TCPware for OpenVMS User`s Guide
Contents
1. Server Client System System SSHD2 C SFTP SCP2 SERVER2 EF Terminal 17 1 Secure File Transfer SCP file transfers are different from FTP file transfers With FTP a file can be transferred as ASCII BINARY RECORD or in OpenVMS format if MultiNet or TCPware is in use In SCP the primary transfer format is BINARY Also the defined syntax for a file specification is UNIX syntax Due to these restrictions files that are transferred from dissimilar systems may or may not be useful ASCII transfers are done by searching the transferred data for the specified newline sequence and making the specified substitution Process Software has used methods available in the protocol to attempt to improve the chances that files will be useful upon transfer The SSH File Transfer Protocol is an evolving specification and some implementations may not support all options available in the protocol or worse not tolerate some optional parts of later versions of the protocol Process Software has used the defined extensions in the protocol to transfer information about the VMS file header characteristics such that when a file is transferred between two VMS systems running MultiNet v4 4 or higher TCPware V5 7 or higher and or SSH for OpenVMS the file header information will also be transferred and the file will have the same format on the destination system as it had on the source system Also w2. lt tunnel gt sys1 gt I mysys gt Sys2 SSHD F SSH port 4000 port 23 16 22 Accessing Remote Systems with the Secure Shell SSH Utilities For example a user wants to use mysys to create a tunnel between sys1 4000 and sys2 23 so that TELNET sessions that originate on sys1 4000 get tunneled to sys2 through the firewall On mysys SSH2 sysl remote forward 4000 sys2 23 Now on sys1 a user could establish a TELNET session to sys1 by doing telnet localhost port 4000 The mechanism used for making the TELNET connection setting up the tunnel is essentially the same as described in the LOCAL FORWARD example above except that the roles of SSH and SSHD in the dialog are reversed Other Files The files in Table 16 3 are used by SSH Note that these files generally reside in the SSH2 subdirectory from the user s SYSSLOGIN directory The SSH2 subdirectory is created automatically on your local system the first time SSH is executed and on a remote OpenVMS system the first time an SSH connection is made to that system File protection for SYSSLOGIN SSH2 DIR should be S RWD O RWD G W Table 16 3 SSH2 Files Resides File Name On Description SSH2 SSH2 CONFIG Client This is the individual configuration System file This file is used by the SSH2 client It does not contain sensitive information The recommended file
3. 12 12 TELNET Connecting to Remote Terminals Convention Meaning Introduces a control character For example z Newline t Tab r Carriage return E Escape V Represents a single quote when used in a key definition Ends a key definition For example z NEOM Begins a comment See TN3270 Keypad Graphics Characters Alternative key mappings Client TELNET provides an alternative mapping file that closely resembles the keyboard mappings provided by the OpenVMS DECwindows DECnet SNA 3270 Terminal Emulator To use these mappings redefine the TCPWARE TELNET KEYBOARD MAP logical to point to the MAP3270 DECSNA DAT file By default this logical points to the MAP3270 DAT file You can also define your own key mapping file Just make sure you redefine the TCPWARE TELNET KEYBOARD MAP logical so that it points to the new file Table 12 2 IBM to OpenVMS Keyboard Map IBM Function OpenVMS Keys IBM Function OpenVMS Keys Enter Ctrl M or CR PF15 Ctrl F 1 5 or PF1 KP5 Clear Ctrl Z or Enter PF16 Ctrl F 1 6 or PF1 KP6 Newline Ctrl N PF17 Ctrl F 1 7 or PF1 KP7 Tab Ctrl I or Tab PF18 Ctrl F 1 8 or PF1 KP8 Backtab Ctrl B PF19 Ctrl F 1 9 or PF1 KP9 Left arrow Ctrl H or left arrow PF20 Ctrl F 2 0 or PF2 KPO Right arrow Ctrl L or right arrow PF21 Ctrl F 2 1 or PF2 KP1 Up arrow Ctrl K or up arrow PF22 Ctrl F 2 2 or PF2 KP2 Down arrow Ctrl J or down arr
4. ONC RPC Programmer s Guide for details about TCPware s implementation of ONC RPC proNET Proteon s token ring Operation and Maintenance Manual for the proNET Local Network System available from Proteon Inc Westborough MA Remote magnetic tape service rmt Maintenance Commands section of the SunOS Reference Manual available from Sun Microsystems Setting up print queues and initiating print commands on the OpenVMS host HP s Guide to Maintaining a VMS System OpenVMS users can also see the VMS DCL Dictionary or the DECprint Printing Services User 5 Guide X 25 VAX P S I documentation from Hewlett Packard Hewlett Packard Documentation For details on the OpenVMS operating systems system services and utilities see the appropriate Hewlett Packard documentation 7 Appendix TCPware Logicals Table B 1 lists the TCPware logicals in alphabetical order Table B 1 TCPware Logicals FTP STARTUP Defines STARTUP to point to the FTP_STARTUP COM file DEFINE SYSTEM EXECUTIVE FTP STARTUP SYSSMANAGER FTP_STARTUP COM Client users can override this startup file by creating their own Including the command DEFINE PROCESS STARTUP in a user s LOGIN COM file overrides any DEFINE SYSTEM EXEC command in the SYSSMANAGER SYSTARTUP V5 COM file NETCU STARTUP Defines NETCU STARTUP to point to the NETCUSTART COM file For example you can include the f
5. sse 5 21 Using Other Print Qualifiers nee eee Eee e Riera 5 22 TCPWARE IPP SHOW Command essere eene E nnne tnter nete 5 22 Chapter 6 and RMT Remote CD ROMs and Tapes Introd ction x etre eI DNE RIDK E 6 1 RMT Glientand RCD Client ei ete eere E re Re 6 1 Troubleshooting s ee hades Ge Hedy ENQUIRIES A ees 6 1 Chapter 7 RCP Copying Files TiAtrOMUCtOM ence tive Cod bodes tet Rad rente MODA Sees 7 1 Chapter 8 RLOGIN Logging In to a Remote Host Introd ction 23 ARR CERERI ei aie een NI 8 1 Chapter 9 Issuing Commands on a Remote Host Introductions 9 1 Chapter 10 Sending and Receiving Electronic Mail Using OpenVMS Mail Across the Network sess ener nne 10 1 Contents Specifying Addresses iens ce dud ae eque seat at ers 10 1 Specifying a Host Alias 5 5 no Serie dtd eri e esed er E ERO TRE 10 3 Specifying Individual Aliases sess enne ener 10 3 Using Mail Under EET 10 4 Delivering Mail to Specific 10 4 User Defined Headets t eo Gre eo Rt n Gen tet ere ope 10 4 Chapter 11 TALK Exchanging Terminal Messages Introduction e ee He RE RI US trance een eds 11 1 TAER 11 1 Command Reference e UE 11 3 Troub
6. TCPWARE NFS SECURITY Enables various security features This parameter is a decimal bit mask value Caution Do not use bits 0 and 1 for PC clients using PCNFS If you use PC NFS printing with mask value 2 add an entry to the EXPORT database for each client subdirectory not just a single entry for the spool directory The pathname listed in the EXPORT database should be the NFS_PCNFSD_SPOOL parameter value concatenated with the name of the client subdirectory If you set bit 5 PC NFS users can print to batch queues This may present a security risk since users could submit batch jobs under a privileged or another user by forcing the UID GID values of their choice Disabling use of the intrusion database for PCNFSD by setting bit 6 affects all exports A bit mask 8 value of 128 disables PCNFSD deletion of printed files from the spool directory TCPWARE NFS TCP THREADS Controls the number of simultaneously serviced requests received over TCP connections the server can support The server requires a thread for each TCP request it receives This thread 15 active for the amount of time it takes the server to receive the request perform the operation and send a reply to the client The more threads the server supports the better the performance Note The number of threads has no impact on the number of TCP connections the server supports TCPWARE NFS UDP THREADS This is similar to the THREADS parameter
7. UCXSINET HOST Defined to be the host name the same setting as TCPWARE DOMAINNAME UCXSIPC SHR Provides the linkage to the TCPware version of the UCXSIPC SHR Run Time library B 31 PART III Appendixes B 32 Introduction Glossary This chapter provides a glossary of terms found throughout the TCPware for OpenVMS documentation set Glossary of Terms access control list ACL OpenVMS list containing access rights for users access restrictions Restrictions on a TCP application s usage either incoming or outgoing active open Actively opens a connection TCPDRIVER sends segments to establish a connection to the destination host and port number for an active open request To establish a connection a passive open must usually be pending on the destination host Address Resolution Protocol ARP Protocol used to map internet addresses to physical hardware addresses used on Ethernet and FDDI See Fiber Distributed Data Interface and Reverse Address Resolution Protocol Ancillary control process ACP A process that acts as an interface between user software and an I O driver An ACP provides functions supplemental to those performed in the driver such as file and directory management application program interface APT Programming interface to an application such as the TCPware SNMP Extendible Agent MIB API ACE Client API for Token Authentication or the inter
8. 5 18 7 anor rss asi pui tan E aai i xix Online Help ier bete A M EP RR ER RS Obtaining Customer SUppOFt Ule eive ERU Licensing Information cette e e ete etae tendi eie ae xxi EE AER decade de RTL 1 ed vede E eC e RED xxi Documentation 5 reete GT II xxi Conventions 56 e eee e ee eee e e t Pe ees xxiii Chapter 1 Introducing TCPware for OpenVMS Introd ction nte o eo ema perderet 1 1 Enterprise Wide Networking 5 ite c ede ee tee d oie dede 1 1 TGPware tfor OpenVMS RE RO PE P dte i gt 1 3 PEP IP SCL VACES ERR E E E TETTA 1 5 TCPware Products for the PDP 11 Operating Systems 1 8 Chapter2 Functional Overview Introd ctioh ote o e de et e t dio 2 1 Remote Fal systemcACCess REND rere RR eee 2 1 Transferring oerte En ien Manutan 2 3 Printing Files ie Rhe RR GR RR RERO RT ee 2 4 Logging Into Remote HOSts 5 ersten dot fica cohetes E tente ee 2 5 xi Contents Transferring Mail and Exchanging Messages c ccssccsscecesseescesceseeeseeeeeeseeseecsecseecaecseeaeesenaeens 2 7 Accessing Network Drives oa de 2 8 Configuritig Hosts ints RUE RR ROUEN ETOR 2 9 Controlling Network F nctions oss
9. Synonyms RMDIR dir dir DELETE DIRECTORY MDELETE file file DELETE MULTIPLE CAUTION The DIRECTORY command does not list hidden files files that start with a period Using any wildcards with the MDELETE command deletes hidden files which you might need Parameters file dir Remote files or directories to delete If used with the DIRECTORY qualifier you can indicate the remote directory in the format node username password directory To open a connection first use the node username password part of the format This syntax is optional If you omit the parameter and a connection is already open Client FTP uses the current default directory The directory part of the format is any valid remote directory specification Enclose the specification in quotes if it contains special characters or embedded spaces or is case sensitive Use the node directory syntax for access to an anonymous user directory The ANONYMOUS qualifier is implicit When deleting files file can contain wildcards See the MULTIPLE qualifier 3 40 DELETE FTP Transferring Files Qualifiers ANONYMOUS NOANONYMOUS Enables ANONYMOUS or denies INOANONYMOUS deletion of anonymous files or directories You can omit ANONYMOUS if using the node file syntax node path See Anonymous Users Note SET DEFAULT can change the defaults indicated for the following qualifiers CONFIRM NOCONFIRM default CONFIRM i
10. filename mapping Process in NFS of mapping filenames between OpenVMS and UNIX so as to preserve the respective systems filenaming conventions filesystem Method for recording cataloging and accessing files on a client or server system flat namespace In flat namespace naming a system selects object names from a single set of strings rather than a hierarchical organization of strings The following hostnames are examples ALPHA RESEARCH TULIP Gateway Routing Daemon GateD Manages multiple routing protocols including the Routing Information Protocol RIP Local Network Protocol HELLO Router Discovery Protocol Open Shortest Path First OSPF protocol Exterior Gateway Protocol EGP and Border Gateway Protocol BGP gateway Device used to connect two or more networks to form an internet A gateway also has an internet address for each connected network and performs routing functions GROUP database Database on the NFS Client that authorizes a client s group access to the remote host s filesystems The database contains the group number and the VMS group identifier corresponding to the remote group identifier in the UNIX etc group file group ID GID Group identification on the UNIX NFS host HELLO Also called the Local Network Protocol it is an interior protocol that uses delay as the deciding factor when selecting the best route Delay is the round trip time between sour
11. Emulated Model Minimum Size rows x columns IBM 3278 2 24 x 80 IBM 3278 3 32 x 80 IBM 3278 4 43 x 80 IBM 3278 5 27 x 132 Some Client TELNET commands have specific meaning for TN3270 mode See 7 3270 Keyboard Mapping Alternative method You can also open a remote TELNET TN3270 connection by entering the following command TELNET host TN3270 See the OPEN CLOSE and EXIT commands in the Command Reference Example 12 2 Opening a TN3270 Session TELNET TELNET gt OPEN LOCIS LOC GOV TELNET Connecting to Remote Terminals Library of Congress menus displayed gt Ctrl C TELNET CLOSE TELNET OPEN LOCIS LOC GOV TN3270 PRINT QUEUE ENG PRINTER ASCII Ctrl C TELNET gt OPEN BLUE ADP WISC EDU TN3270 TCPWARE TELNET E CONLOST connection to remote host lost TCPWARE TELNET E MAXTN3270 only one TN3270 session may be open at any one time TCPWARE TELNET I CURRSESSION current session is not 1 LOCIS LOC GOV TELNET gt Closing a Session A TELNET session remains open until you log out of that session at the system prompt or use the CLOSE EXIT QUIT or BYE commands or enter Ctr1 z at the TELNET gt prompt To close a TELNET session use one of the following commands at the TELNET gt prompt see Example 12 3 TELNET gt CLOSE closes the current session as in the following chart If you open a TELNET Then CLOSE closes the current session using And session and Telnet
12. TCPWARE FTP USE SRI ENCODING ON ODSS This logical can be defined to 1 TRUE or YES to cause the filename encoding used for UNIX style filenames on ODS 2 disks to be used on ODS 5 disks This also sets the default case of letters in filenames to lowercase and ignores the stored case B 12 TCPware Logicals Table B 1 TCPware Logicals Continued TCPWARE FTP WINDOW The FTP client and the FTP server set the TCP window size of the data connection to either e The value of this logical if you define it minimum is 512 bytes maximum is 1 048 576 bytes The larger of 32 768 bytes and the default TCP window size The in the logical represents where defined values go Defined value should be numeric DEFINE SYSTEM NOLOG EXECUTIVE TCPWARE FTP WINDOW TCPWARE KERBV4 MAXAGE Sets the maximum age of the Kerberos database TCPWARE KERBV4 PRIMARY Sets the primary Kerberos server name TCPWARE KERBV4 REALM Sets the realm name of the Kerberos server TCPWARE KERBV4 RLOGIN Determines if the RLOGIN server mandates accepts or disallows any Kerberos request TCPWARE KERBV4 RSHELL Determines if the RSH server mandates accepts or disallows any Kerberos request TCPWARE KERBV4 SRVTYP Sets the type of server primary or applications only TCPWARE KERBV4 TELNET Determines if the TELNET server mandates accepts or disallows any Kerberos request TCPWARE KERBV4 TKFILE Sets
13. Table B 1 TCPware Logicals Continued TCPWARE ACECLIENT DATA DIRECTORY Points to the directory that contains ACE Client data files Set by the Enter directory where the TCPware ACE Client data file resides promptin CNFNET TCPWARE ACECLIENT ENABLE Indicates that authentication by the TCPware ACE Client is enabled when set to 1 Set by the Do you want to use the TCPware ACE CLIENT to authenticate user login prompt in CNFNET TCPWARE ACECLIENT NETWORK Indicates that authentication 1s performed on logins over network terminals when set to 1 For example NT physical devices created if using TELNET Set by theDo you want to authenticate user network logins prompt CNFNET TCPWARE ACECLIENT PASSCODE TIME Defines the number of seconds allowed for the user to input the PASSCODE Set by the Enter the PASSCODE input timeout time promptin CNFNET TCPWARE ACECLIENT REMO Indicates that authentication is performed on logins over remote terminals when set to 1 For example RT physical devices are created if using SET HOST Set by the Do you want to authenticate user remote logins prompt in CNFNET TCPWARE ACECLIENT SHR Points to the ACE Client API TCPWARE DOMAINLIST Allows you to set up to six domains in a search list as well as the minimum number of dots to recognize in a host name to make it fully qualified The client reads this information from this logical through CNFNET TCPWARE DOMAIN
14. well known port Any ofa set of protocol port numbers preassigned for specific uses by transport level protocols TCP and UDP Servers follow the well know port assignments so clients can locate them Examples of well known port numbers include ports assigned to the remote login TELNET service and the file transfer FTP servers whitespace Space tab or newline character WHOIS Utility that allows Internet users to query the Network Information Center NIC username directory services wide area network WAN Network element of an internet in which hosts connect over large geographic distances X25 Set of networking recommendations that define the network user interface in a Packet Switching Data Network PSDN X 25 provides a common set of protocols for computer systems to follow when interconnecting over a PSDN XQP Extended QIO processor See ancillary control process ACP Symbols Next Code prompt 14 8 BUFFER_SIZE 17 3 CONCURRENT REQUESTS 17 3 HELP 16 7 16 32 LOCK 16 32 NO AGENT FORWARDING 16 7 NOSSH1 16 32 QUIET 16 8 REMOVE 16 33 TIMEOUT n 16 33 UNLOCK 16 33 URL 16 33 USE_NONPRIV_PORT 16 8 USER user 16 8 VERBOSE 16 8 VERSION 16 8 A ACE Client definition 14 1 additional documentation A 6 anonymous user access 3 16 users 3 15 AO 12 21 12 39 authentication private keys 16 31 AYT 12 21 12 41 B BACKWARD 12 21 12 42 banner page 5 16 Ba
15. 5 Enter a Bcc name or address 10 5 PART II User Functions 10 6 6 Enter a sender name or address 7 Enter a departmental name or address SMTP OpenVMS prepends an to the departmental name or address 8 Enter your own special header For example What is the name of the header X Affiliation SMTP OpenVMS prepends an x to the special header name The next prompt asks you to supply a value for the header you specify For example Full Name Value George Plimpton The procedure returns to the A dd M odify D elete e Xlit and Save or uit prompt so that you can add other headers or modify or delete existing ones If you enter exit and save the procedure writes out the file on exiting and defines the SMTP USER HEADERS logical based on the file s contents e f you are modifying a header definition the procedure gives you the current list of defined headers followed by a prompt where you enter the appropriate number For example Your Current Headers 1 Full Name Value George Plimpton 2 X Affiliation Paris Review Which header would you like to modify 2 New X Affiliation Value None After modification you return to the Which header would you like to modify prompt If you enter Return at the prompt you return to the A dd prompt Ifyou are deleting a header definition the procedure gives you the current list of defined headers followed by the prompt Which header
16. If you need to preserve case for any of the command elements enclose each in quotes since RSH lowercases unquoted text strings Include a pair of quotes for each redirection of the command If you are redirecting a command through one remote host to have it executed on a third each host in 7 1 PART II User Functions turn strips off a pair of quotes after interpreting the command In this case you may need three pairs of quotes around the command element in order to preserve case 7 2 RCP Copying Files RCP Copies files between the local and remote host or between two remote systems Format RCP source destination Parameters source Source host and pathname information in the general format host filespec hostis the remote host name followed by a colon filespec 1s different for UNIX and OpenVMS systems For UNIX system source hosts use the absolute pathname such as etc user hosts or the one relative to the user s home directory hosts For OpenVMS source hosts use the format dir file typ or file typ which assumes the current directory If you include a username or device use the following format usernameQGhost device filespec If you include a username and want to copy from a remote host the remote host must include your host and username in its host equivalence file If you do not use the above format use the USER PASSWORD and TRUNCATE qualifiers Note Do
17. N is the escape attention character TELNET gt CLOSE 2 STCPWARE TELNET I CONNCLOSED closing session 2 marge nene com TELNET gt CLOSE 1 STCPWARE TELNET S CONNCLOSED closing session 1 bart nene com TELNET gt EXIT IRIS Issuing Local Commands 12 6 You can issue commands to the Client TELNET utility during a remote session by returning to the TELNET prompt You can then enter one or more TELNET commands TELNET OpenVMS features multiline recall of up to 20 command lines using the standard OpenVMS line recall and editing keys You return to the remote session by entering the RESUME command To issue a local TELNET command while connected to a remote host and then resume the session on the host see Example 12 4 1 Enter the escape attention character to return to the TELNET prompt for example Ctr1 N 2 Issue a TELNET command For example you may want to Issue the SHOW STATUS command The SHOW STATUS command displays a list of open TELNET Connecting to Remote Terminals connections The arrow gt identifies the current session Change the escape attention character using the SET ESCAPE command 3 Return to the remote host by entering TELNET RESUME This command resumes to the current remote host Pressing Return or entering the OPEN command also resumes to the current remote host To resume to a different session enter TELNET gt RESUME session number session number is the number of th
18. TWO SIDED LONG EDGE or two long edge or 2long_side prints each consecutive pair of pages upon the front and back sides of consecutive media sheets with the orientation of each pair of pages on the long edge This positioning is called duplex or head to head also TWO SIDED SHORT EDGE or two short edge or 2short side prints each consecutive pair of pages upon front and back sides of consecutive media sheets with the orientation of each pair of 5 17 print stream pages on the short edge This positioning is called tumble or head to toe also ORIENTATION keyword Specifies the page orientation The keyword must be one of PORTRAIT REVERSE PORTRAIT LANDSCAPE REVERSE LANDSCAPE These can be abbreviated to any non ambiguous prefix Case is ignored NO JFLAG Requests or suppresses the printing of an IPP flag page for the job The printer may or may not respond to this request The exact format of this flag page 1s up to the IPP Server printer implementation NUMBER UP nuniber Specifies the number of page images to be placed on each side of each sheet of paper The number must be an integer that 1s acceptable to the IPP server If the number specified is not a value supported by the server the job aborts DOCUMENT FORMAT MIME media type or DOCUMENT FORMAT printer default Specifies the document format of the files in the job or specifies use of the printer s built in default The defaul
19. VMSLPR Symbiont By default the VMSLPR symbiont generates a flag page locally using the VMS print symbiont and suppresses the banner page generated by the LPD server You can make the VMSLPR symbiont request a banner page from the LPD server on a specific queue by defining the logical DEFINE SYSTEM EXEC TCPWARE VMSLPRSMB queue name REMOTE BANNER TRUE To enable this functionality on all VMSLPR symbionts define the logical DEFINE SYSTEM EXEC TCPWARE VMSLPRSMB REMOTE BANNER TRUE The following logical has been added to the VMSLPR symbiont allowing you to define the number of characters you want removed from the end of a print job DEFINE SYS EXEC TCPWARE VMSLPRSMB queue name TRIMTAIL i isanumeric value indicating the number of characters to remove from the end of each print job If not specified the default value is 2 Examples 5 16 1 This command prints the file MEMO TXT on the remote default printer PRINT QUEUE LPR PRINT MEMO TXT 2 This command sends the file MEMO TXT to the SYSSPRINT queue which is usually a local printer PRINT MEMO TXT PRINT Network Printing 3 This command prints the file MEMO TXT on the 1 printer at host DAISY You can enter this command only if you did not define the system logical TCPWARE LPR LPRSPRINT PRINTER PRINT QUEUE LPR PRINT PARAMETERS 1p DAISY MEMO TXT 4 This command PRINT QUEUE LPR PRINT PARAMETERS lpGDAISY m t MEMO TXT Is identical to the pr
