HP OpenVMS Systems Documentation

Content starts here

Remote Login and Command Execution

  Table of Contents

  Glossary

  Index

The SSH command creates a secure network connection for remote login and remote command execution. This command is intended as a secure replacement for the RLOGIN and RSH commands. When the user enters the SSH command, the SSH client establishes a session with the server and proves the user's identity to the server using a chosen authentication method, as described in Chapter 3. When the user's identity has been accepted by the SSH server, all communication with the remote SSH server is automatically encrypted.

On the client, you can use the SSH command to log in remotely and execute remote commands.

Command Synopsis

SSH [options][username@]host[#port][command]

Parameters

The username@host#port parameter specifies the user name, the remote host, and the port on the remote host to which to make a connection.

The command parameter specifies one or more commands to be executed on the remote host.

Options

Table 7–3 lists the options you can use with the SSH command.

Table 7-3 SSH Command Options

OptionsDescription

-l login_name

Specifies the user for login to the remote system (same as login_name@host).

+x

Enables X11 port forwarding. Treats X11 clients as "untrusted."

+X

Enables X11 port forwarding. Treats X11 clients as "trusted."

-x

Disables X11 port forwarding.

-i file

Specifies the identity file for public-key authentication. This option takes the file name as a parameter. It is assumed that the file resides in the user's [.SSH2] directory. This option can also be specified in the configuration file.

-F file

Specifies an alternative client host configuration file instead of the default file. The specified file name must include the directory where the file resides (for example,: [.SSH2]MY_SSH2_CONFIG). Information from this file supersedes information from TCPIP$SSH_DEVICE:[TCPIP$SSH]SSH2_CONFIG. and the user's [.SSH2]SSH2_CONFIG. file.

-t

Allocates a terminal device to the process.

-v

Enables verbose mode. Displays verbose debugging messages. Equivalent to the -d2 option. This option can also be specified in the client's configuration file.

-d debug-level

Displays debug information. The debug-level value is a number from 0 to 99, where 99 specifies that all debug information or a comma-separated list of assignments should be displayed.

-V

Displays the version of SSH.

-q

Disables warning messages. This option can also be specified in the client's configuration file.

-p port

Specifies the port to which to connect on the remote system.

-S

Does not request a session channel. This type of session does not disconnect automatically. To disconnect a session begun with this option, enter the following TCP/IP Management command:

$ TCPIP DISCONNECT DEVICE BGnnnn

Where BGnnnn is the SSH session's device socket, as displayed by the TCP/IP management command SHOW DEVICE.

-L [protocol/] port:host:hostport

Specifies that the given port on the local (client) system is to be forwarded to the specified host and port on the remote system. This allocates a socket to listen to the port on the local system. Whenever a connection is made to this port, the connection is forwarded over the secure channel, and a connection is made to the specified host on the specified port from the remote system. Only privileged user accounts can forward privileged ports. The protocol enables the forwarding for the specfied protocol. The protocols implemented are TCP and FTP; the default is no specific processing. Temporary forwardings are created for the FTP data channel, effectively securing the whole FTP session. This option can also be specified in the client configuration file (see Appendix B). FTP data channel forwarding works in passive mode only. Be sure to set passive mode for FTP data channel connections.

-R [protocol/] port:host:hostport

Specifies that the given port on the remote (server) system is to be forwarded to the specified host and port on the local system. This allocates a socket to listen to the port on the remote system. Whenever a connection is made to this port, the connection is forwarded over the secure channel, and a connection is made to the specified host and port from the local system. Only privileged user accounts can forward privileged ports on the remote system. The protocol argument enables protocol-specific forwarding. The protocols implemented are TCP and FTP; the default is no specific processing. Temporary forwardings are created for FTP data channel, effectively securing the whole FTP session. This option can also be specified in the client's configuration file (see Appendix B).

-4

Restricts communications to IPv4.

-6

Enables IPv6 networking.

-o option

Specifies an option in the format used in the SSH2_CONFIG. configuration file. This is useful for specifying an option for which there is no command-line option. Comment lines are not accepted with this option.

-h

Displays information about using the SSH utility.

 

To execute remote commands, enter the SSH command in the following format:

SSH [options] server_name [command]

When a user successfully logs in, the SSH server process:

  • Runs with the user's privileges.

  • Sets up a user environment.

  • Sets the default directory to be the user's home directory.

  • Executes the requested command.

Example

The following example shows how to execute the SHOW SYSTEM command on the remote host VMSHOST.

$ SSH VMSHOST SHOW SYSTEM