Server, Logging, The params Block, Auditing
system requirements, System Requirements

U

uninstalling Tectia Server
from AIX, Removing from AIX
from HP-UX, Removing from HP-UX
from Linux, Removing from Linux
from Linux on IBM System z, Removing from Linux on IBM System z
from Solaris, Removing from Solaris
from VMware ESX, Removing from VMware ESX
from Windows, Removing from Windows
upgrading, Upgrading Previously Installed Tectia Server Software
use cases, Getting Started
user account
domain, User Logon Rights on Windows, Special Considerations on Windows
local, User Logon Rights on Windows
shared, Using a Shared Account
user authentication
host-based, Host-Based User Authentication, Using Certificates
with certificates, User Authentication with Certificates, Configuring Certificates
with certificates (Windows), Configuring User Authentication with Certificates on Windows
with GSSAPI, User Authentication with GSSAPI
with keyboard-interactive, User Authentication with Keyboard-Interactive
with password, User Authentication with Passwords
with public key, User Authentication with Public Keys
user authentication chain, Configuring User Authentication Chains
user authentication forwarding, Forwarding User Authentication, Agent Forwarding (Unix)
user authentication methods, Authentication, The authentication-methods Block, Authentication
user configuration directory, General, The params Block
user group, User Logon Rights on Windows
user home directory, SFTP, Defining SFTP Virtual Folders (Windows)
User Manager, User Logon Rights on Windows
user name
domain policy settings, Domain Policy
user name handling on Windows, User Name Handling on Windows
user profile directory, Special Considerations on Windows
User started processes, General
user-specific configurations
on Unix, File Locations and Permissions on Unix
on Windows, File Locations on Windows
USERPROFILE, Directory Paths

V

viewing event log, Tectia Server
viewing troubleshooting log, Tectia Server
virtual directories, SFTP
virtual folders, SFTP, Defining SFTP Virtual Folders (Windows)
VMware ESX
installation, Installing on VMware ESX
uninstallation, Removing from VMware ESX

W

well-known port, Tunneling
Windows
domain precedence, The params Block
Event Log, Tectia Server, Logging, Auditing
installation, Installing on Windows
password, User Authentication with Passwords, User Logon Rights on Windows
registry keys, Registry Keys on Windows
trusted domain authentication, Requirements for Trusted Domain Authentication on Windows
uninstallation, Removing from Windows
user authentication with certificates, Configuring User Authentication with Certificates on Windows
user group, User Logon Rights on Windows
user name, User Name Handling on Windows
Windows logon type, General
Windows terminal mode, General
Windows User Manager, User Logon Rights on Windows
windows-logon-type, The params Block
windows-terminal-mode, The params Block

X

X.509 certificates, Certificate Enrollment Using ssh-cmpclient-g3, Configuring Certificates
X11 forwarding, X11 Forwarding (Unix)
X11 listener address, X11 Forwarding (Unix)
x11-listen-address, The params Block, X11 Forwarding (Unix)
XAuth path, The params Block
XML attribute
allow-missing, The connections Block, The authentication-methods Block
allow-ticket-forwarding, The authentication-methods Block
allow-undefined, Selectors and Undefined Data
authorization-file, The authentication-methods Block
authorized-keys-directory, The authentication-methods Block
chroot, The services Block
client-nas-identifier, The authentication-methods Block
default-path, The params Block
dir-mask-bits, The authentication-methods Block
disable-authorization, The authentication-methods Block
disable-crls, The params Block
dll-path, The authentication-methods Block
enable-password-change, The authentication-methods Block
failure-delay, The authentication-methods Block
http-proxy-url, The params Block
idle-timeout, The services Block
ignore-aix-login, The params Block
ignore-aix-rlogin, The params Block
ignore-nisplus-no-permission, The params Block
login-grace-time, The authentication-methods Block
mask-bits, The authentication-methods Block
max-connections, The params Block
max-processes, The params Block
max-tries, The authentication-methods Block
openssh-authorized-keys-file, The authentication-methods Block
pam-account-checking-only, The params Block
print-motd, The services Block
proxy-scheme, The params Block
quiet-login, The params Block
record-ptyless-sessions, The params Block
require-dns-match, The authentication-methods Block
resolve-client-hostname, The params Block
service-name, The authentication-methods Block
set-group, The authentication-methods Block
signature-algorithm, The authentication-methods Block
signature-algorithms, The params Block
socks-server-url, The params Block
tcp-keepalive, The connections Block
total-connections, The params Block
trusted, The params Block
use-expired-crls, The params Block
user-config-dir, The params Block
windows-domain-precedence, The params Block
windows-logon-type, The params Block
windows-terminal-mode, The params Block
x11-listen-address, The params Block
xauth-path, The params Block
XML DTD, ssh-server-config, Server Configuration File Syntax
XML element, ssh-server-config
address-family, The params Block
attribute, The services Block
attribute umask, The services Block
auth-file-modes, The authentication-methods Block, Enabling Public-Key Authentication
auth-gssapi, The authentication-methods Block
auth-hostbased, The authentication-methods Block
auth-keyboard-interactive, The authentication-methods Block
auth-password, The authentication-methods Block
auth-publickey, The authentication-methods Block
authentication, The authentication-methods Block
authentication-methods, The authentication-methods Block
banner-message, The authentication-methods Block
ca-certificate, The params Block
cert-cache-file, The params Block
cert-validation, The params Block
cipher, The connections Block
command, The services Block
connection, The connections Block
connections, The connections Block
crl-auto-update, The params Block
crl-prefetch, The params Block
crypto-lib, The params Block
dod-pki, The params Block
domain-policy, The params Block
environment, The services Block
externalkey, The params Block
group, The services Block
hostkey, The params Block
hostkey-algorithm, The connections Block
ldap-server, The params Block
limits, The params Block
listener, The params Block
log-events, The params Block
logging, The params Block
mac, The connections Block
mkex, The connections Block
ocsp-responder, The params Block
params, The params Block
password-cache, The params Block
pluggable-authentication-modules, The params Block
private, The params Block
protocol-parameters, The params Block
public, The params Block
radius-server, The authentication-methods Block
radius-shared-secret, The authentication-methods Block
rekey, The connections Block
rule, The services Block
selector, The connections Block, The authentication-methods Block, The services Block
selector/blackboard, The authentication-methods Block
selector/certificate, The authentication-methods Block
selector/host-certificate, The authentication-methods Block
selector/interface, The connections Block, The authentication-methods Block
selector/ip, The connections Block, The authentication-methods Block
selector/publickey-passed, The authentication-methods Block
selector/user, The authentication-methods Block
selector/user-group, The authentication-methods Block
selector/user-password-change-needed, The authentication-methods Block
selector/user-privileged, The authentication-methods Block
servant-lifetime, The params Block
services, The services Block
set-blackboard, The authentication-methods Block
set-user, The authentication-methods Block
settings, The params Block
submethod-aix-lam, The authentication-methods Block
submethod-generic, The authentication-methods Block
submethod-pam, The authentication-methods Block
submethod-password, The authentication-methods Block
submethod-radius, The authentication-methods Block
submethod-securid, The authentication-methods Block
subsystem, The services Block
terminal, The services Block
tunnel-agent, The services Block
tunnel-local, The services Block
tunnel-local/dst, The services Block
tunnel-local/src, The services Block
tunnel-remote, The services Block
tunnel-remote/listen, The services Block
tunnel-remote/src, The services Block
tunnel-x11, The services Block
x509-certificate, The params Block