20. CR is translated to CRLF when sent 12 65 PART II User Functions SPAWN SPAWN Executes DCL commands Note You cannot SPAWN with CAPTIVE accounts Format SPAWN command line Synonym Z command line Parameter command line DCL command line that you want executed If omitted Client TELNET spawns an interactive subprocess To return to TELNET from an interactive subprocess logout of that subprocess Examples 1 This example displays the time on your local host without leaving the TELNET utility TELNET gt SPAWN SHOW TIME 3 Nov 2004 14 02 48 2 This example initiates DCL command mode and returns the DCL prompt TELNET gt SPAWN SHOW TIME 3 Nov 2004 14 02 51 LOGOUT Process SMITH 1 logged out at 3 Nov 2004 14 02 54 34 TELNET gt To exit the DCL command mode and return to TELNET enter the LOGOUT command at the DCL prompt 12 66 Chapter 13 TFTP Trivial File Transfers Introduction The Trivial File Transfer TFTP utility provides the user interface to TFTP This program allows a user to transfer files to and from a remote host TFTP primarily allows remote diskless systems to read bootstrap images over the network TFTP uses UDP to make transfers It does not provide user login validation See Chapter 4 of the Installation and Configuration Guide for information about configuring the TFTP server FTP OpenVMS is a more complete file transfer facility than TFTP See Chapter 3 FTP Transferrin
21. Ctrl Z 12 27 PART II User Functions FLUSH FLUSH Discards all characters currently in the output stream from the server Ignored if no connection is open Note Unlike the flush character see the SET NO FLUSH command the FLUSH command does not use the timing mark option Format FLUSH 12 28 HELP TELNET Connecting to Remote Terminals HELP Obtains help on using the Client TELNET utility TELNET help uses the OpenVMS interactive help facility To exit the help facility press the RETURN key until you return to the TELNET gt prompt Format HELP topic Parameter topic Topic on which you want help Optional 12 29 PART II User Functions OPEN OPEN Opens a connection to a remote host You can open up to ten connections at any one time The connection remains open until you log out of the remote host or use the CLOSE or EXIT command at the TELNET gt prompt To use Kerberos version 4 authentication with TELNET you must first get a ticket granting ticket TGT from the Kerberos Server See Chapter 4 Kerberos User Commands If you are designated by the system administrator as having password authentication through Token Authentication you need to enter the PASSCODE in addition to the username and password at a separate PASSCODE prompt see Example 12 7 Depending on which type of SecurID card you were assigned Enter a combination of your memorized personal identification number PIN
22. DELETE RENAME MKDIR RMDIR NOREAD will disable GET and LIST TCPWARE SFTP username ROOT The logical TCPWARE SFTP username ROOT can be defined SYSTEM to restrict the user to the directory path specified Subdirectories below the specified directory are allowed SSH SFTP LOG SEVERITY The logical SSH SFTP LOG SEVERITY can be defined SYSTEM to 20000 to log file transfersor 30000 to log all SFTP operations SSH2 SFTP LOG FACILITY The logical SSH2 SFTP LOG FACILITY must also be defined SYSTEM to specify the logging class that is used with OPCOM Values below 5 will use the network class 5 will use OPERI 6 will user OPER2 etc The maximum value that can be specified is 12 which will use OPER8 TCPWARE SFTP SEND VENDOR ID If this logical is defined to No False or 0 zero then the SFTP2 client will not send the extended command containing the vendor id upon completion of version negotiation with the server TCPWARE SFTP ADD ODS5 CARETS For ODS 5 devices SFTP will only put carets in file names if the logical TCPWARE SFTP ADD ODS5 is defined to be True Yes or 1 In all other cases the name will be used as is 17 10 Secure File Transfer SFTP2 File Specifications File specification must be in UNIX format for remote systems unless VMS transfers are being used SFTP2 Command Syntax and Qualifiers Usage SFTP2 qualifiers user host port If the username
23. DNSSIGNER from BIND distribution Portions Copyright c 1995 1998 by Trusted Information Systems Inc Portions Copyright c 1998 1999 Network Associates Inc Permission to use copy modify and distribute this software for any purpose with or without fee is hereby granted provided that the above copyright notice and this permission notice appear in all copies THE SOFTWARE IS PROVIDED AS IS AND TRUSTED INFORMATION SYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS IN NO EVENT SHALL TRUSTED INFORMATION SYSTEMS BE LIABLE FOR ANY SPECIAL DIRECT INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE DATA OR PROFITS WHETHER IN AN ACTION OF CONTRACT NEGLIGENCE OR OTHER TORTIOUS ACTION ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE ERRWARN C Copyright 1995 by RadioMail Corporation rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 Neither the name of Rad
24. See your Kerberos administrator to determine your Kerberos instance Converted to lowercase unless you enclose it in double quotes old password new password Old and new user passwords Converted to lowercase unless you enclose them in double quotes Example 4 6 NETCU SET KERBEROS PASSWORD PERSEPHONE Old password for persephone New password for persephone Verifying please re enter Changes the Kerberos password for user persephone SHOW TICKETS Kerberos User Commands SHOW TICKETS For Kerberos users Displays your ticket granting ticket TGT and any existing application service tickets The name of the ticket file is determined by the value of the TCPWARE KERBVA TKFILE logical usually set to SYS LOGIN KERBV4 TICKET SHOW TICKETS is equivalent to the UNIX command klist See the GET TGT command for more information on getting ticket granting tickets Format SHOW TICKETS Qualifiers BRIEF NOBRIEF default BRIEF lists only the acquired tickets and not the ticket files principal names issuance dates or expiration dates SRVTAB Shows the contents of the TCPWARE SRVTAB file as a list of available Kerberos services See CREATE SRVTAB for more information on the TCPWARE SRVTAB file TGT TEST NOTGT TEST default Checks whether the tickets are still valid and returns a success or failure exit status Examples 1 NETCU SHOW TICKETS Ticket file SYSSLOGIN KERBV4 TICKET Princip
25. Sending and Receiving Electronic Mail Subj Re This is a test message Return Path lt system karem yours com gt Received from karem paul com 192 168 1 92 by dino bedrock com MX V5 1 X A2w8g with SMTP for lt smith paul yours com gt Mon 9 Aug 2001 14 35 01 0400 Received by karem paul com for smithewater peter com Mon 9 Aug 2001 14 35 00 GMT Date Mon 9 Aug 2001 14 35 00 GMT From system karem paul com To smith water peter com Message ID lt 990809143500 a2 karem paul com gt Glad to see your test worked This is my response MAIL gt EXIT Specifying a Host Alias TCPware allows a system to have multiple names or host aliases with respect to electronic mail delivery You can specify the host alias you want to use by defining the TCPWARE SMTP FROM HOST logical name The alias you choose must be one of the SMTP host name aliases registered on the system see the translation of the logical name TCPWARE SMTP HOST NAME and the contents of the file TCPWARE HOST ALIAS FILE If the alias you use is unknown the setting of TCPWARE SMTP FROM HOST is ignored The host alias feature allows users from different administrative units within an organization to have their return address reflect the name of their unit even though mail for all units is handled by one system Specifying Individual Aliases TCPware supports both system wide and per user mail aliases Using these aliases you can refer to electronic mail add
26. 1661 Assigned Numbers STD 2 1700 Post Office Protocol Version 3 STD 53 1939 Internet Message Access Protocol Version 4rev1 2060 Dynamic Host Configuration Protocol 2131 References Table A 1 Subset of RFCs Implemented by TCPware for OpenVMS Continued Title RFC DHCP Options and BOOTPD Vendor Extensions 2132 Dynamic Updates in the Domain Name System DNS Update 2136 Secure Domain Name System Dynamic Update 2137 Agent Extensibility AgentX Protocol Version 1 2741 Definitions of Managed Objects for Extensible SNMP Agents 2742 Internet TCP IP Protocol Suite and Related Subjects The following RFCs are also available on more general Internet TCP IP and related subjects RFC 1118 The Hitchhikers Guide to the Internet RFC 1359 Connecting to the Internet What Connecting Institutions Should Anticipate RFC 1392 Internet Users Glossary RFC 1432 Recent Internet Books RFC 1462 FYI on What is the Internet RFC 1463 FYI on Introducing the Internet A Short Bibliography of Introductory Internetworking Readings for the Network Novice RFC 2151 A Primer on Internet and TCP IP Tools and Utilities The following books are particularly useful references Comer Douglas E 1995 Internetworking with TCP IP Volume I Principles Protocols and Architecture Third edition Prentice Hall Comer Douglas E amp David L Stevens 1994 Internetworking with TCP IP Volume II Design Imp
27. Enterprise Wide Networking Computer systems from many different vendors can communicate with systems using the TCP IP protocols Almost all UNIX based systems support TCP IP FTP NFS SMTP and TELNET This makes TCPware for OpenVMS components ideal tools for networking OpenVMS systems with other computer systems Figure 1 1 shows some systems networked using TCP IP 1 1 PART I Introduction Figure 1 1 Connecting Dissimilar Systems Using TCPware for OpenVMS Alpha Station BD Digital UNE D 192 1 Alpha Station 400 Ins 132 168 351 aay 68 952 FLOWER COM Ethernet Tuli 182 158 523 Lilac 182 188 524 Station 4000 SUM The inteme TCPware for OpenVMS components operate with many other computers TCPware for OpenVMS components also operate with many network support devices that are compatible with TCP IP Ethernet and other local area networks LANs as shown in Figure 1 2 Figure 1 2 Devices Supporting TCP IP Networking VAXStation 4000 AlphaServer 8400 Aster 172 16 0 2 Rose 172 16 0 1 FLOWER COM Ethernet Network Lily Lupine Gateway 172 16 0 3 172 16 0 4 AlphaStation 600 SUN Digital UNIX The Internet 1 2 Introducing TCPware for OpenVMS TCPware for OpenVMS TCPware for OpenVMS includes the TCP IP Services components designed exclusively for the Alpha and 164 architectures and the OpenVMS o
28. REMOTE FORWARD protocol isten port host port Forward remote port to local address These cause ssh to listen for connections on a port and forward them to the other side by connecting to host port USE NONPRIV PORT Use a non privileged 71023 source port USER user Log in to the server system using this user name VERBOSE Display verbose debugging messages Equal to DEBUG 2 VERSION Display version number of the client Table 16 2 SSH2_CONFIG File Configuration Keywords Keyword Value Default Description AllowedAuthentications List publickey Permitted techniques listed keyboard in desired order of attempt interactive These can be the following password keyboard interactive password publickey kerberos 2 ssh com kerberos tgt 2 ssh com and hostbased Each specifies an authentication method The authentication methods are tried in the order in which they are specified with this configuration parameter AuthenticationSuccessMsg Y N Y Print message on successful authentication Accessing Remote Systems with the Secure Shell SSH Utilities Table 16 2 SSH2 CONFIG File Configuration Keywords Continued Keyword Value Default Description AuthorizationFile Filename Authorization Authorization file for publickey authentication See below for more information on the contents of this file BatchMode Y N Don t prom
29. RMTn RCDn respectively on your local OpenVMS system In this way you can perform functions on remote magnetic tape or CD ROM drives connected to an RMT or RCD server The remote RMT or RCD server must support the rmt protocol Connecting to a remote CD ROM drive requires the CD qualifier You can connect to the remote host with a different username by specifying the optional USERNAME qualifier on the command line Format RMTSETUP host remote device logical Parameters host Name or internet address of the host on which the remote tape or CD ROM drive resides This host must have an RMT server available remote device Name of the remote tape device such as MKB500 or CD ROM device such as DKA200 on the RMT server If sending the device and any server options to a non TCPware server you must enclose this information in double quotes such as dev rst0 for a UNIX server with read only privileges logical Optional OpenVMS logical assigned to the newly created pseudodevice If omitted RMTSETUP uses the logical name TCPWARE TAPE for tapes and TCPWARE DISK for disks Qualifiers Not all RMT servers support the following RMT Client qualifiers as options or qualifiers For UNIX servers for example you must include options as part of remote device as a quoted string For example dev mt0 is a stream device and dev rmto is a non stream device With a TCPware RMT server where remote device is not a quoted strin
30. SMTP This also sets the NOTIFY option for PRINT so that if you are logged in as the user under which the job was printed you will be notified that the job completed n File contains UNIX ditroff device independent trof f formatting commands 0 File contains PostScript input P Prints the file with page headers Do not append any characters onto the p of the option or it can be interpreted as an argument to the uppercase P option See the Note 5 9 PART II User Functions LPR P printer host or pprinter host P logical or plogical Specifies a remote printer If you do not use this option lpr uses the default printer defined by the logical TCPWARE LPR PRINTER See the Note for details on syntax r Deletes the files from your local host after sending them to the remote queue Use this option cautiously The remote host deletes the file when accepting the job However the remote host does not guarantee that it will print or execute the job That is the remote printer might fail someone could delete jobs from the queue or you might not have access to the queue The remote host does not delete the file if the remote queue does not accept the job t File contains output from UNIX troff formatting commands Do not append any characters onto the t ofthe option or it can be interpreted as an argument to the uppercase T option See the Note T title or ttitle Prints a title on the first p
31. See multicasting big endian Format for storage of binary data where the most significant byte comes first The Internet s standard byte order 1s big endian See little endian and network byte order Border Gateway Protocol BGP Exterior routing protocol used to exchange routing information between multiple transit Autonomous Systems ASs as well as between transit and stub ASs broadcasting Packet delivery system that provides a copy ofa given packet to all hosts attached to the network For example Ethernet and FDDI See multicasting Classical IP over Asynchronous Transfer Mode CLIP A way of sending IP datagrams over ATM protocol lines Classless Inter Domain Routing CIDR Protocol developed in 1992 by the Internet Engineering Steering Group that eliminates address class distinctions and depends on address masks that fall on bit instead of byte boundaries The strategy assigns blocks of Class C addresses to Internet providers and has the providers subnet mask the addresses in further units to organizations This also sharply reduces the growth in routing tables in Internet routers beyond their manageable capacity client server model Concept used to describe the application layer protocols The process that initiates a service is the client or user The process that provides the service is the server A client and a server can be on different hosts or on the same host Glossar
32. This command changes the retransmit timer Rexmt interval to 10 seconds and the subsequent STATUS command shows the result The Max timeout is set to five times the Rexmt interval by default tftp rexmt 10 tftp status Connected to SIRIUS nene com Mode octet Tracing off Rexmt interval 10 seconds Max timeout 50 seconds 13 9 PART II User Functions STATUS STATUS Displays the current status and parameter settings The Max timeout reported is based on the following computation Max timeout Rexmt interval x Tries The number of tries Tries is initially 5 unless adjustments made to the Max timeout and Rexmt interval values see below for an example Note The total retransmission period Max timeout value displayed may be slightly different from that set using the TIMEOUT command See the TIMEOUT command for an explanation Format STATUS Examples This command shows the connection status file transfer mode Mode packet trace flag status Tracing retransmit timer Rexmt interval and total retransmission period Max timeout values over the period of a number of adjustments See the TIMEOUT command for an explanation of the Max timeout recalculations tftp connect spica tftp stat Connected to spica nene com Mode netascii Tracing off Rexmt interval 5 seconds Max timeout 25 seconds tftp rexmt 4 tftp stat Connected to spica nene com Mode netascii Traci
33. This is also a VMS extension to display the roots devices on the VMS system Though the commands are the same the information provided is not compatible with what is displayed by VanDyke Software s Secure FX LSYMLINK lt targetpath gt lt linkpath gt Like SYMLINK but for the local side 17 17 Secure File Transfer Table 17 3 SFTP2 Commands MGET preserve attributes p lt file gt lt file2 gt Retrieves multiple files from the remote system and stores them in the current working directory on the local system If preserve attributes or p is specified then SFTP attempts to preserve timestamps and access permissions MKDIR lt directory specification gt Creates the specified directory on the remote system MPUT preserve attributes p lt file gt lt file2 gt Stores multiple files in the current working directory on the remote system File names are case sensitive and in UNIX format When operating in VMS mode either UNIX or VMS style file specifications can be used Directories are recursively copied with their contents Multiple files may be specified by separating the names with spaces If preserve attributes or p is specified then SFTP attempts to preserve timestamps and access permissions OPEN 1 user host port Tries to connect to the host lt hostname gt Or with the l option connects the remote side to the local filesy
34. and the tokencode that appears on the card with no separating space at the PASSCODE prompt or Enter your memorized PIN on the PINPAD card and the resulting tokencode that appears on the card at the PASSCODE prompt See Chapter 14 Token Authentication Protecting Logins for details on obtaining PASSCODEs Note The same parameters and qualifiers apply to the TELNET command on the DCL level as apply to the OPEN command within TELNET Format OPEN host port Synonyms CONNECT host port SET HOST host port Parameters host Name of the remote host to which you want to connect The host must exist on the network Enter OPEN host to open a remote connection and start the login sequence if any If you omit host and a connection is open Client TELNET resumes the session to that host port Nonstandard service name or number of the remote port to which you want to connect The default 1s TELNET or 23 for the TELNET Server Use only to connect to a nonstandard server ALTERNATIVE Use the PORT qualifier DO NOT use both in the same command see Example 6 12 30 OPEN TELNET Connecting to Remote Terminals Qualifiers AUTHENTICATION auth type Determines the authentication method If auth type is KERBVA or the value is omitted Kerberos version 4 authentication is used If auth type is NULL or the entire qualifier is omitted standard authentication is used CREATE PERMANENT BROKE_TIMO second
35. command You can configure a host as an LPS client and an LPS server LPD The LPS OpenVMS print queue created during configuration can be a queue that Performs local OpenVMS print formatting and prints output on the printer associated with the remote host running LPD Sends local print requests to the remote print queue running LPD The remote print queue performs the print formatting OpenVMS print protocol Terminal Server Print Services implements this protocol and supports the OpenVMS style PRINT command Before you use the TCPware network printing services get a list of available print queue names from your system manager and be sure that TCPware print services software has been configured and started on your system Any other required OpenVMS print queues have been initialized and started 5 1 PART II User Functions Network Print Services Once the print queue has been initialized and started you can send print requests to a printer attached to a remote host or to a printer connected to a terminal server on the TCP IP network You can also print files that are on a remote host to printers attached to the local host 5 2 The LPS client and Terminal Server Print Services support the following commands remote printer designated during configuration LPQ Displays the remote print job LPRM Removes a job from a remote print queue status LPR Sendsa job to the default PRINT Places
36. filenaming conventions of the remote host Enclose the pathname in quotes if it contains delimiters or symbols the FTP server could possibly misinterpret For example the following remote filespec is enclosed in quotes because it includes slashes that OpenVMS normally interprets as qualifier delimiters ALPHA smithabcd usr bin projl txt destination Output filespec Enclose the filespec in quotes 1f you want to preserve case and did not use the SET NOLOWERCASE command If wildcarded Client FTP uses the source filename or extension unless the filespec is a quoted string See the source parameter for the destination filespec format To obtain the same version number in the destination file as in the source file instead of creating a newer one wildcard the destination file version using Note that if the server is not an OpenVMS host the version number is included in the filename You do not get a warning if the server host already has a higher numbered version Also if the server host already has the version specified the old file with that version is overwritten Transfer Qualifiers Positional LOCAL The preceding file is on the local host If LOCAL follows source REMOTE is implicit for destination If LOCAL is omitted Client FTP searches for a node if found Client FTP assumes the file is remote Do not use for both source and destination REMOTE The preceding file 15 on the remote host If REMOTE follo
37. included with your distribution see http www isc org If the list of documentation files was removed from your copy of a covered work you must obtain such a list from the ISC The web page at http www isc org contains pointers to lists of files for each ISC distribution covered by this license It is permissible in a source or binary distribution containing covered works to include reformatted versions of the documentation files It is also permissible to add to or modify the documentation files as long as the formatting is similar in legibility readability font and font size to other documentation in the derived product as long as any sections labeled CONTRIBUTIONS in these files are unchanged except with respect to formatting as long as the order in which the CONTRIBUTIONS section appears in these files is not changed and as long as the manual page which describes how to contribute to the Internet Software Consortium hereafter referred to as the Contributions Manual Page is unchanged except with respect to formatting Documentation that has been translated into another natural language may be included in place of or in addition to the required documentation so long as the CONTRIBUTIONS section and the Contributions Manual Page are either left in their original language or translated into the new language with such care and diligence as is required to preserve the original meaning 10 You must include this license with any distribut
38. use a s in the logical DEFINE SYSTEM EXEC TCPWARE FTP PASSWORD WARNING MESSAGE s DEFINE SYSTEM EXEC TCPWARE FTP PASSWORD WARNING MESSAGE message text string TCPWARE FTP PASSWORD WARNING TIME The logical TCPWARE FTP PASSWORD WARNING TIME uses the VMS delta time to specify the minimum remaining lifetime for the user s password If the remaining lifetime 15 greater than the VMS delta time then no message is displayed It is necessary to define this value to enable checking for the remaining lifetime of a password DEFINE SYSTEM EXEC TCPWARE FTP PASSWORD WARNING TIME dddd hh mm ss hh TCPWARE FTP RECEIVE THRESHOLD Specifies the amount of buffer space that can be used to buffer transmitted data on the data socket The default value if 6144 If this logical is defined and it begins with a then it specifies the fraction of the window size if only a fraction is specified then it indicates the number of bytes to be used The in the logical represents where defined values go Defined values can be either alpha or numeric DEFINE TCPWARE FTP RECEIVE THRESHOLD B 9 PART III Appendixes Table TCPware Logicals Continued TCPWARE_FTP_RECODE NONVMS FILE NAMES If this logical is defined and the FTP server is not operating in UNIX mode it recodes filenames that are not legal OpenVMS file names in the same manner that it would normally recode filenames when operating in UNIX mode This is useful
39. user host port file user host port file Note The source and destination file specification must be quoted if they contain a user specification or a non VMS file specification 17 2 Secure File Transfer Qualifiers Table17 1 SCP Qualifiers Qualifier Description ASCU newline convention Newline convention is one of dos mac unix vms or sftp The newline convention specified is the newline convention to use if a newline convention is not specified by the server Allowed values dos r n r unix n vms i sftp Wn Default unix BATCH Starts SSH2 in batch mode Authentication must be possible without user interaction BUFFER SIZE integer Number of bytes of data to transfer in a buffer Default is 7500 Minimum value is 512 CIPHER cipher 1 cipher n Selects an encryption algorithm s COMPRESS Enables SSH data compression CONCURRENT_REQUEST integer Number of concurrent read requests to post to the source file Default is 4 DEBUG level Sets a debug level 0 99 DIRECTORY Forces the target to be a directory HELP Displays the help text IDENTITY FILE file Identifies the file for public key authentication PORT number Tells SCP2 which port SSHD2 listens to on the remote machine PRESERVE Preserves file attributes and timestamps NOPROGRESS Does not show progress indica
40. 1 Redistributions of source code must retain the copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 advertising materials mentioning features or use of this software must display the following acknowledgement This product includes cryptographic software written by Eric Young eay cryptsoft com The word cryptographic can be left out if the rouines from the library being used are not cryptographic related 4 If you include any Windows specific code or a derivative thereof from the apps directory application code you must include an acknowledgement This product includes software written by Tim Hudson tjh cryptsoft com THIS SOFTWARE IS PROVIDED BY ERIC YOUNG AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING
41. 2 and 3 Alternative method You can also open a remote TELNET connection as follows TELNET host See the OPEN CLOSE and EXIT commands in the Command Reference TELNET Connecting to Remote Terminals Note Example 12 1 Opening Multiple TELNET Sessions IRIS TELNET TELNET gt OPEN BART sTCPWARE TELNET I TRYING sTCPWARE TELNET I ESCAPE login procedure to BART BART Ctr1 TELNET gt OPEN MARGE STCPWARE TELNET I TRYING 192 168 1 91 23 STCPWARE TELNET I ESCAPE login procedure to MARGE MARGE Ctr1 TELNET gt OPEN HOMER STCPWARE TELNET I TRYING 192 168 1 90 23 STCPWARE TELNET I ESCAPE login procedure to HOMER HOMER Ctrl N TELNET OPEN LISA STCPWARE TELNET I TRYING 192 168 1 89 23 STCPWARE TELNET I ESCAPE login procedure to LISA 15 Ctrl N trying bart nene com telnet 192 168 1 92 23 escape attention character is W BART remains open trying marge nene com telnet escape character is W BART and MARGE remain open trying homer nene com telnet escape character is W BART MARGE and HOMER remain open trying lisa nene com telnet escape character is W TELNET gt OPEN AUTH KERBV4 REALM SIMPSONS COM MAGGIE STELNET I TRYING STELNET I ESCCHR MAGGIE escape trying maggie yours com telnet attention 192 168 99 1 23 character is W TCPware provides secure TELNET OpenVMS logins through its
42. 3 P blickey Authentication tte i e eid eed eure fe a EE reete eed 16 4 Password Authentication cccccccecsesscessessecsecsseeseceecsececeseeeceseeseecaecaeecsecsaeeaeeaeeeeerseseeneeenes 16 5 Break in and Intrusion Detection nennen enne 16 5 Session Termination BORROW ada edam iter 16 6 XIT Forwarding ete e etica 16 6 Configuring the SSH C lent tue eed Pese i De ip d teen tectis 16 6 Notes Regarding SSH2 CONFIG eene nennen ener 16 12 Authorization File Options 16 13 Options that can be specified a ede eren ea 16 14 SSH Client Server Authentication Configuration Examples sse 16 15 Hostbased Authentication Example 16 15 Publickey Authentication Example esses eene enne nnns 16 16 SSHI Exambple tog t ERR UR UE RED I EM 16 17 SSH2 User Authentication Using Certificates sssssssssssseeeeeeeeeneennenen 16 19 XV Contents SSH2 Hostkey Authentication Using Certificates sess 16 20 Port Forwarding R 16 21 Other Filess nb deti a dut a eee 16 23 SSHEEY GEN e 16 27 SSHAGENT authentication agent eee 16 31 DESCRIPTION riire ieoi ieee t re rre rH IE e EI HI HEY YE HEX YE e i E de Fine rn 16 31 EIEES ete ede 16 32 SSHADD eccentric iieri P e epe He erii iiie eee pied eren 16 32 DESC
43. 5 1112 Compressing TCP IP Headers for Low Speed Serial Links 1144 Structure and Identification of Management Information STD 17 1155 A Simple Network Management Protocol SNMP STD 15 1157 Line Printer Daemon Protocol 1179 New DNS RR Definitions 1183 A 3 PART III Appendixes 4 Table A 1 Subset of RFCs Implemented by TCPware for OpenVMS Continued Title RFC Path MTU Discovery 1191 Management Information Base for Network Management 1213 Tunneling IPX Traffic through IP Networks 1234 BSD Rlogin 1282 The Finger User Information Protocol 1288 Network Time Protocol Version 3 Specification Implementation amp Analysis 1305 TCP Extension for High Performance 1323 DNS NSAP RRs 1348 Type of Service in the Internet Protocol Suite 1349 The TFTP Protocol Revision 2 STD 33 1350 Multiprotocol Interconnect on X 25 and ISDN in the Packet Mode 1356 TELNET Remote Flow Control Option 1372 Transmission of IP and ARP over FDDI Network STD 36 1390 IP Multicast over Token Ring Local Area Networks 1469 Encoding Header Field for Internet Messages 1505 Applicability Statement for the Implementation of CIDR 1517 An Architecture for IP Address Allocation with DICR 1518 Classless Inter Domain Routing CIDR Strategy 1519 Dynamic Host Configuration Protocol 1541 Classical IP and ARP over ATM 1577 The Point to Point Protocol PPP STD 51
44. B 16 TCPWARE NFS DIRREAD LIMIT B 16 TCPWARE NFS DIRTIME TIMER B 16 TCPWARE NFS DYNAMIC EXPORT B 16 TCPWARE NFS DYNAMIC PROXY B 17 TCPWARE NFS FILE CACHE SIZE B 17 TCPWARE NFS LOG CLASS B 17 TCPWARE NFS NOCHECKSUM B 17 TCPWARE NFS OPENFILE TIMER B 17 TCPWARE NFS PCNFSD DFLTPRTOPT B 17 TCPWARE NFS PCNFSD ENABLE B 17 TCPWARE NFS PCNFSD JOB LIMIT B 18 TCPWARE NFS PCNFSD PRINTER B 18 TCPWARE NFS PCNFSD PRINTER LIMIT B 18 TCPWARE NFS PCNFSD SPOOL B 18 TCPWARE NFS PORT B 18 TCPWARE NFS SECURITY B 19 TCPWARE NFS TCP THREADS B 19 TCPWARE NFS UDP THREADS B 19 TCPWARE NFS XID CACHE SIZE B 19 TCPWARE PCNFSD DFLTPRTOPT B 20 TCPWARE PPPD DEBUG LEVEL B 20 TCPWARE PPPD OPCOM LEVEL B 20 TCPWARE QUOTE B 20 TCPWARE RCMD FLAGS B 20 TCPWARE RCMD OUTPUT B 20 TCPWARE RES OPTIONS B 20 TCPWARE RES RETRANS MIN B 20 TCPWARE RES RETRIES B 21 TCPWARE SCP2 CONNECT TIMEOUT 17 8 TCPWARE SCP2 VMS MODE BY DEFAULT 17 8 TCPWARE SLIP B 22 TCPWARE SSH SCP SERVER DEBUG 17 8 TCPWARE SSH SFTP SERVER DEBUG 17 9 B 21 TCPWARE SVCORDER B 27 TCPWARE TCLB BIAS B 28 TCPWARE TELNET WINDOW B 28 TCPWARE TELNETD DEFCHAR B 28 TCPWARE TELNETD FLAGS B 28 TCPWARE TELNETD INTRO MSG B 29 TCPWARE TELNETD NO FORCED HANGUP B 28 TCPWARE TIMED EXCLUDE B 29 TCPWARE TIMED INCLUDE B 29 TCPWARE TIMED MODE B 29 TCPWARE TIMEZONE B 29 TCPWARE TSSYM B 30 TCPWARE TSSYM RETRY INTERVAL B 30 TCPWARE TSSYM TIMEOUT B 30 TCPWARE TSSYM qname RETRY INTERVAL B 30 TCPWARE TSSYM qname TIMEOUT
45. Bit 0 1 FIXED Bit 1 2 VARIABLE Bit 2 4 The values are 0 zero NONE e 7 ALL Note that this logical affects SCP2 as well as the server as SCP2 has the server built into it for handling local file access If this logical is not defined the value 7 will be used TCPWARE_SCP2_CONNECT_TIMEOUT This logical defines a number specifying how long SCP2 should wait for a response to the INITIALIZE command from the server program This is a VMS delta time number The default is 2 minutes TCPWARE_SCP2_VMS_MODE_BY_DEFAULT When defined to TRUE YES or 1 this logical chooses the VMS qualifier if TRANSLATE_ VMS or NOVMS has not been specified TCPWARE_SFTP_RETURN_ALQ When defined to TRUE YES or 1 and files are being transferred in VMS mode this logical includes the Allocation Quantity for the file in the file header information This is disabled by default because copying a small file from a disk with a large cluster size to a disk with a small cluster size causes the file to be allocated with more space than necessary You have the option of retaining the allocated size of a file if it was allocated the space for a reason Some combinations of file characteristics require that the Allocation Quantity be included in the file attributes this is handled by SCP2 SFTP SERVER2 TCPWARE SSH SCP SERVER DEBUG Enables debugging messages for the SCP SERVERI image that provides service to SCP commands that use the RC
46. FORTRAN is equivalent BLOCK Sets block format see Table 3 2 SET DEFAULT BLOCK is equivalent VARIABLE Specifies that FTP writes an image format file as a variable length record format file Although FTP writes the records as variable length all records are the same length SET DEFAULT IMAGE VARIABLE is equivalent DEFAULT Removes the previous default file format SET DEFAULT DEFAULT is equivalent This is the default setting for an undefined format Examples 1 The following changes the default file format to formatted ASCII FTP gt TYPE ASCII 2 The following removes the previous default file format For future transactions Client FTP tries to determine the file format based on the local file s extension FTP gt TYPE DEFAULT 3 85 PART II User Functions USER USER For Sets the username at the remote host USER requires an open connection mat USER username password account If you Supply the username password and account if required with the command you are not prompted for them separately Omit the parameters from the command line you are prompted for them Use USER in an interactive command file and do not want to be prompted for a user name enter the username in the file on the line after the USER command You cannot include password or account information in the interactive command file Use the command non interactively for example a batch job and do not want to be prompte
47. FTP command to the remote server REMOTEHELP Bring up the remote FTP server s online help facility RENAME Rename a file on the remote host SITE Issue a site specific command to the remote server USER Set the username at the remote host Table 3 6 TCPware FTP Logicals for Users FTP STARTUP Define the FTP_STARTUP logical to point to the FTP_STARTUP COM file For example DEFINE SYSTEM EXECUTIVE FTP STARTUP SYS MANAGER FTP STARTUP COM Client users can override this startup file by creating their own Including the command DEFINE PROCESS FTP STARTUP in a user s LOGIN COM file overrides any TCPWARE FTP MAX PRE ALLOCATION The logical TCPWARE FTP MAX PRE ALLOCATION may be defined to limit the size that a file will be pre allocated to when file size information is available at transfer time This can be important when transferring very large files as it can take a long time to pre allocate the file at the start of the transfer and timeout routines in FTP and or firewalls may cause connections to be dropped This logical does not have any effect for STRU OVMS transfers of Indexed Contiguous or Contiguous Best Try files these files need to have accurate allocation size information at the start of the transfer 3 23 PART II User Functions 3 24 Table 3 6 TCPware FTP Logicals for Users TCPWARE ADD CC ON FIXED RECORD FILES If this logical is defined to TRUE and a file is transferred as TYPE IMAGE with QU
48. FTP gt mkdir sys2 users FTP gt mkdir sys2 users anonymous The commands are equivalent to FTP gt CREATE DIRECTORY SYS2 ANONYMOUS user email address USERS 3 36 DEFINE KEY Transferring Files DEFINE KEY Associates an equivalence string and a set of attributes with a key on the terminal keyboard Format DEFINE KEY key name Jequivalence string Parameters key name Name of the key to define Table 3 7 lists key designations for three terminal types e On LK201 terminals you can define three types of keys numeric keypad editing keypad except the up and down arrow keys and function key row except F1 through F5 On VT100 type terminals you can also define the left arrow and right arrow keys On VT200 terminals the left arrow and right arrow keys and the F6 through F14 keys are for command line editing Issue the DCL command SET TERMINAL NOLINE EDITING to define these keys before you run Client FTP You can also press Ctrl V to enable keys F7 through F14 but not F6 On 52 terminals the only definable keys on the numeric keypad Table3 7 Key Designations for Three Terminal Types Key Name LK201 VT100 type 52 1 1 1 blue PF2 PF2 PF2 red PF3 PF3 PF3 gray 4 4 4 KPO KP9 0 9 0 9 0 9 PERIOD COMMA gt MINUS ENTER ENTER ENTER ENTER LEFT lt lt lt
49. FTP supports multiline recall of up to 20 lines Before Using FTP Before you can transfer files you need To make sure that the FTP OpenVMS software is installed configured and started on your system The name or internet address of the remote host to which you want to connect The username and password of the account on the remote host If the remote host does not support multiuser protection features you might not need a username and password If you are using TCPware s Token Authentication the password is the PASSCODE generated on your SecurIDW token The filenaming conventions on the remote host FTP Session A typical FTP session consists of the following steps 1 Open the FTP connection 3 1 PART II User Functions 2 Determine the format of the files you want transferred 3 Transfer files using the GET MGET PUT MPUT or COPY commands or selections on the graphical user interface windows The default file format is formatted ASCII 4 Close or exit the FTP connection Features FTP OpenVMS includes the following features Choice of command line execution or graphical user interface execution for DECwindows Motif Version 1 1 or later Informational and error status messages Support of wildcards in source filespecs Table 3 1 describes some of the features of Client FTP Table 3 1 Client FTP Features This feature Means that Command Line or Client FTP allows you to exe
50. Host Configuration Protocol DHCP Provides IP addresses and configuration data to hosts Supports DHCP and BOOTP protocols Simple Network Management Protocol SNMP Services Network management stations can obtain timely information about the network activities of OpenVMS server hosts Supports MIB I and MIB II TCPware s SNMP Agent also supports subagents serving private MIBs as well as the SNMP Multiplexing SMUX Service Network Control Process NETCP Starts maintains and shuts down the network NETCP also contains the Port Mapper that maps Remote Procedure Call RPC server programs to ports A TCPDUMP utility 1s also included e Network Control Utility NETCU Provides commands so that the system manager can monitor and control various functions such as adding and removing servers clients Network Time Synchronization Use either the Network Time Protocol NTP or the Time Synchronization Protocol TIMED to coordinate time distribution between hosts Network Security Includes Incoming and Outgoing Access Restrictions Packet Filtering the Kerberos V4 Server user commands management commands and administration server the IP Security Option IPSO and Token Authentication for login security Other Clients and Servers Client protocols DISCARD FINGER NSLOOKUP PING TALK Trivial File Transfer Protocol TFTP TRACEROUTE and WHOIS and Server protocols CHARGEND DAYTIMED DISCARDED E
51. If auth type is KERBV4 or you omit the value Kerberos v4 authentication is used If auth type is NULL or you omit the qualifier standard authentication is used ERROR file File or device to which to direct error messages from the remote command The default is ERROR SYSSERROR See also the SYSERROR qualifier LOG file Logs a copy of the output to the specified file Output continues to be directed to SYSSOUTPUT while it is being recorded in the log file Not valid with SYSERROR The default is no logging RSH RSH Issuing Commands on a Remote Host OUTPUT file Output file or device to which to direct output from the command The default is OUTPUT SYSSOUTPUT PASSWORD remote password Password for the remote account Use together with the USER qualifier The password is sent across the network as plain text RAW NORAW default Prevents an extra carriage return from being inserted for screen display Specifying NORAW or omitting the qualifier places a carriage return before a line feed character before the line is written to the terminal REALM realm Assigns the name of the Kerberos realm Use if the Kerberos Server resides in a different realm than the local host Use with the AUTHENTICATION KERBVA qualifier and value Realm is converted to lowercase unless you enclose it in quotes If omitted the Kerberos realm is determined by the TCPWARE KERBV4 REALM logical value SYSERROR Same as the ERROR
52. New Remote File Dir Name mat COPY source source destination Equivalents Par GET COPY source REMOTE destination RECV COPY source REMOTE destination MGET COPY source REMOTE MULTIPLE destination PUT COPY source LOCAL destination SEND COPY source LOCAL destination MPUT COPY source LOCAL MULTIPLE destination ameters source Input filespec Use a comma between multiple filespecs Enclose the filespec in quotes if you want to preserve case and did not use the SET NOLOWERCASE command The format is node username password path node hostname or DECnet node name with OpenVMS Alpha V6 1 and later and all OpenVMS I64 systems the hostname can be a domain name or IP address username valid account on the host password password PASSCODE if using Token Authentication for the account COPY FTP Transferring Files path location and name of the file You can omit the node username password part of the specification unless it is for a DECnet file If omitted Client FTP uses the current default directory You can use the node path syntax omitting the username and password if you want access to anonymous FTP resources In this case FTP OpenVMS implicitly adds the ANONY MOUS qualifier Use the LOCAL or REMOTE qualifier after the parameter depending on the context The local filespec must conform to OpenVMS filenaming rules The remote filespec must conform to the
53. Note SET DEBUG CLASS REPLIES or VERBOSE toggled to ON is the default In this way you can see informational messages when logging in to the server or changing remote directories if informational messaging is enabled on the server Format SET DEBUG CLASS keyword Synonyms DEBUG toggles SET DEBUG CLASS COMMANDS VERBOSE toggles SET DEBUG CLASS REPLIES default is ON Qualifier CLASS keyword Classes of debugging information to enable or disable Use one or more of the keywords listed in Table 3 8 The initial default is PERFORMANCE and REPLIES Use NONE as the first entry to clear the classes before resetting them see Example 1 Table 3 8 Class Keywords Keyword Purpose COMMANDS Enables displaying FTP commands sent to the server PERFORMANCE Enables displaying performance information when using COPY LOG GET LOG or PUT LOG REPLIES Enables displaying FTP replies received from the server equivalent to toggling the VERBOSE command ON the default ALL Enables displaying all classes NONE Disables displaying all classes Examples 1 The following resets the debugging classes It first disables all classes NONE and then enables the COMMANDS and REPLIES VERBOSE classes FTP gt SET DEBUG CLASS NONE COMMANDS REPLIES 3 70 SET DEBUG CLASS FTP Transferring Files 2 The following toggles the REPLIES VERBOSE class If on it shows informational messages f
54. OpenVMS Mail Across the Network TCPware enhances OpenVMS Mail so you can send and receive mail across the network Specifying Addresses When you use OpenVMS Mail to send mail to a host outside your VMScluster the message is sent via SMTP Simple Mail Transfer Protocol For this reason you must specify the address so that SMTP accepts the mail correctly The format for the address is To SMTP recipient destination The string SMTP and the destination system name are not case sensitive that is you can type them in either uppercase or lowercase letters The destination recipient specification may be case sensitive however depending on the destination system s software On some UNIX systems ROOT and root specify two different user names and hence different electronic mail addresses If the address contains a quote enter the address with either V or s as shown in the following example formats To SMTP recipient destination or To SMTP srecipient destination If the address is on a local DECnet network use this format 10 1 PART II User Functions To SMTP nodename username If the address is on a remote DECnet network you may use this format To SMTP nodename username QGdestination Note TCPware assumes that an address containing a double colon is a DECnet address If an 10 2 address contains a double colon and is not a DECnet address SMTP does not handle it correctly If you know t
55. Plus Connected b TCP IP software RSX 11M IAS RSX 11M Share with DECnet LAT or LAVC Chapter 2 Functional Overview Introduction This chapter presents a functional overview of the TCPware for OpenVMS components It addresses questions you may have such as what you use to Access to network filesystems as 1f they were local filesystems Transfer copy files over the network Print network files Log in to and perform commands on a remote system Send or receive mail or message over the network Access to network magnetic tape or CD ROM drives Dynamically configure network hosts and find network information Control network activity Synchronize clocks across the network Secure resources on the network Tunnel external protocol applications over IP Program network interfaces For more details on each subject we provide you with references to the appropriate section of this documentation set at the end of this chapter Remote Filesystem Access You can access remote filesystems as if they were your own using NFS OpenVMS see Table 2 2 1 PART I Introduction 2 2 1 Table2 1 TCPware Components for Access to Network Filesystem This To use it you As a system component Allows you to need AS user manager NFS OpenVMS Ona TCP IP To access simply use the see the Client network remote filesystems as if Management transparently filesystems run they were on Guide access t
56. TELNET End of Record Option 885 Trailer Encapsulations 893 A Standard for the Transmission of IP Datagrams over Ethernet Networks 894 Reverse Address Resolution Protocol 903 Broadcasting Internet Datagrams STD 5 919 Broadcasting Internet Datagrams in the Presence of Subnets STD 5 922 References Table A 1 Subset of RFCs Implemented by TCPware for OpenVMS Continued Title RFC Internet Standard Subnetting Procedures STD 5 950 Bootstrap Protocol BOOTP 951 File Transfer Protocol STD 9 959 Mail Routing and the Domain System STD 14 974 XDR External Data Representation Standard 1014 Domain Administrators Guide 1032 Domain Administrators Operations Guide 1033 Domain Names Concepts and Facilities 1034 A Standard for the Transmission of IP Datagrams over IEEE 802 Networks 1042 Internet Protocol on Network Systems HYPERchannel Protocol Specification 1044 A Nonstandard for Transmission of IP Datagrams over Serial Lines SLIP 1055 RPC Remote Procedure Call Protocol Specification Version 2 1057 TELNET Window Size Option 1073 TELNET Terminal Speed Option 1079 TELNET Terminal Type Option 1091 NFS Network File System Protocol Specification 1094 TELNET X Display Location Option 1096 DNS Encoding of Network Names and Other Types 1101 U S Department of Defense Security Options for the Internet Protocol 1108 Host Extensions for IP Multicasting STD
57. TELNET discards all characters currently in the output stream from the server when sending the AO control function Client TELNET uses the TELNET timing mark option to accomplish this the Server does not have to support this option for this feature to work If you specify NOFLUSH Client TELNET sends only the AO control function If you omit both the previous setting remains The initial default is FLUSH If there is no response to the timing mark option Client TELNET may continue to discard output from the server Use the FLUSH command to resume normal operation 12 39 PART II User Functions SET NOJAO SYNCH NOSYNCH default Sends the AO command followed by the SYNCH signal Examples 1 Each of these equivalent commands sets the AO character to Ctz1 0 ASCII 15 TELNET gt SET AO o TELNET gt SET AO 15 2 This example removes the previous character definition 1f any for the AO control function TELNET gt SET NOAO 12 40 SET NOJAYT TELNET Connecting to Remote Terminals SET NO AYT Defines changes or disables the are you there AYT character If you enter the defined AYT character during a TELNET session Client TELNET sends the TELNET AYT control function to the server instead of the actual character Ignored 1f TN3270 mode is active Format SET AYT char SET NOAYT Parameter char When entered this character sends the TELNET AYT control function to the server You can specify this
58. TSSYM qname RETRY INTERVAL Same as TCPWARE TSSYM RETRY INTERVAL but for a specific queue only and overrides TCPWARE TSSYM RETRY INTERVAL TCPWARE TSSYM qname TIMEOUT Same as TCPWARE TSSYM TIMEOUT but for a specific queue only and overrides TCPWARE TSSYM TIMEOUT TCPWARE VMSLPRSMB qname PRECONN Makes the connection to the printer before processing the file Normal behavior 1s to make the connection to the printer after processing the file TCPWARE VMSLPRSMB qname RETRY INTERVAL Same as TCPWARE VMSLPRSMB RETRY INTERVAL but for a specific queue only and overrides TCPWARE VMSLPRSMB RETRY INTERVAL TCPWARE VMSLPRSMB qname TIMEOUT Same as TCPWARE VMSLPRSMB TIMEOUT but for a specific queue only and overrides TCPWARE VMSLPRSMB TIMEOUT TCPWARE VMSLPRSMB RETRY INTERVAL Defines the interval at which the symbiont retries to make a connection to a printer after an attempt fails The default value for a retry interval is 2 minutes 2 in delta time Note A connection failure can take 1 5 minutes to time out which is not included in this interval value B 30 TCPware Logicals Table B 1 TCPware Logicals Continued TCPWARE VMSLPRSMB TIMEOUT Defines the time it takes for a print job to abort if the connection to the printer is never established The default timeout is infinite 1t never times out UCXSDEVICE Defined as BG the name of the UCX device drive
59. Token Authentication feature if installed and enabled For more information see Chapter 14 Token Authentication Protecting Logins Opening a TN3270 Session Client TELNET supports TN3270 mode for local OpenVMS terminals The remote IBM host must 12 3 PART II User Functions 12 4 support a TELNET server You can only connect one TN3270 session at any one time Client TELNET returns an error message if you try to open more than one TN3270 session To open a TELNET session in TN3270 mode see Example 12 2 1 At the DCL prompt enter TELNET 2 Use the OPEN command at the TELNET gt prompt TELNET gt OPEN host TN3270 TELNET servers that cannot automatically negotiate this mode require the TN3270 qualifier 3 Enter the TN3270 escape sequence Ctr1 C instead of ctr1 4 If you want to print a screen in TN3270 mode add the PRINT qualifier as follows TELNET gt OPEN host TN3270 PRINT FILE filename QUEUE qnanmne See TN3270 Screen Printing and Dumping 5 Only one TN3270 session can be open at any given time If you try to open more than one TN3270 session Client TELNET returns an error message Table 12 1 lists the IBM terminal models and screen sizes Client TELNET supports To use the emulated model your terminal must support the minimum size number of rows and columns indicated DECwindows DECterm and virtual workstation VWS windows resize accordingly Table 12 1 Supported IBM Models
60. a target host when delivering outgoing mail TCPWARE SMTP BATCH QUEUE Points to the TCPware SMTP queue B 23 PART III Appendixes Table TCPware Logicals Continued TCPWARE SMTP DECNET DOMAIN Specifies a DECnet name used in the creation of return addresses TCPWARE SMTP DELIVERY RECEIPTS Enables or disables delivery receipts value is TRUE or FALSE TCPWARE SMTP DISABLE DELIVERY RECEIPT DISCLAIMER When deliver receipts are enabled a disclaimer is included in all such receipts telling the sender that the message has been delivered but not necessarily read Defining this logical prevents the disclaimer from being included TCPWARE SMTP DISABLE FOLDER DELIVERY Disables TCPware SMTP s ability to deliver messages to user defined folders in their VMS Mail files TCPWARE SMTP DISABLE PSIMAIL If defined causes mail sent to PSI users to be returned with NOSUCHUSER TCPWARE SMTP ENVELOPE FROM HOST Specifies the host name to be used in the SMTP envelope MAIL FROM line If not defined the default system host name is used TCPWARE SMTP FORWARDER Specifies the domain name of the system to which all outgoing mail is forwarded for further delivery TCPWARE SMTP FROM HOST Specifies the local host name used when forming From address on outgoing messages If this logical is not defined the system host name is used TCPWARE SMTP HEADER ORG Specifies the text for an Org
61. a job in the designated print queue then sends the job to the printer associated with that queue Figure 5 1 shows using the UNIX style LPR command and the OpenVMS style PRINT command when you use LPS It also shows sending a file to a print queue associated with a terminal server on a TCP IP network To send files to a printer using the networking print services 1 Enter the LPR command to send a file to print when either the local or remote host is a UNIX system For example LPR filename Prints the file specified by filename on the default remote printer For example LPR MEMO TXT Prints the file MEMO TXT on the default remote printer LPR PMYUNIX MEMO TXT Sends the file MEMO TXT to the remote printer specified by the logical MYUNIX LPR PRPRINTERIGALPHA MEMO TXT Sends the file MEMO TXT to the remote printer RPRINTER1 connected to host ALPHA See the LPR LPQ LPRM and PRINT commands in the command reference 2 Enter the PRINT command to send a file to a print queue for printing when one of the following Is true see Figure 5 1 a The local host is a TCP IP OpenVMS host and the remote host runs the LPD server The local and remote hosts are TCP IP OpenVMS hosts The local host is a TCP IP OpenVMS host and the printer connects to a terminal server on a TCP IP network In the print request PRINT QUEUE qname filename the qname parameter is the name of the print queue and the filen
62. a remote print queue For each request in a queue LPQ reports the following User s name Current rank of the request in the queue Names of the files within the request Request number Total size of the request in bytes Print requests appear in the order in which you want them printed If the filenames are unavailable because the job consists of text entered directly from the keyboard LPQ lists them as SYSSINPUT You can specify up to 50 files and 50 usernames on one LPQ command line 1 Pprinter job number username You can enter commands parameters and options in upper or lowercase letters Print services converts all uppercase letters to lowercase unless you enclosed them in quotation marks Parameters job number Displays queue information for the specified request username Displays queue information for print requests owned by a specific user Options l Displays queue information in the long format If you do not use this option LPQ displays only as much information about the job as fits on one line Pprinter host Plogical name Specifies a remote print queue If you do not use this option LPQ displays information only for the default printer defined by the logical TCPware LPR_PRINTER Note does not support the UNIX option n 5 6 LPQ Network Printing Examples 1 This command displays in short form all jobs queued to the printer sys print on hos
63. a system manager FINGER Extract user enter information from a FINGER userGhost to finger remote user See the Management information program Guide Chapter 30 Network Testing Tools IDENT Determine the user See the Management associated with a Guide Chapter 30 connection Network Testing Tools NSLOOKUP Extract information enter about network hosts from the Domain Name Systems nslookup host to find See the Management Guide Chapter 30 Network Testing Tools 2 11 PART I Introduction 2 12 Table 2 10 TCPware Network Testing Tools Continued NIC username directory services to obtain usernames WHOIS username See the User 5 Guide Chapter 15 WHOIS Username Directory Services This component Allows you to AS a user As a system manager PING Find out if a host is enter up E if you can PING TCPWARE PING TR See the Management Guide Chapter 30 Network Testing Tools TCPDUMP Utility Track TCP packets See the Management by printing Guide Chapter 30 information in packet Network Testing Tools headers TRACEROUTE Trace the path of an See the Management IP packet to an Guide Chapter 30 internet host Network Testing Tools WHOIS Query the Network enter the Information Center command TCPware also provides other useful testing utilities and services including CHARGEND DAYTIMED DISCARD ECHOD NETCU DEB
64. a wildcard character Enclose in quotes if you want to preserve case other than all lowercase For multiple files leave a space between each filespec The default extension is LIS Options Note The following options are listed in the order characters lowercase and uppercase numbers and symbols They are all prefixed by a hyphen and some take arguments The lowercase and uppercase character options can mean very different things and are listed together for comparison sake The important distinction is that the uppercase options all take arguments There are two ways to keep this distinction clear on the command line Enter lowercase options in lowercase and uppercase options in uppercase Here you MUST enclose the uppercase character in quotes for example P use the remote printer indicated by the following argument Also include a space character between a lowercase unquoted option and filespec or the entry will be interpreted as an option that takes an argument see the next method Enter all options in lowercase Here you MUST distinguish the options taking arguments by appending the argument immediately after the option character with no intervening space For example plp means use remote printer 1 while p 1 with the space means print the 1p file which contains UNIX pr formatting commands C File contains data in the UNIX CIF graphics language 5 8 LPR Network Print
65. and authentication User Responsibilities Because this system creates an audit trail that cannot be repudiated you may be held accountable for activities recorded identifying you as the user Avoid the unauthorized use of your identity and privileges by protecting the secrecy of your PIN and the possession of your token 14 4 Token Authentication Protecting Logins You are responsible for protecting the authentication factors entrusted to you Keep your PIN secret and protect your SecurID token against loss and theft If an unauthorized person learns your PIN and obtains your token this person can assume your identity Any action taken by this intruder will be attributed to you in the system s security log For your own protection and that of the system always take the following precautions Never reveal your PIN to anyone Do not write it down f you think someone learned your PIN notify the security administrator who will clear the PIN immediately At your next login you will have to receive or create a new PIN Exercise care not to lose your SecurID token or to allow it to be stolen If your token is missing tell an administrator immediately The administrator will disable it so that it is useless to unauthorized users Do not let anyone access the system under your identity do not let them log in with your PIN and a code from your SecurID token It is essential to site security that you follow your system s sta
66. both If SSH2 15 available on different ports on the two systems then the Zport method must be used PRESERVE Sets the Protection Owner UIC and Modification dates on the target file to match that of the source file The adjustment of timestamps for timezones is dependent upon the logical SYSSLOCALTIME being set correctly This is defined automatically on VMS V7 and can be defined similarly on earlier versions of VMS PRESERVE is not very useful when the target machine is a VMS system as VMS does not provide runtime library calls for setting the file 17 5 Secure File Transfer attributes owner protection and timestamps Note that the VMS modification date not the creation date is propagated to the remote system When files are copied between two VMS systems and VMS is used PRESERVE is implied and the process of transferring VMS attributes preserves the information about the protection dates and file characteristics NOPROGRESS SCP2 by default updates a progress line at regular intervals when it is run interactively to show how much of the file has been transferred This qualifier disables the progress line QUIET Disables warning messages Note that it does not disable warning messages from SFTP SERVER2 which return on the error channel RECURSIVE Copies all of the files in the specified directory tree Note that the top level directory on the local system is not created on the remote system Only the most re
67. connections The string should contain two numbers separated by a space The in the logical represents where defined values go DEFINE TCPWARE FTP SERVER DATA PORT RANGE TCPWARE FTP SERVER LOG LIMIT By setting this logical in the LOGIN COM file you can specify that log files be retained Set the logical name to a dash to retain all log files or specify a number in the range of 1 to 32000 Directory size restrictions limit the number of potential files that can be created If you do not specify a number or value one log file is created or overwritten for each FTP session Use the DCL PURGE command to delete unneeded log files The following example specifies that 42 log files be retained DEFINE TCPWARE FTP SERVER LOG LIMIT 42 TCPWARE FTP SERVER RELAXED PORT COMMAND The server compares the IP network address value specified in the PORT command with the IP network address of the IP address it is receiving commands from If these are not in agreement the PORT command is not accepted Some multi homed clients and clients that can do third party transfers send values that do not match Defining this logical allows the PORT command to be accepted for these clients by disabling this check The in the logical represents where defined values go Defined values can be either alpha or numeric DEFINE TCPWARE FTP SERVER RELAXED PORT COMMAND B 11 PART Ill Appendixes Table B 1 TCPware Logicals Cont
68. defined does not remove the DIR extension To use this feature define the logical as DEFINE TCPWARE FTPD KEEP DIR EXT TRUE To return to the default behavior deassign this logical TCPWARE FTP MESSAGE FILE Defines the message file the FTP user sees when connecting to the server or moving between directories The definition of this logical is commented out but defined in the FTP CONTROL COM file as follows DEFINE TCPWARE FTP MESSAGE FILE MESSAGE Transferring Files Table 3 6 TCPware FTP Logicals for Users TCPWARE_FTP_NOKEEPALIVES If this logical is defined the FTP server will not send keepalives on the control channel The KEEPALIVE command allows the FTP client program to toggle whether or not it desires keepalives to be sent on the control channel The SET NOJKEEPALIVE command allows the FTP client to explicitly set whether or not it desires keepalives on the control channel TCPWARE FTP ONLY BREAK ON CRLF If this logical 15 set and an ASCII file is transferred a new line is created in the file upon receipt of a carriage return line feed sequence If this logical is not set and an ASCII file is transferred a new line is created upon receipt of either a carriage return line feed sequence or a line feed TCPWARE FTP SEMANTICS FIXED IGNORE CC If this logical is defined to TRUE then GET operations of fixed lengths record files will not have a lt CR gt carriage return lt
69. directory on the remote host With SET DEFAULT LOCAL Client FTP sets the local default directory to your login directory defined by the SYSSLOGIN logical Use the node directory syntax to access an anonymous FTP user directory in which case you can omit the ANONYMOUS qualifier Qualifiers LOCAL Changes the local default directory to directory LCD is the same as SET DEFAULT LOCAL 3 72 SET DEFAULT Transferring Files REMOTE default Changes the remote default directory to directory CD is the same as SET DEFAULT REMOTE ANONYMOUS NOANONYMOUS Enables ANONYMOUS or denies NOANONYMOUS the setting of defaults for anonymous user directories You can omit ANONYMOUS if you use the syntax node directory See Anonymous Users NO APPEND NOJCONFIRM NO IGNORE NO LOG NOJRECORD NO VARIABLE NO VMS These qualifiers set various transfer defaults Do not use with LOCAL or REMOTE See the COPY GET PUT or DELETE command for qualifier descriptions ASCII BINARY BLOCK FORTRAN IMAGE n These qualifiers set transfer mode defaults see Table 3 2 Use only one Do not use with LOCAL or REMOTE See the COPY GET or PUT command for qualifier descriptions DEFAULT Determines the default transfer mode from the local file s file extension Do not use with LOCAL or REMOTE Examples 1 The following equivalent commands set the local default directory to SSMITH DOC
70. enabled on the server when logging in or moving around directories on the server The ON or OFF setting is immediately displayed after the command FTP gt VERBOSE 3 71 PART II User Functions SET DEFAULT SET DEFAULT Changes the default local or remote directory Sets the default qualifiers used with the COPY GET PUT and DELETE commands Note Specify the parameter or the qualifiers separately Do not specify them together Format SET DEFAULT directory Synonyms and Equivalents CD directory SET DEFAULT REMOTE CD allows you to use UNIX style directory names LCD directory SET DEFAULT LOCAL IMAGE SET DEFAULT IMAGE TYPE BINARY SET DEFAULT BINARY Parameter directory Default directory to set on the local or remote host depending on whether the LOCAL or REMOTE qualifier follows or the remote directory specification if no qualifier follows The directory format is node username password directory To open a connection first use the node username password part of the format This syntax is optional The directory part of the format is any valid directory specification Enclose it in quotes if it contains special characters or embedded spaces or is case sensitive You can also use the directory format as in if the remote host is an OpenVMS system If directory is omitted With SET DEFAULT or SET DEFAULT REMOTE Client FTP sets the default directory to the parent of the current
71. entered the results appear in the scrollable list to the left of the File Type and Viewer fields Click a list item and click the Modify or Delete button to modify or delete the item To cancel the window click Cancel Note Changes you make to settings and viewer preferences are stored in DECW_FTP_SETTINGS DAT and DECW_FTP_VIEWERS DAT files respectively in your login directory 3 7 PART II User Functions Figure 3 4 FTP OpenVMS Window Options TCPware 5 Settings la Ftp Logs v Commands Replies v Both 1b Confirm on Delete _ Beep After Lower case Ic 1d Timeout secs OK Cancel g TCPware FTP OpenVMS File Viewer Preferences 1e 1f notepad 2c FileType E 2a Viewer mi 2e Modify Delete 24 Closing and Exiting An FTP connection remains open until you quit or exit FTP close the connection or open a new connection Command line method See Figure 3 6 1 To close an FTP connection use one of the following commands FTP gt CLOSE Closes the current connection and continues the FTP session for the next command FTP gt OPEN host FTP gt CONNECT host Both OPEN and CONNECT close the current connection and open another one 3 8 FTP Transferring Files 2 To exit an FTP session FTP gt EXIT or Ctr1 Z See the CLOSE OPEN and EXIT c
72. format 16 29 Accessing Remote Systems with the Secure Shell SSH Utilities STIR file Stir data from file to random pool VERSION Print sshkeygen version number NO WARN Warn don t warn if overwriting existing keys when using the HOST qualifier default WARN X509 CONVERT file Convert private key from X 509 format to SSH2 format 16 30 Accessing Remote Systems with the Secure Shell SSH Utilities There is also a comment field in the public key file that is for the convenience to the user to help identify the key The comment can tell what the key is for or whatever is useful The comment is initialized to nnn bit dsa username hostname mm dd yyyy hh mm ss when the key is created unless the COMMENT qualifier is used and may be changed later using the EDIT qualifier Note When the HOST qualifier is used the KEYS key1 keyn qualifier is ignored Note The public key file must be world readable SSHAGENT authentication agent SSHAGENT DESCRIPTION SSHAGENT is a program that holds authentication private keys Both SSH1 and SSH2 keys are supported by SSHAGENT SSHAGENT may be started in the beginning of a login session by including the commands to start it in for example LOGIN COM It may also be started interactively at any time during a login session To start SSHAGENT one of the three methods may be used 1 Start it in a separate window SSHA
73. gt SHOW STATUS Connected sessions 1 IRIS plants com telnet 192 168 1 93 23 gt 2 HOMER illiad com telnet 192 168 1 90 23 N is the escape attention character No characters are translated to CRLF when received CR is translated to CRLF when sent TELNET gt RESUME HOMER TN3270 Keyboard Mapping When the current Client TELNET session is in TN3270 mode Client TELNET lets your local OpenVMS keyboard emulate the keyboard normally used on an IBM 3270 class terminal The TCPWARE MAP3270 DAT file defines the key mappings The MAP3270 DAT file supports all the standard HP terminal types If you have a non standard terminal make sure the TCPWARE MAP3270 DAT file and the OpenVMS SYS SYSTEM TERMTABLE TXT file contain the appropriate keyboard definitions If you need to alter definitions in the MAP3270 DAT file note the following MAP3270 DAT 15 not case sensitive Table 12 2 lists the key mapping in this file Oneentry contains all key definitions for a particular terminal Use this format to define each key key name key sequence key sequence key name is a key name defined in the MAP3270 DAT file key sequence 15 the sequence of OpenVMS keys used to perform the IBM function Use the following conventions when you alter key map definitions Convention Meaning Encloses each entry 2 Encloses key sequences For example m or For example z NEOM
74. has logged into The files specifications have the format KEY port hostname PUB portis the port over which the connection was made hostname is the hostname of the key s host For example if tulip flowers com was accessed via port 22 the keyfile would be KEY 22 TULIP FLOWERS COM PUB If this file changes on the host for example the system manager regenerates the host key SSH2 will note this and ask if you want the new key saved This helps prevent man in the middle attacks SSH2 JRANDOM SEED Client System Seeds the random number generator This file contains sensitive data and MUST have a protection of no more than S RWD O RWD G W and it must be owned by the user This file Is created the first time the program is run and is updated automatically The user should never need to read or modify this file On OpenVMS systems multiple versions of this file will be created however all older versions of the file may be safely purged Use the DCL command SET FILE VERSION_LIMIT n RANDOM SEED to set a limit on the maximum number of versions of this file that may exist at any given time 16 25 Accessing Remote Systems with the Secure Shell SSH Utilities Table 16 3 SSH2 Files Continued Resides File Name On Description SSH DIR RHOSTS Server Is used in hostbased authentication to System list the host user pairs that are permitted to log in Each line of the
75. host name to be used in checking for local host when passing messages through the reject rules TCPWARE SMTP SERVER REJECT FILE Points to the file containing the rejection rules TCPWARE SMTP SERVER REJECT INFO Specifies the level of OPCOM messages generated by the rejection rules for incoming SMTP mail If not defined no messages are generated TCPWARE SMTP SUPPRESS VENDOR Suppresses the vendor name in the SMTP server welcome banner Define this logical to hide the fact that the system is a VMS system running TCPware TCPWARE SMTP SYMBIONT LOG Enables debug logs for the SMTP symbiont TCPWARE SMTP SYMBIONT PURGWS TIMER Specifies how often the SMTP symbiont purges its working set to free up unneeded memory The time is specified as a delta time TCPWARE SMTP WINDOW SIZE Specifies the window size used in TCP connections when delivering mail B 26 TCPware Logicals Table B 1 TCPware Logicals Continued TCPWARE SNMP DEBUG SNMP subagent developers uses this logical to set certain debug masks DEFINE TCPWARE SNMP DEBUG mask TCPWARE SSH ALLOW EXPIRED PW Allows logging in to an account when the account s password has expired due to pwdlifetime elapsing This applies to all users and circumvents normal VMS expired password checking and therefore should be used with caution An entry 1s made into the SSH LOG SSHD LOG file when access is allowed using this logical name TCPW
76. host port Causes the given port on the local client host to be forwarded to the given host and port on the remote side The system to which SSH connects acts as the intermediary between the two endpoint systems Port forwardings can be specified in the configuration file Only system can forward privileged ports See the Port Forwarding section for more details LOG_FILE logfilename Log all terminal activity to the specified log file Defaults to SSH LOG if Jogfilename is not specified MAC mac 1 mac n Select MAC algorithm s NO AGENT FORWARDING Disable authentication agent forwarding FORWARDING Disable X11 connection forwarding OPTION option 1 option n Gives options in the format used in the configuration file This is useful for specifying options for which there is no separate command line flag The option has the same format as a line in the configuration file and are processed prior to any keywords in the configuration file For example OPTION CompressionLevel 6 16 7 Accessing Remote Systems with the Secure Shell SSH Utilities 16 8 Table16 1 SSH Client Command Options and Qualifiers Continued Qualifier Description PORT port Connect to this port on server system Server must be listening on the same port QUIET Quiet Mode Causes all warning and diagnostic messages to be suppressed Only fatal errors display
77. knows the private key When the user logs in 1 The SSH client program tells the server the key pair it would like to use for authentication 2 The server checks if this key pair is permitted If it is permitted the server sends the SSH client program running on behalf of the user a challenge a random number encrypted by the user s public key The challenge can only be decrypted using the proper private key 3 The user s client then decrypts the challenge using the private key proving that he she knows the private key but without disclosing it to the server 4 SSH implements the RSA authentication protocol automatically Accessing Remote Systems with the Secure Shell SSH Utilities The Key Identity files are created with SSHKEYGEN To create the RSA key pair files with TCPware 1 Run SSHKEYGEN to create the RSA key pair IDENTITY and IDENTITY PUB Both of these files are stored in the user s SYS LOGIN SSH directory IDENTITY is the private key IDENTITY PUB is the public key Once you have created your identity files 1 Transfer the IDENTITY PUB file to the remote machine 2 Update the AUTHORIZED KEYS file on the remote machine by appending the contents of the public key file to the SYSSLOGIN SSH AUTHORIZED KEYS file on the remote host The format of the AUTHORIZED KEYS file requires that each entry consists of a single long line After this the user can log in without giving the password RSA authentication is much mo
78. local NTA device so that you can run applications over the TELNET connection To create a local NTA device see Example 12 5 1 Enter at the DCL prompt one of the following TELNET host CREATE TELNET gt OPEN CREATE Use the second method if you already logged in to a host and escaped from the session using Ctr1 or some other defined escape sequence In both cases this associates a preallocated local NTAx terminal device to your TELNET connection x is the next available unit number No other escaped connection can exist during your TELNET session for this to work If one exists the TCPWARE TELNET E CONNOPN error message appears 2 Run your application at the DCL prompt Use the allocated terminal device as desired 3 When your application ends clean up by deallocating the NTA device you created using the following command at the DCL prompt DEALLOCATE device See your OpenVMS documentation for details on the DEALLOCATE command Note Using CREATE in this way creates a non permanent NTA device which has certain 12 8 ramifications See the next section for details on how to create a permanent NTA device Using the OPEN CREATE command as part of a TELNET command file creates an NTA device and exits TELNET right away without passing any further commands in the file to TELNET You can also invoke TELNET and use OPEN CREATE noninteractively such as with a batch file The batch file cannot open an interactive con
79. lt If gt will be used for the text line separator as documented in the SSH File Transfer specification TCPWARE_SFTP_CASE_INSENSITIVE This logical causes SFTP to treat filenames in a case insensitive manner when it is defined to TRUE YES or 1 TCPWARE_SFTP_ODS2_SRI_ENCODING This logical controls whether or not SRI encoding is used for filenames on VMS ODS 2 disks If the logical is not defined or is defined to TRUE YES or 1 then SRI encoding is used on ODS 2 disks for filenames that contain uppercase letters and special characters TCPWARE_SFTP_FILE_ESTIMATE_THRESHOLD This logical controls the minimum number of blocks that a text file must be for an estimated transfer size to be returned instead of an exact size The default is to estimate the transfer size for all text files 17 9 Secure File Transfer TCPWARE SFTP DEFAULT FILE TYPE REGULAR If this logical is defined to TRUE YES or 1 then the SFTP server will use a default file type of REGULAR instead of UNKNOWN for OPEN operations This can correct problems with filenames without a dot in them getting dir added to them The filename will appear with a at the end of the name in directory listings TCPWARE SFTP username CONTROL The logical TCPWARE SFTP username CONTROL can be defined SYSTEM to any combination of NOLIST NOREAD NOWRITE NODELETE NORENAME NOMKDIR NORMDIR to restrict operations for the username in the logical NOWRITE will disable PUT
80. network layer While this means that FTP gives more accurate reports on the progress of a transfer it increases overhead Use hash marks primarily with transfers over slower speed links Such as SLIP lines Format SET HASH SET NOHASH Synonym HASH toggles between SET HASH and SET NOHASH 3 76 SET NOJLOWERCASE FTP Transferring Files SET NOJLOWERCASE Enables the conversion of unquoted filenames to lowercase before Client FTP sends the files to the remote host SET LOWERCASE is the default With SET NOLOWERCASE Client FTP does not convert unquoted filenames to lowercase Note Client FTP always preserves the case of filenames that appear within quotation marks Format SET LOWERCASE SET NOLOWERCASE 3 77 PART 1 User Functions SET NO PASSIVE SET NOJPASSIVE Sets passive mode Passive mode performs an active open on the data connection which can avoid problems with firewall systems SET NOPASSIVE the default disables passive mode Note You can also define the TCPware FTP PASV logical as follows DEFINE PROCESS TCPWARE FTP PASV TRUE Your system manager can also define the logical system wide as follows DEFINE SYSTEM EXEC TCPWARE FTP PASV TRUE Graphical User Interface Equivalent TCPware FTP OpenVMS File Transfers Options TCPware FTP OpenVMS Settings PASV Mode OK Format SET PASSIVE SET NOPASSIVE Synonym PASSIVE toggles between SET PASSIVE and SET NOPASSIVE 3 78 SET NO V
81. non permanent NTA devices see the previous section Using TELNET CREATE by itself to create a non permanent NTA device such as in the previous section has the following limitations An application using this NTA device may be written to deassign and thus delete the device if the connection goes down This could cause a conflict when rerunning the application if meanwhile another NTA connection with the same unit number is created Handing off the NTA device to another process may require setting up the device as NOHANGUP Recovery is not possible in case of a broken connection You can bypass these limitations and make the NTA device a permanent one by adding the PERMANENT keyword to the TELNET CREATE command as follows see Example 12 6 Note 1 Creating a permanent NTA device requires OPER privilege Enter at the DCL prompt TELNET host port CREATE PERMANENT TELNET gt OPEN host port CREATE PERMANENT This creates a permanent local NTAx terminal device with the next available unit number However unlike non permanent NTA devices the TELNET utility does not preallocate it Likewise you can specify the LOGICAL qualifier to set up a logical name for the device so that other applications can use it It is advisable that you specify a port other than the default TELNET port 23 See the OPEN command in the Command Reference section for other parameters you can use with the CREATE PERMANENT qualifier Run yo
82. on DELTA Startup Command File You can have a startup file execute FTP commands each time you invoke FTP The startup file contains commands you want your system to perform at the beginning of each FTP session Your system manager might already have defined a system wide FTP startup file Creating an FTP startup file is optional The startup command file in Figure 3 9 opens a remote connection sends the password and initiates a SHOW STATUS command You can set up an FTP startup command file or override one established by the system manager at the system level using the following procedure 1 Create an STARTUP COM file in your directory FTP Transferring Files 2 In the file include the FTP commands you want executed each time you start an FTP session If you include a password make sure to use quotation marks to preserve case 3 Edit your LOGIN COM file and define the FTP_STARTUP logical to point to the startup file DEFINE PROCESS FTP STARTUP SYS LOGIN FTP STARTUP COM Using the DEFINE PROCESS FTP STARTUP entry in the user s LOGIN COM file causes that file to override any FTP startup command file at the system level 4 Run FTP Whenever you run Client FTP it looks for the file to which the FTP_STARTUP logical points and processes all the commands in that file If the EXIT or QUIT command appears in the startup file Client FTP Ignores all commands following the EXIT or QUIT command Continues with
83. on the card then press the P on the lower right of the card The display clears and a new tokencode shows after the last of the countdown indicators disappears from the left of the LCD Note For FTP logins you must first log in on a terminal session such as TELNET or SET HOST to receive your PIN before you can initiate an FTP session 2 Initiate a terminal login session After you respond to the usual prompt for your login name the system asks you to enter a PASSCODE 3 If you never received a PIN before enter the code that 1s currently displaying on your SecurID token at the Enter PASSCODE prompt If your token previously had a PIN and the administrator did not clear it when setting 1t in New PIN mode For Standard Card and Key Fob only Enter the old PIN and right after it the code that is currently displaying on your token Do not separate the two with a space For PINPAD only Enter the old PIN into the card and press the diamond u near the bottom of the card Then at the Enter PASSCODE prompt enter the code displayed on the card 4 Press Return If you entered the code incorrectly the system displays an Access denied message Try again Once you enter a valid tokencode the following message appears Press Return to generate a new PIN and display it on screen or Ctrl d to cancel the New PIN procedure Un If anyone else can see your screen press Ctr1 D so that your secret PIN is not displayed on your scre
84. out txt txt txt txt txt txt mode octet gt mode octet gt mode octet gt mode octet gt mode octet gt mode octet gt 60 seconds 13 13 PART II User Functions TRACE 13 14 Chapter 14 Token Authentication Protecting Logins Introduction Token authentication allows you to set additional security restrictions on your FTP TELNET RLOGIN and SET HOST logins You can set up token authentication through TCPware s Access Control Encryption Client ACE Client on the OpenVMS host which communicates with Security Dynamics ACE Server on a UNIX or Windows NT host The authentication takes place through a physical SecurID token smart card that you use to provide the ACE Server with the necessary login information This chapter explains the TCPware ACE Client its interaction with the ACE Server and how to enter login information using the SecurID token What Is the ACE Client Passwords have long been the front line of defense in protecting hosts and networks and have come under scrutiny because of well publicized security breaches Applications that require passwords to access resources are especially vulnerable to these security breaches TCPware s token authentication in collaboration with Security Dynamics Corporation s Access Control Encryption Server ACE Server works with a two factor password system to help solve this security problem Token authentication combines use of the regular login password
85. protection is S RWD O RWD G W SSH2 IDENTIFICATION Client Contains the information about System private keys that can be used for public key authentication when logging in 16 23 Accessing Remote Systems with the Secure Shell SSH Utilities Table 16 3 SSH2 Files Continued Resides File Name On Description SSH2 ID alg bits seq Client Contains a private key for System authentication alg is either RSA or DSA e bits is the length of the key seq is an incrementing alphabetic value Thus a key named ID DSA 1024 A indicates this is a private DSA key 1024 bits long and it is the first time the key was generated using SSHKEYGEN A user may have multiple private key files in a directory SSH2 ID aig bits seq PUB Client Contains a public key for System authentication and A Server alg is either RSA or DSA System bits is the length of the key e seq is an incrementing alphabetic value Thus a key named ID DSA 1024 B PUB indicates this is a public DSA key 1024 bits long and it 1s the second time the key was generated using SSHKEYGEN A user may have multiple public key files in a directory 16 24 Accessing Remote Systems with the Secure Shell SSH Utilities Table16 3 SSH2 Files Continued File Name Resides On Description SSH2 HOSTKEYS xxx PUB Client System Contains public host keys for all hosts the user
86. qualifier except that it sends messages to the NLAO device TRUNCATE n Truncates the local OpenVMS username to the specified n length The n value must be greater than zero or the command aborts with an error The default is eight characters If the local username is also the remote username if you omit the USER qualifier TCPware also truncates the remote username to the indicated length However it never truncates a remote username specified explicitly with the USER qualifier USER remote username Remote host s username that is different from the username with which you are currently logged in to the local host TCPware never truncates an explicitly specified remote username see the TRUNCATE qualifier Remote username is converted to lowercase unless you enclose it in quotes Examples 1 This command opens a connection to host IRIS and displays the name of your current working directory rsh iris pwd 2 This command opens a connection to host IRIS for username Smith and displays the name of the working directory for Smith rsh iris user Smith pwd 9 3 PART II User Functions RSH 9 4 The quotes around Smith are necessary because the name contains a mixture of upper and lowercase characters that you would want to preserve in sending the command Without the quotes the name converts to lowercase and may not match the username on the remote host This command opens a connection to host IRIS and displays the nam
87. queries information from DNS servers based on RFCs 1034 and 1035 occluded mount Action in NFS where a filesystem mounts on a subdirectory of an existing mount point so that previously visible subdirectories and files of the original mount are no longer visible ONC RPC Services Software development tool with which programmers can build distributed applications on VAX computers Open Shortest Path First Interior gateway protocol that distributes routing information OSPF Protocol between routers in a single Autonomous System AS OSPF chooses the least cost path as the best path overmounting Action in NFS where a filesystem mounts on top of an existing mount point packet Single message as it appears to the physical network packet filtering Restricts the datagrams that an interface can receive Glossary 9 PART II User Functions Glossary of Terms Continued Packet Switching Data Network PSDN and packet switching exchange PSE A PSDN consists of widely separated packet switching exchanges PSEs PSEs connect through public or private telephone networks or leased lines PSEs contain data circuit terminating equipment DCE Passcode Combination of your PIN and the tokencode Used with the token authentication system passive open Passive open listens and waits for a request from a remote host to establish a connection You can fully or partially specify pass
88. rather ring a terminal that has been idle for only a short period specify the terminal port using 11 1 PART II User Functions ttyname One way to discover terminal ports is by using the FINGER utility such as in the following example where there are two terminal ports ttyp5 ttyp7 Since the ttyp7 terminal has a much shorter idle time and 1s more current it is therefore a better candidate for a TALK terminal FINGER MARGEGMARGE ZOZO COM Login name marge In real life Marge Simpson Directory home spectre Shell usr local bin tcsh On since Nov 3 10 06 48 on ttyp5 from bart nene com 59 minutes Idle Time Login name marge In real life Marge Simpson Directory home spectre Shell usr local bin tcsh On since Nov 3 10 06 44 on ttyp7 from bart nene com 36 seconds Idle Time TALK MARGEGMARGE ZOZO COM TTYP7 After the above command TALK sends the following message to the recipient 1f the connection is successful Message from Talk Daemonedestination host talk connection requested by yourname yourhost talk respond with talk yourname yourhost To establish the connection the recipient follows the instructions from the Talk Daemon and types the following at the system prompt talk yourname yourhost It does not matter from which machine the recipient replies as long as the recipient s login name is the same Once communication is established the two parties can type simultaneously with their output a
89. remote tftpd tftp help get receive file 13 5 PART II User Functions MODE MODE Sets the file transfer mode to type type may be either ASCII or BINARY The initial type is ASCII Format MODE type Parameter type The mode type either ASCII or BINARY Example This command changes the transfer mode to BINARY Mode octet tftp mode binary tftp status Connected to SIRIUS nene com Mode octet Tracing off Rexmt interval 5 seconds Max timeout 25 seconds 13 6 PUT TFTP Trivial File Transfers PUT Puts a file to the previously specified remote host Since TFTP does not authenticate the client the server allows access only to files in the directory and its subdirectories defined by the TCPWARE TFTP ROOT logical The server converts OpenVMS filenames with their directories into UNIX filenames as in Table 13 2 The directory specification is dir and the filename specification with its extension is filename ext Table 13 2 TFTP UNIX to VMS Filename Conversions UNIX Filename Is Converted to VMS Filename dir filename ext dir filename ext dir filename ext dir filename ext Format PUT ocal file remote file Parameters local file Input file specification on the local host remote file Output file specification on the remote host If omitted Client TFTP uses the ocal file filename and extension Examples 1 This command transfers the US DOMAIN INFO TXT
90. servers to be set The default is 10000 DEFINE SYSTEM EXECUTIVE TCPWARE FTP MAX SERVERS 1500 B 8 TCPware Logicals Table B 1 TCPware Logicals Continued TCPWARE FTP MAXREC The FTP client and the FTP server check the record size of an ASCII transfer and disallow more than 8192 byte records Define this logical to override the default of 8192 The definition of this logical is commented out but defined in the FTP_CONTROL COM file as follows DEFINE SYSTEM NOLOG EXECUTIVE TCPWARE FTP MAXREC 8192 TCPWARE FTP MESSAGE FILE Defines the message file the FTP user sees when connecting to the server or moving between directories The definition of this logical is commented out but defined in the CONTROL COM file as follows DEFINE SYSTEM NOLOG EXECUTIVE TCPWARE FTP MESSAGE FILE MESSAGE TCPWARE FTP ONLY BREAK ON CRLF If this logical is set and an ASCII file is transferred a new line is created in the file upon receipt of a carriage return line feed sequence If this logical is not set and an ASCII file 15 transferred a new line is created upon receipt of either a carriage return line feed sequence or a line feed TCPWARE FTP PASSWORD WARNING MESSAGE The logical TCPWARE FTP PASSWORD WARNING MESSAGE defines the message that the FTP server displays when the user s password is going to expire within the warning time If the amount of time before the password expires is to be displayed
91. several methods Initial Server System Authentication When an initial connection is made from the client system to the server system a preliminary authentication of the server is made by the client To accomplish this the server system sends its public key to the client system SSH maintains a directory containing the public keys for all hosts to which it has successfully connected For each user this is the SSH2 HOSTKEYS directory off the individual SYSSLOGIN directory In addition a system wide directory of known public keys exists in the system directory pointed to by the logical name TCPWARE SSH2 HOSTKEY DIR and this may be populated by the system manager Both directories are searched as needed when establishing a connection between systems Any new host public keys are added to the user s HOSTKEYS directory If a host s identification changes SSH warns about this and disables password authentication to prevent a trojan horse from getting the user s password Another purpose of this mechanism is to prevent man in the middle attacks that could be used to circumvent the encryption The SSH configuration option StrictHostKeyChecking can be used to prevent logins to a system whose host key is not known or has changed Hostbased Authentication Hostbased authentication relies on two things the existence of the user s system and username in either TCPWARE HOSTS EQUIV or in the individual user s SYSSLOGIN RHOSTS SYSSLOGIN SHOSTS fi
92. should have an initial contiguous allocation of the specified number of blocks If the output file is smaller than the specified blocks Client FTP truncates the number of blocks allocated If the output file is larger the additional allocations are non contiguous Does not apply to remote output files FDL Uses and then deletes a separate FDL file describing the specified file s OpenVMS RMS record attributes This qualifier is useful after a PUT FDL operation from a VMS node transfers a file to a non VMS node the GET FDL operation can then return the file with the proper record attributes back from the non VMS node The default is not to create an accompanying FDL file The TYPE command determines the type of file A transfer of e ASCII data results in a sequential file with variable length records the default IMAGE data results in a sequential file with fixed length records of 512 bytes FORTRAN Transfers the file in FORTRAN mode see Table 3 2 The first character of each record is a FORTRAN carriage control character Some hosts do not recognize this transfer format IGNORE NOIGNORE default IGNORE ignores errors so that copying can continue with the next file NOIGNORE terminates copying if an error occurs IMAGEJ size Transfers the file in image mode Optional size sets the record size of the local output file see Table 3 2 Does not apply to remote output files LOG NOLOG default LOG displays file
93. specifications for each file transferred MULTIPLE Transfers multiple files equivalent to MGET Use after remote file only and include wildcards in remote file Necessary because some remote hosts do not recognize the OpenVMS asterisk percent or question mark characters as wildcards MULTIPLE ensures that the remote host understands more than one file is to be transferred The remote host s server must support the FTP NLST command for remote wildcard operations to work 3 51 PART II User Functions GET RECORD Transfers the preceding file using STRU R so as to communicate the record structure during the copy positional qualifier Not all servers support record structure mode If you specify both RECORD and VMS Client FTP uses VMS RESTART For STREAM mode transfers restart the transfer where it was interrupted The client verifies that the server supports the 3659 SIZE and REST commands and ignores the qualifier if it does not This does NOT work for VMS mode transfers STRU VMS and if the remote system is a VMS system it is recommended that a STRU FILE be done before the transfer commnd and to include NOVMS on the command line SET FACTS Set selected file facts on the destination file to match the source file after transfer The facts currently supported are MODIFICATION TIME VARIABLE Transfers an image file see IMAGE in variable length record mode All IMAGE records are fixed length when s
94. telnet 140 147 254 3 23 TN3270 mode Current session is operating in 3270 mode Terminal type IBM 3278 2 Keyboard Map File TCPWARE MAP3270 DAT Host Character Set CANADIAN Terminal Character Set LATIN1 Print key function Output File SYSSLOGIN TN3270 TXT 12 15 PART II User Functions C is the escape attention character Table 12 3 TN3270 Internationalization Character Sets Character Set Code Page Character Set Code Page AUSTRIAN 273 INTERNATIONAL 038 BELGIAN 274 NORWEGIAN 277 CANADIAN 037 PORTUGUESE 037 DANISH 277 SPANISH 284 DUTCH 037 SWEDISH 278 ENGLISH UK 285 SWISS 500 ENGLISH US 037 FRENCH 297 FINISH 278 ITALIAN 280 Note Some of the character sets in this table correspond to the same coded page If omitted the code page defaults to 037 Table 12 4 OpenVMS Character Sets Multinational Character Sets National Replacement Character Sets DECMCS default NORTH AMERICA LATINI FLEMISH CANADIAN FRENCH BRITISH DANISH AUSTRIAN GERMAN DUTCH ITALIAN SWISS FRENCH SWISS GERMAN SWEDISH NORWEGIAN BELGIAN FRENCH SPANISH PORTUGUESE 12 16 TELNET Connecting to Remote Terminals TN3270 Keypad Graphics Characters The TN3270 keyboard mapping key definitions permit mapping keypad graphics characters 0 9 to themselves rather than to other 3270 functions Modify the MAP3270 DAT file if you emulate a TN3270 k
95. the FTP utility commands see Chapter 3 FTP Transferring Files Use the RCP command to copy remote files You can copy files From a remote host to your host From your host to a remote host From one remote host to another remote host a third party copy CAUTION If you are using RCP with Kerberos version 4 authentication in a third party copy only the first connection uses Kerberos The second connection uses standard authentication in which case the username and password pass through the network as clear text Before you use RCP your system manager must install and configure the TCPware FTP OpenVMS product and enable the shell service during TCPware R Services configuration Also make sure your host or username is registered in the remote system s rhosts if UNIX or SYSSLOGIN RHOSTS file if OpenVMS To use Kerberos version 4 authentication with the remote host be sure your username and Kerberos realm in the remote host s klogin file if UNIX or SYS LOGIN KLOGIN file if OpenVMS To use Kerberos version 4 authentication your system manager must enable the kshe11 service during TCPware s Kerberos Services configuration If you request Kerberos authentication RCP tests for it first If the test fails RCP uses standard authentication instead With Kerberos V4 authentication you can specify the Kerberos realm using the REALM qualifier If omitted the TCPWARE KERBV4 REALM logical value determines the realm
96. the location of the user s ticket file TCPWARE LPD DEFAULT USER Defines a default OpenVMS username for remote users connecting to the local LPD server Used only when you define a remote host in the LPD access file and the remote username is not mapped to a specific OpenVMS username TCPWARE LPD OPTIONS Determines if the server handles batch queues B 13 PART III Appendixes Table B 1 TCPware Logicals Continued TCPWARE LPD qname FORM Defines the form used for print jobs This is similar to TCPWARE LPD qname PARAMETER Use TCPWARE LPD FORM to define the form for all queues Note A specific queue setting overrides the global setting for that queue TCPWARE LPD qname OPTION Specifies additional PRINT command qualifiers to pass to the specified print queue BURST FEED FLAG FORM HEADER LOWERCASE PASSALL PRIORITY RESTART SPACE TRAILER Use TCPWARE LPD OPTION to define the option for all queues Note A specific queue setting overrides the global setting for that queue TCPWARE LPD qname PARAMETER Defines the specified parameters when the remote user submits a print request to the OpenVMS print system qname is the queue name The first equivalence string for the logical 1f defined is the first parameter the second 1s the second parameter and so on up to eight parameters Use TCPWARE LPD PARAMETER to define the parameter for all queues Note A specific qu
97. to Perform Various Tasks on the Local System DEFINE KEY Associate an equivalence string and set of attributes with a keyboard key HELP Bring up the Client FTP online help facility LCD Set your local default directory LDIR List files in your local directory SET BELL Ring terminal bell after completing a file transfer SET DEBUG Display of debugging information SET HASH Enable hash marks during a file transfer SET LOWERCASE Convert unquoted filenames to lowercase in a file transfer request SET PASSIVE Sets passive mode SET VMS FTP Client negotiates with the server for VMS file structure when opening a connection SHOW STATUS Show the status of the current connection and local default directory SPAWN Executive DCL commands without exiting FTP Transferring Files Table3 4 Commands to Use to Perform Various Tasks on the Local System Continued STRUCTURE Change the default file structure for a transfer FILE RECORD or VMS TYPE Change the default file transfer format ASCII BINARY IMAGE FORTRAN BLOCK VARIABLE or DEFAULT Table3 5 Commands to Use to Perform various Tasks on the Remote System CD Change the remote default directory DELETE Delete a file or directory on the remote host DIR LIST or Is List files on the remote host MKDIR Create a directory on the remote host PWD Display the name of the current working directory on the remote host QUOTE Send an
98. to perform some function or if your terminal cannot generate the character SET NOESCAPE disables the escape attention character SET ESCAPE is ignored if TN3270 mode is active However SET NOESCAPE applies to all sessions including TN3270 sessions Format SET ESCAPE char SET NOESCAPE Synonym ESCAPE SET ESCAPE Parameter char You can specify this character in either of the following formats Numeric ASCII value of the character String Character string enclosed in quotes Specify control characters by typing a caret before the character You can redefine the default escape attention character by defining the logical TCPWARE TELNET ESCAPE in the process job group or system logical name tables The logical value has the same syntax as char To define it use one of the following formats DEFINE PROCESS TCPWARE TELNET ESCAPE 24 DEFINE PROCESS TCPWARE TELNET ESCAPE Both commands set the escape character to ASCII code 24 ctr1 x They are equivalent DEFINE SYSTEM EXEC TCPWARE TELNET ESCAPE 1 The 1 value disables the escape attention character Examples 1 Each of these equivalent commands sets the escape character to Ctz1 x ASCII 24 TELNET gt SET ESCAPE x TELNET gt SET ESCAPE 24 12 50 SET NOJESCAPE TELNET Connecting to Remote Terminals 2 This example sets the escape character to right brace 1 TELNET gt SET ESCAPE 3 This exam
99. unless it is for a DECnet file If omitted Client FTP uses the current default directory You can use the node path syntax omitting the username and password if you want to rename anonymous FTP resources in which case the ANONYMOUS qualifier is implied new name Valid filespec to substitute for old name Enclose in quotes 1f it contains special characters imbedded spaces or is case sensitive Qualifier ANONYMOUS NOANONYMOUS Enables ANONYMOUS or denies INOANONYMOUS renaming files in anonymous user directories You can omit ANONYMOUS if using the node file syntax node path See Anonymous Users 3 67 PART II User Functions RENAME Examples 1 The following renames the testb file to test2 test FTP gt RENAME testb test2 test 2 The following renames the OLD TXT file on DELTA to NEW TXT It is equivalent to using the ANONYMOUS qualifier sends the ANONYMOUS user email address username and password with the command FTP gt RENAME DELTA OLD TXT NEW TXT 3 68 SET NO BELL FTP Transferring Files SET NO BELL Enables the terminal bell after completing a file transfer SET NOBELL is the default Format SET BELL SET NOBELL Synonym BELL toggles between SET BELL and SET NOBELL 3 69 PART II User Functions SET DEBUG CLASS SET DEBUG CLASS Enables or disables displaying debugging information depending on the class keyword s used The CLASS qualifier is required
100. unread mail No Plan Login name marge In real life Marge Simpson Directory home spectre Shell usr local bin tcsh On since Nov 3 10 06 44 on ttyp7 from bart nene com 36 seconds Idle Time Bart TALK MARGEGMARGE ZOZO COM TTYP5 Your party is refusing messages The Checking for invitation on caller s machine message may come up when the client is waiting for a response from the remote system If the message appears for an extended time it may mean that the remote system s server does not support ntalk protocol in which case a connection is not possible If the message Your party is not logged on appears the remote user is not logged on at the time Chapter 12 TELNET Connecting to Remote Terminals Introduction The Virtual Terminal Protocol TELNET provides connections to remote hosts With it you can access remote hosts using OpenVMS commands or a UNIX style command interface The Client TELNET utility is your interface to TELNET OpenVMS You can run Client TELNET interactively or through a startup command procedure Client TELNET supports normal and TN3270 mode Normal mode uses your local OpenVMS keyboard In this mode you can open up to ten TELNET sessions at one time n TN3270 mode Client TELNET emulates the keyboard normally used on an IBM 3270 class terminal It allows you to connect only one TN3270 session at a time Before Using TELNET Before you u
101. using a supplied private key and provide an e mail extension cmpclient base mykey refnum 1234 abcd ca url http www ca auth domain 8080 pkix _ subject c us o foobar cn Dilbert Dogbert email foo bar com _ ca certification crt my private key prv This will generate and enroll a certificate called mykey 0 crt Note SSH stores and uses software certificates in DER encoded binary format You can use sshkeygen to import and convert PKCS 12 packages convert pkcs file into private key certificate pair X 509 format private key into SSH private key convert x509 file or PKC 7 into certificate extract certs file Public key Subsystem The public key subsystem and assistant that can be used to add remove and list public keys stored on a remote server The public key assistant and server are based upon a recent IETF draft so other implementations of SSH may not yet offer this functionality The Publickey assistant can be started with 5 PUBLICKEY ASSISTANT qualifiers user host tport l Publickey Assistant Commands ADD key file name Transfers the key file name to the remote system The file name specified is expected to be in the SSH2_ CONFIG directory from the user s login directory e g ADD ID DSA 1024 A PUB will transfer the public key in ID DSA 1024 A PUB to the remote system and updates the AUTHORIZATION file on the remote system to include this key name CLOSE Closes the connection to the rem
102. with a time based code derived from a token The authentication system consists of a secure server and the client connected to the devices that need to be protected Security Dynamics provides the ACE Server and a backup server Slave ACE Server TCPware provides the ACE Client The ACE Client handles the interaction between the client and the ACE Server software at the place where the client is responsible for gathering the authentication data from the user The authentication token in this case is the Security Dynamics SecurID smart card a physical card containing a microprocessor that generates a new unpredictable code every 60 seconds on its liquid crystal display LCD The Server synchronizes and checks this code when entered with the 14 1 PART II User Functions user s memorized personal identification number PIN These two codes together form the user s PASSCODE Token authentication 1s available for FTP OpenVMS TELNET OpenVMS RLOGIN and the OpenVMS SET HOST command The TCPware ACE Client supports Security Dynamics proprietary encryption SDI Encryption The ACE Server must also use SDI Encryption The ACE Server runs on a UNIX or Windows NT machine The ACE Client must be registered with the ACE Server Terms Special terms used in this chapter include PIN Your personal identification number The PIN consists of four to eight alphanumeric characters Depending on the policy set by your system manager
103. write operation to the permanent NTA device occurs If RETRIES is not set to 0 automatic retries occur when the connection closes If all those retries fail and a write is done later to the NTA device then the specified number of retries 1s attempted Here is a typical command to create a TELNET connection to a printer note the use of RAW to avoid sending TELNET options negotiation data TELNET RAW CREATE PERM RETRIES 0 CLOSE host port After TELNET creates a permanent NTA device with an underlying TCP connection the NTA device s reference count drops to 0 thus the TCP connection is closed When a write operation occurs to the NTA device an attempt is made to re establish the TCP connection Meanwhile the data being written is held so that it can be sent when reconnected If all reconnects fail the write data is dropped When the application deassigns its channels to the NTA device its TCP connection is again closed To specify that the permanent NT device should be treated as a local terminal rather than a remote terminal to allow for spooling of the device add the local keyword to the TELNET create qualifier TELNET CREATE PERM LOCAL HOST CHARACTER SET name Use with the TN3270 qualifier to set the national EBCDIC character set for TN3270 Internationalization Table 12 3 shows the supported character sets and their corresponding IBM code page numbers LOGICAL name TABLE table MODE mode Logical na
104. www process com select Customer Support Internet Newsgroup You can also access the VMSnet newsgroup vmsnet networks tcp ip tcpware Licensing Information TCPware for OpenVMS includes a software license that entitles you to install and use it on one machine Please read and understand the Software License Agreement before installing the product If you want to use TCPware on more than one machine you need to purchase additional licenses Contact Process Software or your distributor for details Maintenance Services Process Software offers a variety of software maintenance and support services Contact us or your distributor for details about these services Reader s Comments Page TCPware guides may include Reader s Comments as their last page If you find an error in this guide or have any other comments about it please let us know Return a completed copy of the Reader s Comments page or send e mail to techpubs process com Please make your comments specific including page references whenever possible We would appreciate your comments about our documentation Documentation Set The documentation set for TCPware for OpenVMS consists of the following xxi xxii Release Notes for the current version of TCPware for OpenVMS For all users system managers and application programmers The Release Notes are available online on your TCPware for OpenVMS media and are accessible before or after software in
105. you soon oo Ctr1 c Exiting Good to hear from you Bart Command Reference The following is a command reference to the TALK utility PART II User Functions TALK TALK The TALK command is a visual communication program that exchanges messages with another host user by copying lines you type on your terminal to the other user s terminal The other host recipient must support the ntalk protocol to accept and respond to your messages It does not matter from which machine the recipient replies as long as the recipient s login name is the same Once communication is established the two parties can type simultaneously with their output appearing in different parts of the same window Typing Ctr1 L causes the screen to be reprinted while the erase kill and word kill Ctr1 K characters work in TALK as normal To exit type your interrupt character Ctr1 C Ctr1 Y or Ctr1 z TALK moves the cursor to the bottom of the screen and restores the terminal Format TALK username a host ttyname Parameters username host If you want to talk to someone on your own machine username is just the local user s login name If you want to talk to a user on another host use the form username host ttyname Name of the specific remote terminal Many UNIX clients do not send talk request messages to every terminal of the user and usually select just one You may however want to make a particula
106. 0 RETRIES 10 MARGE 7 STCPWARE TELNET I CREATED NTA2 created GMY APPLICATION MY PORT This example displays the results of using the port parameter value telnet together with the PORT qualifier and value in a single command TELNET gt OPEN DAISY TELNET PORT 23 STCPWARE TELNET W CONFLICT illegal combination of command elements check documentation This example displays a login session to DAISY that uses Token Authentication for password protection TELNET OPEN DAISY sTCPWARE TELNET I TRYING trying DAISY nene com telnet 192 168 142 7 23 STCPWARE TELNET I ESCCHR escape attention character is A AUTHORIZED USE ONLY PHI VAX VMS V5 2 Username PETER Password Enter PASSCODE PASSCODE Accepted 12 35 PART II User Functions RESUME RESUME Resumes the current connection if you do not specify a session number If you specify a session number resumes the connection associated with the session number as displayed by the SHOW STATUS or STATUS command Format RESUME session number Parameter session number Session number to resume based on the session number the SHOW STATUS command displays If omitted resumes the current connection Examples 1 This example resumes the session on BART Client TELNET does not display a message if the user resumes the current session TELNET gt SHOW STATUS Connected session 1 BART humor com telnet 192 168 1 92 23 TELNET RESUME
107. 12 66 TELNET sessions 16 21 TFTP command CONNECT 13 1 GET 13 1 HELP 13 1 MODE 13 1 PUT 13 1 QUIT 13 1 REXMT 13 1 STATUS 13 1 Index TIMEOUT 13 1 TRACE 13 1 invoking 13 1 UNIX to VMS filename conversions 13 4 13 7 TFTP commands CONNECT 13 3 GET 13 4 HELP 13 5 MODE 13 6 PUT 13 7 QUIT 13 8 REXMT 13 9 STATUS 13 10 TIMEOUT 13 11 TRACE 13 13 ticket file location logical 4 1 time clocks synchronizing 2 11 TN3270 graphics keypad naming conventions 12 17 internationalization 12 14 character sets 12 16 keyboard mapping 12 12 alternative key mappings 12 13 keypad graphics characters 12 17 opening a session 12 3 Screen printing and dumping 12 17 tokencode 14 2 transfer qualifiers positional 3 31 TryEmptyPassword 16 12 tunneling 16 21 TYPE command keyword value ASCII 3 84 BINARY 3 84 BLOCK 3 85 DEFAULT 3 85 FORTRAN 3 85 IMAGE 3 85 VARIABLE 3 85 U unsecure connections 16 21 untrusted hosts 16 3 User 16 12 V VerboseMode 16 12 VMS 3 79 17 12 print symbiont 5 16 VMS_PLUS 3 46 VMSLPR Symbiont 5 16 WHOIS 15 1 World Wide Web 1 xxi X Xauthority data 16 6 XDISPLOC 12 21 12 62 Index 11 Index Index 12 Reader s Comments TCPware for OpenVMS Version 5 9 User s Guide Part Number N 5904 59 NN A Your comments and suggestions will help us to improve the quality of our future documentation Please note that this form is for comments on documentation only l rate this gu
108. 17 3 DEBUG 17 3 DIRECTORY 17 3 HELP 17 3 IDENTITY FILE 17 3 NOPROGRESS 17 3 PORT 17 3 PRESERVE 17 3 QUIET 17 3 RECURSIVE 17 3 REMOVE 17 4 TRANSLATE VMS 17 4 VERBOSE 17 4 VERSION 17 4 VMS 17 4 SCP2 16 31 command syntax and qualifiers 17 2 SCP2 qualifier IBATCH 17 4 CIPHER 17 5 COMPRESS 17 5 DEBUG 17 5 DIRECTORY 17 5 HELP 17 5 IDENTITY FILE 17 5 NOPROGRESS 17 6 PORT 17 5 PRESERVE 17 5 QUIET 17 6 RECURSIVE 17 6 REMOVE 17 6 TRANSLATE VMS 17 6 INERBOSE 17 6 VERSION 17 7 NMS 17 7 SCP SERVER1 17 2 Secure shell configuration files 16 23 Secure Shell SSH server 2 15 secure shell client 16 3 SecurlD token logging in with 14 4 type identifying the 14 2 user responsibilities 14 4 SendNOOPPackets 16 12 SET DEBUG class keyword ALL 12 46 NETINPUT 12 46 NETOUTPUT 12 46 NONE 12 46 OPTIONS 12 46 TTYINPUT 12 46 TRANSLATION keyword CR 12 61 LF 12 61 NONE 12 61 SFTP2 command ASCII 17 13 AUTO 17 13 SFTP2 commands BINARY 17 13 BUFFERSIZE 17 13 CD 17 14 CLOSE 17 14 DEBUG 17 14 DELETE 17 14 DIRECTORY 17 14 EXIT 17 14 GET 17 15 GETEXT 17 15 HELP 17 15 LCD 17 15 LDELETE 17 15 LDIRECTORY 17 15 LLS 17 16 LMKDIR 17 16 LOCALOPEN 17 16 LPWD 17 16 LREADLINK 17 16 LRENAME 17 16 LRM 17 16 LRMDIR 17 16 LS 17 17 LSROOTS 17 17 LSYMLINK 17 17 MGET 17 18 Index 7 Index MKDIR 17 18 MPUT 17 18 OPEN 17 18 PUT 17 18 PWD 17 19 QUIT 17 19 READLINK 17 19 RENAME 1
109. 1s forwarded automatically to the remote side unless disabled on the command line or in a configuration file Forwarding of arbitrary TCP IP connections over the secure channel can be specified either on the command line or in a configuration file Note Forwarded ports tunnels exist only as long as the SSH session that established them exists if the SSH session goes away so do the forwardings LOCAL FORWARD localport remotehost remoteport This causes 1ocalport on the system the client is running on to be forwarded to remotehost remoteport The system to which SSH2 connects acts as the intermediary between the two endpoint systems For example Use port forwarding to allow a system midsys to encrypt and forward TELNET sessions between itself mysys that s outside a corporate firewall to a system remotesys that is inside a corporate firewall Note that the use of port 2300 in the examples is arbitrary lt tunnel gt tee midsys remotesys SSH F SSHD y 2300 23 From the DCL prompt on mysys SSH2 midsys 1 1 forward 2300 remotesys 23 With the SSH session to midsys now active type in another window on mysys telnet localhost port 2300 Note The SSH session must remain active for port forwarding activity This causes a connection to mysys 2300 The SSH2 client has bound to this port and will see the connectio
110. 2 server for Publickey Authentication 1 First generate a key tuple 1 netcu sshkeygen ssh2 Generating 1024 bit dsa key pair 1 000 000 000 Key generated 1024 bit dsa myname myclient foo com Thu Mar 06 2003 14 06 10 Passphrase Again Private key saved to DISKSUSERDISK MYNAME SSH2 id dsa 1024 a Public key saved to DISKSUSERDISK MYNAME SSH2 id dsa 1024 a pub directory ssh2 id since TODAY Directory DKAO MYNAME SSH2 ID DSA 1024 A 1 ID DSA 1024 A PUB 1 Total of 2 files 16 16 Accessing Remote Systems with the Secure Shell SSH Utilities Now create the IDENTIFICATION file This contains the name of all the keys you wish to use for public key authentication 1 set default ssh2 copy tt identification idkey id dsa 1024 a 2 1 Copy the key to the user s ssh2 directory on the server system 1 copy id dsa 1024 a pub myserv myname mypass ssh2 1 Now log into the server system and create the AUTHORIZATION file 1 set host myserv Welcome to OpenVMS TM VAX Operating System Version V7 3 Username myname Password Welcome to OpenVMS VAX V7 3 Last interactive login on Tuesday 4 MAR 2003 13 46 Last non interactive login on Tuesday 4 MAR 2003 13 47 set default ssh2 directory ssh2 id Directory DKAO MYNAME SSH2 ID DSA 1024 A PUB 1 Total of 1 file copy tt authorization key id dsa 1024 a pub 2 logout MYNAME logged out
111. 20 if FTP cannot transfer DATA FILEI TXT andsoon 1 if the connection is successful 3 47 PART II User Functions EXIT EXIT Exits FTP and returns to the DCL prompt If a connection is open Client FTP closes it before exiting Graphical User Interface Equivalent TCPware FTP OpenVMS File Transfers File Exit Format EXIT Synonyms QUIT BYE 3 48 GET FTP Transferring Files GET Copies files from a remote host GET supports full wildcard filespecs except wildcards enclosed in a quoted string Use the MULTIPLE qualifier for a wildcarded remote filespec Graphical User Interface Equivalent TCPware FTP OpenVMS File Transfers Select file or files in Remote Files Remote Files Copy Give file new name if desired in New Local Name Format GET remote file remote file local filename Equivalents COPY remote file REMOTE local filename MGET wildcarded remote files GET remote file MULTIPLE remote file remote file local filename Parameters remote file Input filespec on the remote host Enclose in quotes if you want to preserve case and did not use the SET NOLOWERCASE command or the filespec contains delimiters or symbols the FTP server can interpret in special ways Use a comma between multiple filespecs The remote filespec must conform to the filenaming conventions of the remote host In OpenVMS to OpenVMS file transfers the remote file and local filename for
112. 3 21PM EDT job 20600297 VMS Store of DISK SYS LOGIN MYNAME SSH IDENTITY PUB started Transfer completed 395 8 bytes transferred QUIT command received Goodbye TELNET DAISY Trying Connected to DAISY HAIR COM Authorized Users Only TM VAX Operating System Version V7 1 Username MYNAME Password Welcome to OpenVMS TM VAX Operating System Version V7 1 on node DAISY Last interactive login on Thursday 6 MAR 2003 08 07 Last non interactive login on Thursday 6 MAR 2003 15 21 Logged into DAISY at 6 MAR 2003 15 22 43 68 For the first entry into the AUTHORIZED KEYS file copy or rename the file SSH IDENTITY PUB to SSH AUTHORIZED KEYS COPY SSH IDENTITY PUB SSH AUTHORIZED KEYS Ur Ur Ur X Ut Ur 16 18 Accessing Remote Systems with the Secure Shell SSH Utilities FOR SUBSEQUENT ENTRIES use the APPEND command APPEND SSH IDENTITY PUB SSH AUTHORIZED KEYS A sanity check of the file protections shows I DIRECTORY PROTECTION SSH Directory DISK SYS LOGIN MYNAME SSH AUTHORIZED KEYS 1 RWE RWED RE E IDENTITY 1 RWD RWD IDENTITY PUB 1 RWE RWED RE E KNOWN HOSTS 1 RWD RWD RANDOM SEED 1 RWD RWD Total of 5 files DIRECTORY PROTECTION SSH DIR Directory DISK SYS LOGIN MYNAME SSH DIR 1 RWD RWD Total of 1 file SSH2 User Authentication Using Certificates Client setup 1 Copy the private key and certificat
113. 4 REALM logical value determines the Kerberos realm rcp auth src dir vmshost dst dir Using the USER or PASSWORD qualifier with DECnet syntax is not allowed and returns the error message shown rcp user userl new txt flower user2 password new txt TCPWARE E NOQUAL USERNAME qualifier not allowed with DECnet syntax Using multiple passwords with DECnet syntax is not allowed and returns the error message shown rcp tree userl pass1 new txt flower user2 pass2 new txt TCPWARE E MULTPW Multiple passwords not supported Chapter 8 RLOGIN Logging In to a Remote Host Introduction RLOGIN is the Berkeley R Command utility you can use to log in to a remote host RLOGIN provides a functionality similar to TELNET except that RLOGIN follows more of a UNIX format This chapter is a basic use summary of the RLOGIN command Before you use RLOGIN be sure your host or username is registered in the remote system s rhosts file if UNIX or SYSSLOGIN RHOSTS file See the Management Guide Chapter 16 Managing R Commands for information on host equivalence files To use Kerberos version 4 authentication with the remote host make sure that your username and Kerberos realm are in the remote host s klogin file if UNIX or SYSSLOGIN KLOGIN file if OpenVMS To use Kerberos V4 authentication your system manager must configure TCPware s Kerberos Services You must also first get a ticket granting ticket TGT from the
114. 57 PART II User Functions SET LOG SET LOG Opens or closes a log file Client TELNET uses a log file to save the output from a remote host While connected to a remote host Client TELNET also puts all output the remote host sends your terminal into the log file SET LOG logs output from every connected session If multiple connections exist there is no way to specify that you want to log only output from a specified session to the log file Format SET LOG file Opens the local file file and begins logging To close a log file and stop logging enter SET LOG with no file specification Parameter file OpenVMS file specification of the file that logs the remote host s output If omitted Client TELNET closes the present log file if there is one Qualifiers DATA default NODATA DATA logs all data sent to the specified file the default NODATA disables this OPTIONS NOOPTIONS default OPTIONS prints option negotiations to the specified log file in addition to performing normal logging NOOPTIONS the default disables options printing Examples 1 This example opens the file TEXT LOG and enables logging TELNET gt SET LOG TEXT LOG 2 This example closes a log file and stops logging TELNET gt SET LOG 3 This example opens the file TEXT LOG enables normal logging and prints options negotiations to the TEXT LOG file TELNET gt SET LOG TEXT LOG OPTIONS 4 This example opens the file TEXT LOG an
115. 7 19 RM 17 19 RMDIR 17 19 SETEXT 17 19 STATUS 17 19 SYMLINK 17 19 VERBOSE 17 20 VMS 17 20 SFTP2 qualifiers BATCHFILE 17 11 IBUFFER SIZE 17 11 CIPHER 17 11 COMPRESS 17 11 CONCURRENT REQUEST 17 11 DEBUG 17 11 HELP 17 11 IMAC 17 11 NOPROGRESS 17 11 VERSION 17 12 VERBOSE 17 12 sftp2 qualifiers IPORT 17 12 SITE SHOW TIME 3 18 SPAWN 3 18 site specific commands 3 18 issuing 3 18 SMTP logicals A1_NAME B 23 ACCEPT_UNIX_LF B 23 ALLOW_USER_FROM B 23 ALLOW_VIRTUAL_DOMAIN B 23 AM_DOMAIN B 23 AM_NAME B 23 APPEND_FORWARDER_TO_MX B 23 BATCH_QUEUE B 23 DECNET_DOMAIN B 24 DELIVERY_RECEIPTS B 24 DISABLE_DELIVERY_RECEIPT_DISCLAIM ER B 24 DISABLE_FOLDER_DELIVERY B 24 DISABLE_PSIMAIL B 24 ENVELOPE_FROM_HOST B 24 FORWARDER B 24 FROM_HOST B 24 HEADER_ORG B 24 HEADER_RETURN_RECEIPT_TO B 24 HEADER_SYS B 24 Index 8 HOST_ALIAS FILE B 24 HOST NAME B 25 LOCALDOMAIN B 23 MAXIMUM 822 TO LENGTH B 25 MRGATE NAME B 25 NAMESERVERS B 23 NO USER REPLY TO B 25 NON LOCAL FORWARDER B 25 POSTMASTER B 25 REJECT INVALID DOMAINS B 25 REPLY TO B 25 RESENT HEADERS B 25 RETRY INTERVAL B 25 RETURN INTERVAL B 25 RETURN MSG B 26 RETURN RECEIPT TO HEADER ENABLE B 26 SEND CLASS B 26 SERVER DISABLE VRFYEXPN B 26 SERVER LOG B 26 SERVER RCPT CHECK HOST B 26 SERVER REJECT FILE B 26 SERVER REJECT INFO B 26 SMTP LOG B 25 SUPPRESS VENDOR B 26 SYMBIONT LOG B 26 SYMBIONT PURGWS TIMER B 26 VMSMAIL HEADER CONTROL B 27 VMSMA
116. 9 1 If you want to print the ensuing TN3270 screen while opening a TN3270 host connection specify at the DCL prompt TELNET host TN3270 PRINT QUEUE qgname 12 17 PART II User Functions Or specify at the TELNET gt prompt TELNET gt OPEN host TN3270 PRINT QUEUE qname You can also add the FORM parameter which specifies the form name for the print queue as in TELNET gt OPEN host TN3270 PRINT QUEUE qname FORM form name 2 If you want to print the current TN3270 session screen when already in TN3270 mode ctr1 c out of the session and specify at the TELNET gt prompt TELNET gt SET PRINT QUEUE qname FORM form name The QUEUE qualifier is like the QUEUE parameter and the optional FORM qualifier is like the FORM parameter in step 1 previously 3 If you want to dump the ensuing TN3270 screen into a file while opening a TN3270 host connection specify at the DCL prompt TELNET host TN3270 PRINT FILE filename Or specify at the TELNET gt prompt TELNET gt OPEN host TN3270 PRINT FILE filename The default print setting is PRINT FILE S YS LOGIN TN3270 TXT NOAPPEND You can also use the APPEND keyword that appends the current screen dump onto an existing filename NOAPPEND is the default TELNET gt OPEN host TN3270 PRINT FILE filename NO APPEND 4 If you want to dump the ensuing TN3270 screen into a file when already in TN3270 mode Ctr1 C out of the session and specify at the TELNET
117. ALIVES is defined the FTP server will not send keepalives on the control channel The KEEPALIVE command allows the FTP client program to toggle regardless of whether or not it desires keepalives to be sent on the control channel The SET NO KEEPALIVE command allows the FTP client to explicitly set whether or not it desires keepalives on the control channel TCPWARE FTP LOGFILE Defines a specific name of a log file Use this if you suspect break ins to the FTP server DEFINE SYSTEM EXEC TCPWARE FTP LOGFILE SYS COMMON SYSMGR FTPLOGIN LOG This logical must be defined before TCPware FTP is started or FTP must be restarted after defining it in order for it to take effect If this logical exists the FTP server writes a record to the specified file each time a user attempts to log in Each record includes the date and time the remote host s internet address and whether the login succeeded Specifies the name of the file to which ALL commands and responses to ANONYMOUS FTP services are logged If TCPWARE FTP LOG ALL USERS is also defined then commands and responses for all users are logged TCPWARE FTP LOG ALL USERS This logical causes all commands and responses to be logged to the file defined by TCPWARE FTP LOGFILE The default when this logical is not defined is to just log the commands and responses for anonymous users DEFINE TCPWARE FTP LOG ALL USERS TCPWARE FTP MAX SERVERS Allows the maximum number of
118. ANCE OF THIS SOFTWARE Copyright c 1996 2000 Internet Software Consortium Use is subject to license terms which appear in the file named ISC LICENSE that should have accompanied this file when you received it If a file named ISC LICENSE did not accompany this file or you are not sure the one you have is correct you may obtain an applicable copy of the license at http www isc org This file is part of the ISC DHCP distribution The documentation associated with this file is listed in the file DOCUMENTATION included in the top level directory of this release Support and other services are available for ISC products see http www isc org for more information ISC LICENSE Version 1 0 1 This license covers any file containing a statement following its copyright message indicating that it is covered by this license It also covers any text or binary file executable electronic or printed image that is derived from a file that is covered by this license or is a modified version of a file covered by this license whether such works exist now or in the future Hereafter such works will be referred to as works covered by this license or covered works 2 Each source file covered by this license contains a sequence of text starting with the copyright message and ending with Support and other services are available for ISC products see http www isc org for more information This will hereafter be referred to as the file s Bootstrap Lice
119. ARE NFS DFLT UID Specifies the default UID and GID The server uses these defaults in the following cases Receives a request from a user without a PROXY mapping and who is also the superuser UID 0 and any GID The server replaces the superuser UID and GID with the default UID and GID Processesaget attributes request and cannot find a file s owner UIC in the PROXY database The server uses the default UID and GID instead TCPWARE NFS DIRLIFE TIMER Sets when to delete internal directory cache data structures Specify the interval as OpenVMS delta time The default is 3 minutes TCPWARE NFS DIRREAD LIMIT Sets the maximum size in bytes for each file read while processing a get attributes request If the estimated file size exceeds this value TCPware does not read the file to determine its exact size and returns an estimated size instead The estimated file size 1s always larger than the exact size The 1 default turns off file size estimation This parameter applies only to filesystems exported with the CONVERT option the default A value of 0 disables TCPware from determining exact file sizes on requests This parameter may provide the NFS Client with inexact file sizes This is not a problem but may affect some applications TCPWARE NFS DIRTIME TIMER Sets a time interval that determines when the server updates the directory access time between NFS operations Specify the interval as an OpenVMS delta time The de
120. ARE SSH ALLOW PREEXPIRED PW SSH1 allows logging in to an account when the password has been pre expired This applies to all users and circumvents normal VMS expired password checking and therefore should be used with caution An entry is made into the SSH LOG SSHD LOG file when access is allowed using this logical name TCPWARE SSH KEYGEN MIN PW LEN SSH1 defines the minimum passphrase length when one is to be set in SSHKEY GEN If not defined defaults to zero Defined by TCPWARE2CNFNET SSH TCPWARE SSH PARAMETERS These parameters are used to start SSHD MASTER They are parameters set by TCPWARE CNFENET SSH TCPWARE SSH USE SYSGEN LGI SSH1 if defined causes SSHD to use the VMS SYSGEN value of LGI PWD TMO to set the login grace time overriding anything specified in the command line or the configuration file TCPWARE SVCORDER Contains the list of services used in the order specified Use the values bind local the default if the logical is not defined and local bind uses DNS if the Hosts database lookup fails TCPWARE VMSMAIL HEADER CONTROL Specifies how many RFC822 headers are included in mail delivered to VMS Mail users Values can be ALL MAJOR and NONE TCPWARE VMSMAIL LOCASE USERNAME Lowercases the username portion of outgoing addresses B 27 PART III Appendixes Table B 1 TCPware Logicals Continued TCPWARE VMSMAIL NO EXQUOTA Delivers incoming mail to l
121. ARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO ANY MATTER WHATSOEVER INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NON INFRINGEMENT OF THIRD PARTY RIGHTS If you desire to use DNSsafe in ways that these terms do not permit please contact RSA Data Security Inc 100 Marine Parkway Redwood City California 94065 USA to discuss alternate licensing arrangements Secure Shell SSH Copyright 2000 This License agreement including the Exhibits Agreement effective as of the latter date of execution Effective Date is hereby made by and between Data Fellows Inc a California corporation having principal offices at 675 N First Street 8th floor San Jose CA 95112170 Data Fellows and Process Software Inc a Massachusetts corporation having a place of business at 959 Concord Street Framingham MA 01701 OEM Portions copyright 1988 1994 Epilogue Technology Corporation Copyright c 1998 2007 The OpenSSL Project All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other ma
122. B 30 TCPWARE VMSLPRSMB qname PRECONN B 30 TCPWARE VMSLPRSMB RETRY INTERVAL B 30 TCPWARE VMSLPRSMB TIMEOUT B 31 TCPWARE VMSLPRSMB qname RETRY INTERV AL B 30 TCPWARE VMSLPRSMB qname TIMEOUT B 30 UCX DEVICE B 31 UCXSINET HOST B 31 UCXSIPC B 31 login interfaces 14 3 LOWERCASE 3 77 LPQ 5 6 LPR 5 8 LPRM 5 12 mail transferring 2 7 mailbox B 2 maintenance services 1 xxi messages exchanging 2 7 MULTINET SSHADD 16 32 MULTINET SSHAGENT 16 31 MULTINET SSHKEYGEN 16 28 MULTINET SFTP RETURN ALQ 17 8 MULTINET SSH SFTP SERVER DEBUG 17 9 B 21 N network drives accessing 2 8 functions controlling 2 10 interfaces programming 2 16 print services command LPQ 5 2 LPR 5 2 Index 5 Index LPRM 5 2 PRINT 5 2 programming interfaces FTP library 2 16 QIO programming interfaces 2 16 SNMP extendible agent 2 17 Socket library 2 16 TELNET library 2 16 token authentication functions 2 17 UCX compatibility services 2 16 testing tools FINGER 2 11 IDENT 2 11 NSLOOKUP 2 11 PING 2 12 TCPDUMP utility 2 12 TRACEROUTE 2 12 WHOIS 2 12 network print services 5 2 FTP commands SET 3 69 3 76 3 77 3 78 3 79 ACE Client API IPP print command option 5 18 SFTP2 qualifiers 17 12 TELNET command reference SET 12 21 TELNET commands SET 12 39 12 41 12 42 12 43 12 44 12 48 12 49 12 50 12 52 12 53 12 54 12 55 12 57 12 62 NTA device creating a permanent 12 9 handling a broken connecti
123. CAPE_CHARACTER char New escape character for issuing special RLOGIN commands The default escape character is the tilde character To close your session from your local host use a period as the escape command LOG file Logs a copy of the output to the specified file Output continues to be directed to SYSSOUTPUT while it is being recorded in the log file The default is no logging LOWERCASE default NOLOWERCASE LOWERCASE sends your local username to the remote host in lowercase the default NOLOWERCASE preserves any uppercase characters in the local username REALM reaim Assigns the name of the Kerberos realm Use if the Kerberos Server resides in a different realm than the local host Use with the AUTHENTICATION KERBVA qualifier and value RLOGIN converts realm to lowercase unless you enclose it in quotes TERMINAL SPEED baud Terminal speed in baud rate The default is the current speed of your terminal TERMINAL TYPE ftype Resets the current terminal type to the specified type The allowable types you can use to override the current type are VT100 VT200 VT300 and VT400 The remote terminal type is the same as the local terminal type If the terminal s virtual size rows columns or pixels changes during the RLOGIN session RLOGIN provides the remote host with the new information TRUNCATE n Truncates the local OpenVMS username to n number of characters The value must be greater than zero or t
124. CHO option SEND WILL ECHO is an invalid command Client TELNET does not allow the user to send this option negotiation to the TELNET Server BINARY or for the TRANSMIT BINARY option TRANSMIT BINARY SGA or SUPPRESS GO AHEAD for the SUPPRESS GO AHEAD option 12 38 SET NO AO TELNET Connecting to Remote Terminals SET NOJAO Defines changes or disables the abort output AO character During a TELNET session if you enter the defined AO character Client TELNET sends the TELNET AO control function to the server instead of the actual character Ignored if TN3270 mode is active Format SET AO char SET NOAO Parameter char When entered this character sends the TELNET AO control function to the server You can specify this character in either of the following formats Numeric ASCII value of the character String Character string enclosed in quotes Specify control characters by typing a caret before the character There is no default AO character Define the initial AO character using the TCPWARE TELNET AO logical name in the process job group or system logical name tables To define the logical use one of the following formats DEFINE PROCESS TCPWARE TELNET AO 15 5 DEFINE PROCESS TCPWARE TELNET AO 0 Both commands set the AO character to Ctz1 0 ASCII 15 They are equivalent Qualifiers FLUSH default NOFLUSH If you specify FLUSH Client
125. CHOD FINGERD INDENT QUOTED and TFTPD PATHWORKS Support Use TCPware as a transport for HP s PATHWORKS products running between the OpenVMS system and a PC 1 7 PART I Introduction Table1 2 TCP IP Services Continued This Service Provides Routing Supports enhanced routing and multiple gateways and includes the GateD protocol which combines RIP HELLO OSPF EGP BGP and the Router Discovery Protocol for distributing routing information Supports the Classless Inter Domain Routing CIDR protocol for more efficient use of Class B IP addresses TCPware Products for the PDP 11 Operating Systems Process Software offers TCP IP networking software products for the HP PDP 11 operating systems Order the following TCPware products for the PDP 11 systems from Process Software TCPware for RSX TCPware for RT 11 TCPware for TSX TCPware for IAS Although these products function differently from TCPware for OpenVMS they solve many networking problems between dissimilar computer systems Figure 1 3 shows some of the many dissimilar systems TCPware can connect Figure 1 3 HP Operating Systems Connected by TCPware TCPware for OpenVMS runs on these systems You can network to these computers using other TCPware products from Process Software 1 8 OpenVMS Micro VMS VMS Ethernet or other LAN MicroRSX RT 11 TSX
126. CP2 should wait for a response to the INITIALIZE command from the server program This is a VMS delta time number The default is 2 minutes TCPWARE SCP2 VMS MODE BY DEFAULT When defined to TRUE YES or 1 this logical chooses the VMS qualifier if TRANSLATE VMS or NOVMS has not been specified TCPWARE SFTP CASE INSENSITIVE This logical causes SFTP to treat filenames in a case insensitive manner when it is defined to TRUE YES or 1 TCPWARE SFTP FALLBACK TO CBT True Yes 1 When this logical is defined to TRUE YES or 1 and files are being transferred in VMS mode a contiguous file will be created as contiguous best try if there is insufficient space to create it as contiguous TCPWARE SFTP FILE ESTIMATE THRESHOLD This logical controls the minimum number of blocks that a text file must be for an estimated transfer size to be returned instead of an exact size The default is to estimate the transfer size for all text files TCPWARE SFTP DEFAULT FILE TYPE REGULAR If this logical is defined to TRUE YES or 1 then the SFTP server will use a default file type of REGULAR instead of UNKNOWN for OPEN operations This can correct problems with filenames without a dot in them getting dir added to them The filename will appear with a at the end of the name in directory listings TCPWARE SFTP MAXIMUM PROTOCOL VERSION This logical can be used to limit the version of the SSH File Transfer Protocol that the SFT
127. CPWARE LPRSM qname PRECONN TCPWARE NAMED MAX CACHE TTL NAMED checks the SYSTEM EXECUTIVE logical table for this logical value and sets the maximum cache time in seconds to be that value Use this logical to override the default one week 604800 seconds to a maximum cache time more appropriate for your system DEFINE SYSTEM EXECUTIVE TCPWARE NAMED MAX CACHE TTL 86400 The server reads this logical the next time it starts If you do not want to wait for the server to start you can make the change to the running server by using the NETCU SET NAMED MAX TTL command Any data now written to the cache remains there for 86400 seconds one day TCPWARE NAMESERVERS When an application needs to resolve a host name or internet address the client queries the first name server this logical defines The client continues to query the other name servers on its list until it receives an answer or the list is exhausted TCPWARE NFS ACCESS IDENTIFIER Specifies the name of a rights identifier you want assigned to all NFS users You can then modify the access control lists ACLs of files to grant or deny access to holders of the rights identifier The default is null no rights identifier OpenVMS files protected by ACLs should have the UIC based protection mask set to allow file access and the ACL set to deny access B 15 PART III Appendixes Table B 1 TCPware Logicals Continued TCPWARE NFS DFLT GID TCPW
128. Command gt Ctr1 C TELNET SET PRINT FILE PRINTFILE TXT APPEND TELNET RESUME Command gt quit F11 P TELNET gt QUIT TYPE PRINTFILE TXT shows file screen is appended onto existing file gt Sample Session This section shows a sample Client TELNET session See Example 12 10 for the corresponding numbered steps In this sample session a user on IRIS 1 Starts TELNET Enters the SHOW STATUS command Connects to TULIP Logs in and does some work Note the appearance of the PASSCODE prompt since this user is protected using TCPware s Token Authentication A U N Enters the escape attention character to return to the TELNET prompt Changes the escape attention character and enters a SHOW STATUS command Enters the RESUME command to return to TULIP Logs out of TULIP Exits TELNET lt lt 12 19 PART II User Functions Example 12 10 Sample Client TELNET Session Iris TELNET TELNET SHOW STATUS Client TELNET V5 9 1 Copyright c 2007 Process Software No connection established Terminal type list VT300 DEC VT300 IBM 3278 2 N is the escape attention character TELNET gt OPEN TULIP STCPWARE TELNET I TRYING trying tulip flower com telnet 192 168 1 56 23 STCPWARE TELNET I ESCCHR escape attention character is n N M SunOS UNIX 4 1 tulip flower com ttyp2 login root Password PASSCODE Last login Wed Feb 21 10 57 25 from 198 168 1 105 Su
129. DE 4 If you never received a PIN before enter the code that is currently displaying on your SecurID token at the Enter PASSCODE prompt If your token previously had a PIN and the administrator did not clear it when setting it in New PIN mode For Standard Card and Key Fob only Enter the old PIN and right after it the code that is currently displaying on your token Do not separate the two with a space For PINPAD only Enter the old PIN into the card and press the diamond u near the bottom of the card Then at the Enter PASSCODE prompt enter the code displayed on the card 5 Press Return If you entered the code incorrectly the system displays an Access denied message Try again Once you enter a valid tokencode you are prompted to perform the New PIN operation 6 If the prompt reads Enter your new PIN containing 4 to 8 characters or Press Return to generate a new PIN and display it on screen or Ctrl d to cancel the New PIN procedure do one the following and go to Step 8 Otherwise go to Step 7 now e fanyone else can see your screen press Ctr1 D to cancel the operation and leave your token in New PIN mode e Ifyou want the system to generate a PIN for you and no one else can see your screen press Return Your PIN is displayed for 10 seconds or until you press Return Ifyou want to create your own PIN and no one else can see your screen enter the PIN you would like to use again remembering the guideline
130. E PROCESS TCPWARE TELNET FLUSH Qunn Both commands set the flush character to ctr1 o ASCII 15 They are equivalent Examples 1 Each of these equivalent commands sets the flush character to ctr1 0 ASCII 15 TELNET gt SET FLUSH o TELNET SET FLUSH 15 2 Removes the previous character definition if any for the flush feature TELNET gt SET NOFLUSH 12 52 SET NOJFORWARD TELNET Connecting to Remote Terminals SET NOJFORWARD Defines changes or disables the forward one session FORWARD character If you enter the defined FORWARD character during a TELNET session the next numbered session becomes active The next numbered session is the session with the next highest session number than the current session If the current session already has the highest session number the session with the lowest session number becomes active If there is only one active session available that session remains active In this case SET FORWARD has no effect Ignored if TN3270 mode is active Format SET FORWARD char SET NOFORWARD Parameter char When entered this character causes the next numbered session to become active You can specify this character in either of the following formats Numeric ASCII value of the character String Character string enclosed in quotes Specify control characters by typing a caret before the character There is no default FORWARD character Define t
131. EN command or any other command that accepts a node specification Graphical User Interface Equivalent TCPware FTP OpenVMS File Transfers Connection Open Format OPEN host username password account If you Supply the host username password and account if required with the command you are not prompted for them separately Omit the parameters from the command line you are prompted for them Use the OPEN command non interactively for example a batch job and do not want to be prompted for a username password and account then include the parameters on subsequent lines after the OPEN command in the command file Want to be prompted for a password do not submit the command file with a batch job The display does not echo the password or account information After a connection is open you do not have to specify the parameters for remote files Synonym CONNECT Parameters host Name or internet address of the remote host to which you want to connect OPEN supports any valid hostname syntax including an internet address username Username on the remote host Enclose the username in quotes if the case is important or it contains special characters For a null username use a pair of quotation marks password Password on the remote host Enclose the password in quotes if the case 1s important or it contains special characters For a null password use a pair of quotation marks
132. FTP operations after the startup command file Note VERBOSE mode is set ON by default so that you can read replies from the FTP server when you connect or change server directories This means that you do not need to include the SET DEBUG CLASS REPLIES or its equivalent VERBOSE command in the startup command file Although an existing SET DEBUG CLASS REPLIES command in the file does not change the mode a VERBOSE command toggles VERBOSE mode OFF See the SET DEBUG CLASS command description in the Command Reference If you are an ANONYMOUS user VERBOSE mode might help in reading any informational messages the FTP server creates Figure 3 9 Setting Up a Startup Command File CREATE FTP STARTUP COM OPEN IRIS SMITH Sandy SHOW STATUS 2 lt Ctrl z gt EDIT LOGIN COM 3 DEFINE PROCESS FTP_STARTUP SYS LOGIN FTP_STARTUP COM lt Ctrl z gt 4 FTP 220 IRIS process com 192 168 12 34 5 FTPD V5 5 c 2001 Process Software 331 Password required 230 Welcome to OpenVMS VAX V6 2 IRIS with TCPware 5 5 230 User logged in proceed 257 SYS SYSROOT SYSMGR Client FTP V5 5 Copyright c 2001 Process Software Connected to IRIS process com 192 168 12 34 Logged in as user SMITH The local default is ENG DOC ENGINEERING SMITH The remote working directory is SYSSIRIS SMITH Default qualifiers are VMS gt 3 17 PART II User Functions Site Specific Commands T
133. File Transfer Table 17 3 SFTP2 Commands LS a c C t u z R 1 S r Displays the contents of the current lt file gt directory or specified directory in UNIX format Lists the names of files on the remote server For directories contents are listed When the R is given directory trees are listed recursively By default subdirectories of the arguments are not visited When the option is given permissions owners sizes and modification times are also shown When the S options is specified sorting is based upon file size instead of alphabetically The r option reverses the sort order When no arguments are given it assumes that the contents of current working directory are being listed If a is specified then and are included If c is specified then files are sorted by creation time If C is specified then compact format is displayed If t is specified then files are sorted by modification time If u is specified then files are sorted by access time z is like 1 but the information is formatted locally If any combination of c t and u are specified then only the last one is used Ls will fill a screen with output then wait for the user to decide if they want more or have seen enough LSROOTS Displays the virtual roots of the server This VanDyke Software s V Shell extension Without this you can t know the filesystem structure of a V Shell server
134. For example an output symbiont transfers data from disks to line printers See print symbiont TALK Utility that allows users to exchange messages they type in their terminal windows with other local or remote users TELNET Application layer protocol that allows a user at a client host to log in to a server host The user s terminal at the client host appears to the server as a directly connected terminal Services Terminal Emulation Transport protocol that provides NetWare workstations access to any OpenVMS systems Terminal Server Print Provides an efficient way for OpenVMS users to send print Services requests to printers attached to TCP IP based terminal servers Users on the host can easily gain access to printers attached to a terminal server as if they were any other OpenVMS printer ticket Kerberos authentication entity that allows a user to prove his identity to an application server by way of a third party Kerberos server TIMED Time Synchronization Protocol TSP or Protocol that synchronizes the clocks of the various hosts in a LAN Also know as timed TN3270 Mode used in TELNET to communicate with IBM 3278 n terminal models token authentication An authentication system that allows you to set additional security restrictions on your FTP TELNET RLOGIN and SET HOST logins Authentication takes place through a physical SecurID token smart card that you use to provide th
135. GENT 2 Spawn it as a subprocess SPAWN NOWAIT SSHAGENT 3 Run it in a detached process RUN DETACHED OUTPUT AGENT OUT INPUT NLA0 PROCESS NAME SSH AGENT SSH EXE SSH AGENT2 The agent is used for Publickey Authentication when logging to other systems using SSH A connection to the agent is available to all programs run by all instances of the user on a specific system The name of the mailbox used for communicating with the agent is stored in the TCPWARE SSH AGENT username logical name Note that while the agent mailbox is accessible only by the user that starts the agent a user with sufficient VMS privileges could access the agent mailbox and steal or modify keys currently loaded into the agent although the keys as stored on disk cannot be modified simply by accessing the agent 16 31 Accessing Remote Systems with the Secure Shell SSH Utilities The agent does not have any private keys initially Keys are added using SSHADD When executed without arguments SSHADD adds the user s identity files If the identity has a passphrase SSHADD asks for the passphrase It then sends the identity to the agent Several identities can be stored in the agent the agent can use any of these identities automatically SSHADD LIST displays the identities currently held by the agent The idea is that the agent is run on the user s workstation FILES SSH IDENTITY Contains the RSA authentication identity of the user This file sho
136. H1 implementation is based on the V1 5 protocol and 1 3 7 F Secure code base and the SSH2 implementation is based on the V2 protocol and the WRQ RSIT 6 1 0 code base While SSH2 15 generally regarded to be more secure than SSHI both protocols are offered by TCPware and although they are incompatible they may exist simultaneously on server systems including TCPware servers The SSH client identifies the protocol s offered by any given server If both SSH2 and SSHI protocols are offered the client will always use SSH2 Otherwise the client will use the correct protocol based on the server s capability The cryptographic library used by TCPware SSH2 this does not apply to SSH1 sessions is FIPS 140 2 level 2 compliant as certified by the Computer Security Division of the National Institute of 16 1 Accessing Remote Systems with the Secure Shell SSH Utilities Science and Technology NIST 16 2 Accessing Remote Systems with the Secure Shell SSH Utilities Secure Shell Client remote login program SSH Secure Shell is a program for logging into and executing commands on a remote system It replaces rlogin rsh and telnet and provides secure encrypted communications between two untrusted hosts over an insecure network X11 connections and arbitrary TCP IP ports can be forwarded over the secure channel SSH connects and logs into the specified hostname The user must prove his her identity to the remote system using one of
137. ICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE This product includes cryptographic software written by Eric Young eay cryptsoft com This product includes software written by Tim Hudson tjh cryptsoft com Copyright C 1995 1998 Eric Young eay cryptsoft com rights reserved This package is an SSL implementation written by Eric Young eay cryptsoft com The implementation was written so as to conform with Netscapes SSL This library is free for commercial and non commercial use as long as the following conditions are aheared to The following conditions apply to all code found in this distribution be it the RC4 RSA Ihash DES etc code not just the SSL code The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson tjh cryptsoft com Copyright remains Eric Young s and as such any Copyright notices in the code are not to be removed If this package is used in a product Eric Young should be given attribution as the author of the parts of the library used This can be in the form of a textual message at program startup or in documentation online or textual provided with the package Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met
138. IL LOCASE USERNAME B 27 VMSMAIL NO EXQUOTA B 28 VMSMAIL REPLY CONTROL B 28 VMSMAIL USE RFC822 TO HEADER B 28 WINDOW SIZE B 26 SNMP logical DEBUG B 27 spoofing DNS 16 4 IP 16 4 routing 16 4 SSH authentication agent 16 31 break in and intrusion detection 16 5 command options 16 7 host based authentication example 16 15 logicals ALLOW EXPIRED PW B 27 ALLOW PREEXPIRED PW B 27 KEYGEN MIN PW LEN B 27 PARAMETERS B 27 SSH DIR B 1 SSH EXE B 2 SSH LOG B 2 SSH MAX SESSIONS B 2 SSH TERM MBX B 2 Index USE SYSGEN LGI B 27 public key authentication example 16 16 server system authentication 16 3 session termination 16 6 X11 forwarding 16 6 SSH command ALLOW_REMOTE_CONNECT 16 7 CIPHER 16 7 COMPRESSION 16 7 DEBUG 16 7 ESCAPE_CHARACTER 16 7 LOCAL_FORWARD 16 7 LOG_FILE 16 7 NO_AGENT_FORWARDING 16 8 OPTION 16 7 PORT 16 7 REMOTE_FORWARD 16 7 VERSION 16 8 SSH files CONFIG 16 23 HOSTS EQUIV 16 26 IDENTITY 16 24 IDENTITY 16 23 IDENTITY PUB 16 24 KNOWN_HOSTS 16 25 RANDOM_SEED 16 25 RHOSTS 16 26 SHOSTS 16 26 SSH_KNOWNHOSTS_DIR 16 27 SSH2_DIR SSH2_CONFIG 16 26 SSH_DIR RHOSTS 16 26 SHOSTS 16 26 SSH_SCP_SERVER_DEBUG B 2 SSH2 client configuration 16 6 client keyword AllowedAuthentication 16 8 AuthenticationNotify 16 8 AuthorizationFile 16 9 BatchMode 16 9 Ciphers 16 9 ClearAllForwardings 16 9 Compression 16 9 DebugLogFile 16 9 DefaultDomain 16 9 EscapeChar 16 9 ForwardAgent 16 9 Forw
139. If you use OPEN at the DCL level see the second example include the password on the same command line 3 55 PART II User Functions OPEN If you are designated by the system administrator as having password authentication using Token Authentication you need to enter the PASSCODE in place of the password Depending on which type of SecurID card you were assigned Enter a combination of your personal identification number PIN and the tokencode that appears on the card with no separating space as the password or Enter your PIN on the PINPAD card and the resulting tokencode that appears on the card as the password See Chapter 15 Token Authentication Protecting Logins for details on obtaining PASSCODEs account Account on the remote host Enclose the account in quotes if the case is important or 1t contains special characters Qualifiers PORT port Port number for the remote FTP server If omitted Client FTP uses port number 21 TIMEOUT time Timeout time in seconds to establish the FTP control connection If omitted the timeout time is 120 seconds 2 minutes Minimum value is 20 seconds TLS Negotiate with the server to perform TLS authentication as per RFC 4217 The certificate delivered by the server is checked and self signed certificates may be rejected if desired After performing the negotiation user authentication takes place over an encrypted connection Note Data transfers will not be encrypted u
140. Kerberos Server See Chapter 4 Kerberos User Commands for details on getting a TGT With Kerberos V4 authentication you can specify the Kerberos realm using the REALM qualifier If omitted the TCPWARE KERBV4 REALM logical value determines the realm RLOGIN first tries to use Kerberos V4 authentication if requested then falls back to using standard authentication if Kerberos authentication fails To close an RLOGIN connection simply log out of the remote system If you are designated by the system administrator as having password authentication using Token Authentication you need to enter the PASSCODE in addition to the username and password at a separate PASSCODE prompt Depending on which type of SecurIDW card you were assigned do one of the following Enter a combination of your personal identification number PIN and the tokencode that appears on the card with no separating space at the PASSCODE prompt 8 1 PART II User Functions Enter your PIN on the PINPAD card and the resulting tokencode that appears on the card at the PASSCODE prompt See Chapter 14 Token Authentication Protecting Logins for details on obtaining PASSCODEs 8 2 RLOGIN RLOGIN Logging In to a Remote Host RLOGIN Logs in to a remote host from your local host without entering a remote username and password The remote host must provide 1ogin service for standard authentication or the k1ogin service for Kerberos version 4 authe
141. LE BY DEFAULT If you define this logical the FTP server starts in UNIX emulation mode The in the logical represents where defined values go Defined values can be either alpha or numeric DEFINE NOLOG TCPWARE FTP UNIX STYLE BY DEFAULT When sending the command from a non OpenVMS client a space is required between the file specification and the qualifier For example GET filename LOG Previous command syntax ftp gt put xx x x image 2048 New command syntax ftp gt put x x x x image 2048 You can disable this feature so that the FTP server can accept an OpenVMS transfer mode qualifier without including the space between the file specification and the qualifier To disable this requirement define the logical DEFINE TCPWARE FTPD NOUNIX SYNTAX TRUE TCPWARE FTP UNIX STYLE CASE INSENSITIVE Allows UNIX style filename handling to be case insensitive The in the logical represents where defined values go Defined values can be either alpha or numeric DEFINE NOLOG TCPWARE FTP UNIX STYLE CASE INSENSITIVE TCPWARE FTPD NOUNIX SYNTAX When sending a command to a non OpenVMS client a space is required between the file specification and the qualifier For example FTP gt GET filename LOG Previous command syntax ftp gt put xx x x image 2048 New command syntax ftp gt put x x x x image 2048 You can disable this feature so that the FTP server can accept an OpenVMS transfer mode qualifier with
142. LF gt line feed added to the end of each record The in the logical represents where defined values go Defined values can be either alpha or numeric DEFINE TCPWARE FTP SEMANTICS FIXED IGNORE CC TCPWARE FTP SERVER LOG LIMIT By setting this logical in the LOGIN COM file you can specify that log files be retained Set the logical name to a dash to retain all log files or specify a number in the range of 1 to 32000 Directory size restrictions limit the number of potential files that can actually be created If you do not specify a number or value one log file is created or overwritten for each FTP session Use the DCL PURGE command to delete unneeded log files The following example specifies that 42 log files be retained DEFINE TCPWARE FTP SERVER LOG LIMIT 42 TCPWARE FTP STRIP VERSION Causes VMS mode output to have no versions The in the logical represents where defined values go Defined values can be either alpha or numeric DEFINE NOLOG TCPWARE FTP STRIP VERSION TCPWARE FTP USE SRI ENCODING ON ODSS5 The logical TCPWARE FTP USE SRI ENCODING ON ODSS can be defined to 1 TRUE or YES to cause the file name encoding used for UNIX style file names on ODS 2 disks to be used on ODS 5 disks This also sets the default case of letters in filenames to lowercase and ignores the stored case 3 25 PART II User Functions Tro Table 3 6 TCPware FTP Logicals for Users TCPWARE FTP UNIX STY
143. LOCK SIZE has not been specified and can be used to transfer a file that contains VMS records to a system that can only handle flat files RENAME lt oldfile gt lt newfile gt Renames file on the remote system RM lt file specification Removes the specified file from the remote system RMDIR directory specification Deletes a directory on the remote system SETEXT lt ext gt lt ext2 gt Sets the list of file extensions to use ASCII transfers when in AUTO mode Individual file extensions must be separated by spaces STATUS Shows the transfer mode remote server name and remote server version The current newline sequence is displayed if operating in ASCII or AUTO mode SYMLINK lt targetpath gt lt linkpath gt Creates symbolic link lt J inkpath gt which will point to lt targetpath gt Not valid for VMS systems as VMS does not have symbolic links 17 19 Secure File Transfer Table 17 3 SFTP2 Commands VERBOSE Enables verbose mode identical to DEBUG 2 command line option You may later disable verbose mode by debug disable VMS Sets the transfer mode to include VMS file information Logicals The following logicals are specific to SFTP2 TCPWARE SFTP VMS MODE BY DEFAULT When defined to TRUE YES or 1 this logical chooses the VMS qualifier if NOVMS has not been specified Configuration File Parameters The system wide configu
144. List Directory R Read S Spawn W Write DEFINE SYSTEM EXECUTIVE TCPWARE FTP ANONYMOUS ACCESS WDS Will prevent the user ANONYMOUS from storing files on the system deleting files that are present on the system or using the site specific spawn command TCPWARE FTP ADD CC ON FIXED RECORD FILES When the logical TCPWARE FTP ADD CC ON FIXED RECORD FILES is defined to TRUE and a file is transferred as TYPE IMAGE with QUOTE SITE RMS BLOCK OFF in effect the FTP server will separate the records of a fixed length record file with the linefeed character This is useful for avoiding the explicit conversion necessary when transferring the file to a non VMS system with an FTP client that is not able to do record mode transfers TCPWARE FTP ALL VERSIONS Requests the NLST and LIST commands to display all versions of the specified files If TCPWARE FTP ALL VERSIONS is defined TCPWARE FTP STRIP VERSION has no effect TCPWARE FTP ALL VERSIONS is ignored if the FTP server is in UNIX emulation mode B 5 PART III Appendixes Table B 1 TCPware Logicals Continued TCPWARE FTP ALLOWCAPTIVE By default the FTP server does not allow file transfers for CAPTIVE accounts Defining this logical allows CAPTIVE accounts to use all FTP commands except SITE SPAWN DEFINE SYSTEM EXECUTIVE TCPWARE FTP ALLOWCAPTIVE You must modify the CAPTIVE account procedure to allow the FTP server to start the data transfer process
145. Locator URL from your World Wide Web browser http www process com VAX WAN VAX WAN Device Drivers Specifications available from HP for details on the device drivers TCPware for OpenVMS supports DSV11 DSB32 and DST32 DECwindows VMS DECwindows User 5 Guide and the VMS DECwindows Motif User 5 Guide available from HP Domain Name Services DNS Albitz Paul amp Cricket Liu DNS and Bind O Reilly Associates Dynamic Host Configuration Protocol DHCP Droms Ralph and Ted Lemon The DHCP Handbook Understanding Deploying and Managing Automated Configuration Services 1999 Macmillan Technical Publishing 201 West 103rd Street Indianapolis IN 46290 ISBN 1 57870 137 6 Ethernet Ethernet Data Link Layer and Physical Layer Specifications available from HP or from your Ethernet controller s hardware documentation FDDI A Primer on FDDI Fiber Distributed Data Interface available from HP for details about the features topologies and components of the FDDI local area network standard Gateway Routing Daemon GATED On the World Wide Web use URL http www gated org References Table A 2 Additional Documentation Continued For Details on See HYPERchannel HYPERchannel H269 driver hardware H269 Rel 1 2 Network Adapter Driver for DEC VAX VMS Installation Manual and User 5 Guide available from Network Systems Corporation Minneapolis MN
146. MS FTP Transferring Files SET NO VMS Controls whether the Client FTP negotiates for VMS file structure with the FTP server when opening a connection The default is SET VMS where the client negotiates with the server to use File Descriptor Language FDL information Client FTP first queries if the server supports VMS file transfer mode If not it queries for VMS Plus file transfer mode such as with HP s TCP IP Services for OpenVMS UCX server In connecting to a TCPware or other OpenVMS server the VMS file structure transfer mode is used See Table 3 2 for more information Note OPEN VMS or OPEN NOVMS overrides SET VMS and SET NOVMS Format SET VMS default SET NOVMS PART II User Functions SHOW STATUS SHOW STATUS Displays the following information about your present FTP session Remote hostname and internet address if you are connected to a remote host Username on the remote host if you are connected and logged in Local default directory Remote default directory 1f you are logged in to a remote host and that host supports the FTP PWD command Record size to be used with the IMAGE qualifier Defaults that are defined by the SET DEFAULT command for the COPY GET PUT and DELETE commands Format SHOW STATUS Synonym STATUS Example 3 80 The following shows the status for the current connection FTP gt SHOW STATUS Connected to ALPHA 192 168 1 1 Logged in as user SMITH The local defaul
147. N SSH1 BITS n IDENTITY FILE file PASSPHRASE passphrase COMMENT comment CHANGE PASSPHRASE PASSPHRASE old passphrase NEW PASSPHRASE new passphrase CHANGE COMMENT PASSPHRASE passphrase COMMENT comment CHANGE CIPHER IDENTITY FILE file PASSPHRASE passphrase HOST BITS n COMMENT comment Table 16 4 SSH1 SSHKEYGEN Options Option Description BITS nnn Specify key strength in bits default 1024 CHANGE_PASSPHRASE Change the passphrase of private key file CHANGE_COMMENT Change the comment for a key CHANGE_CIPHER Change the cipher to current default 3DES COMMENT comment Provide the comment HOST Generate the host key IDENTITY FILE file Specify the name of the host key file PASSPHRASE ppp Provide the current passphrase NEW_PASSPHRASE ppp Provide new passphrase VERSION Print sshkeygen version number SSH2 NETCU SSHKEYGEN SSH2 BITS n COMMENT comment KEYTYPE type QUIET KEYS key1 keyn PASSPHRASE ppp NOPASSPHRASE STIR file NETCU SSHKEYGEN SSH2 HOST BITS n COMMENT comment STIR file QUIET NETCU SSHKEYGEN SSH2 DERIVE KEY file NETCU SSHKEYGEN SSH2 EDIT file NETCU SSHKEYGEN SSH2 FINGERPRINT file NETCU SSHKEYGEN SSH2 INFO file BASE n 16 28 Accessing Remote Systems with the Secure Shell SSH Utilities NETCU SSHKE
148. NAME Specifies the internet addresses of up to three name servers the client can query The client reads this information from this logical through CNFNET B 3 PART Ill Appendixes Table B 1 TCPware Logicals Continued TCPWARE FTP 220 REPLY Defines a message displayed when a user connects to the server and can log in This message replaces the default message For example you can define the welcome text equivalence string as follows DEFINE SYSTEM EXECUTIVE TCPWARE FTP 220 REPLY _ AUTHORIZED USE ONLY bart nene com 192 168 34 56 _ FTP OpenVMS FTPD V5 9 c 2007 Process Software Alternately you can include the last three equivalence strings in an WELCOME TXT file and define the logical as follows DEFINE SYSTEM EXECUTIVE TCPWARE FTP 220 REPLY _ GSYSSMANAGER FTP WELCOME TXT In either case when a user connects to a host the message appears as follows 220 AUTHORIZED USE ONLY 220 bart nene com 192 168 34 56 220 FTP OpenVMS FTPD V5 9 c 2007 Process Software Username TCPWARE FTP 221 REPLY Defines a message to appear when a user ends the FTP session If not defined TCPware uses the default message You can define a text string or file DEFINE SYSTEM EXECUTIVE TCPWARE FTP 221 REPLY _ Connection to FTP server has been closed Now when the user closes the FTP connection the following message appears 221 Connection to FTP server has
149. NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE The licence and distribution terms for any publically available version or derivative of this code cannot be changed i e this code cannot simply be copied and put under another distribution licence including the GNU Public Licence other trademarks service marks registered trademarks or registered service marks mentioned in this document are the property of their respective holders TCPware is a registered trademark and Process Software and the Process Software logo are trademarks of Process Software Copyright 1997 1998 1999 2000 2002 2004 Process Software Corporation rights reserved Printed in USA Copyright 2000 2001 2002 2005 2007 Process Software rights reserved Printed in USA If the examples of URLs domain names internet addresses and web sites we use in this documentation reflect any that actually exist it is not intentional and should not to be considered an endorsement approval or recommendation of the actual site or any products or services located at any such site by Process Software Any resemblance or duplication is strictly coincidental Contents Preface Introducing 1 8 ener nennen nennen nnne trennen enn Xix What You Need to Know xix How
150. NONYMOUS or NOANONYMOUS qualifier affects the following FTP commands COPY CREATE DIRECTORY DELETE DIRECTORY DISPLAY GET LS MDELETE MGET MKDIR MPUT PUT RENAME RMDIR SET DEFAULT Figure 3 8 shows examples of how to allow or deny anonymous user access to remote resources 3 15 PART II User Functions Figure 3 8 Anonymous User Access The following examples assume a user with E rral address 53127 coawanting accessto anonymous directories on DELTA FTP gt DIRECTORY DELTA This is equivalertto FTP gt DIRECTORY DELTA ANONYMOUS SQM HOMER COM which is also equivalrtto DELTA ANONYMOUS SAM HOMER COM FTP gt DIRECTORY FTP gt COPY DELTA QSTUFF TAT This copies the STUFF TXT file from the anonymous directory on remote DELTAtothe local host and is the same as FTP COPY DELTA JSTUFF TXT ANONYMOUS 2 which is equivalertto FTP gt COPY DELTA ANON YMOUS SAM HOMER COM STUFF TAT FTP gt DELTA J 1 This copies the entire anonymous login directory on DELTAto the local host andis equvdertto FTP gt MGET DELTA ANONYMOUS SAMEHOMER COM FTP gt SET DEFAULT DELTA 1 FTP gt CD DELTA Both equivalent commands set the remote directory to the anonymous drectory on DELTAand ae equivalentto FTP gt SET DEFAULT DELTA ANON YMOUS SAMEDGHOMER COM FTP gt GET DELTA J STUFF TXT NOANONYMOUS 2 This disables access to the anonymous directory
151. OMAINS Tells the SMTP server to reject mail from domains whose names and addresses cannot be resolved in a reverse lookup TCPWARE SMTP REPLY TO Specifies an address for a Reply To header in outgoing mail TCPWARE SMTP RESENT HEADERS Causes the inclusion of Resent headers in mail forwarded from a VMS Mail account using SET FORWARD in VMS Mail TCPWARE SMTP RETRY INTERVAL Specifies the retry interval for messages waiting for an attempted redelivery The time is specified as a delta time TCPWARE SMTP RETURN INTERVAL Specifies the amount of time a given message delivery should be retried before giving up and bouncing the message back to the sender The time 15 specified as a delta time B 25 PART III Appendixes Table B 1 TCPware Logicals Continued TCPWARE SMTP RETURN MSG Specifies an input filename for the return message SMTP sends when a mail message bounces TCPWARE SMTP RETURN RECEIPT TO HEADER ENABLE Enables the Return Receipt To header if the TCPWARE SMTP HEADER RETURN RECEIPT TO logical is also defined TCPWARE SMTP SEND CLASS Specifies the VMS broadcast class for New mail notifications The default is USER16 TCPWARE SMTP SERVER DISABLE VRFYEXPN Disables the VRFY and EXPN commands in bitmask format to the SMTP server Bit 0 VRFY Bit 1 EXPN TCPWARE SMTP SERVER LOG Enables debug logs for the SMTP server TCPWARE SMTP SERVER RCPT CHECK HOST The
152. OPEN host Itis the only session Keeps you in TELNET There are other sessions Keeps you in TELNET with the other sessions open TELNET host Itis the only session Exits TELNET There are other sessions Keeps you in TELNET with the other sessions open If you close the current session and there are other connected sessions Client TELNET resets the current session to the next session TELNET gt CLOSE session number closes only the specified session as indicated by the SHOW STATUS command TELNET gt EXIT exits TELNET TELNET gt QUIT exits TELNET TELNET gt BYE exits TELNET TELNET gt Ctrl Z interrupts TELNET 12 5 PART II User Functions See the OPEN CLOSE EXIT and SHOW STATUS commands in the Command Reference Example 12 3 Closing TELNET Sessions IRIS TELNET TELNET gt OPEN BART STCPWARE TELNET I TRYING trying telnet 192 168 1 92 23 STCPWARE TELNET I ESCAPE escape character is login procedure to BART Ctr1 N TELNET OPEN MARGE BART remains open STCPWARE TELNET I TRYING trying marge nene com telnet 192 168 1 91 23 STCPWARE TELNET I ESCAPE escape character is N login procedure to MARGE MARGE Ctrl WN TELNET SHOW STATUS Client TELNET V5 9 1 Copyright c 2007 Process Software Connected sessions 1 bart nene com telnet 192 168 1 92 23 2 marge nene com telnet 192 168 1 91 23
153. ORTRAN mode The first character of each record is a FORTRAN carriage control character Some hosts do not recognize this transfer format IMAGEJesize Transfers the preceding file in image mode Optional size sets the record size of the local output file see Table 3 2 Does not apply to remote output files The maximum size for this qualifier is 32768 RECORD Transfers the preceding file using STRU R so as to communicate the record structure during the copy Not all servers support record structure mode If you specify both RECORD and VMS Client FTP uses VMS VARIABLE Transfers an image file see IMAGE in variable length record mode At the destination site all IMAGE records have a fixed length Applies to local output image files only This qualifier has meaning only if the IMAGE qualifier is present VMS Transfers the preceding file in VMS file mode see Table 3 2 Allows you to transfer any type of RMS file between OpenVMS systems If you use VMS Client FTP ignores APPEND ASCII BINARY BLOCK FORTRAN IMAGE and VARIABLE If you specify both RECORD and VMS Client FTP uses VMS COPY FTP Transferring Files Other Qualifiers Non positional ANONYMOUS NOANONYMOUS Enables ANONYMOUS or denies NOANONY MOUS anonymous user access to remote resources You can omit ANONYMOUS if you use the node file syntax node pathname See Anonymous Users APPEND Appends the source file to th
154. OTE SITE RMS BLOCK OFF in effect the FTP server will separate the records of a fixed length record file with the linefeed character This is useful for avoiding the explicit conversion necessary when transferring the file to a non VMS system with an FTP client that is not able to do record mode transfers TCPWARE FTP ALL VERSIONS Requests the NLST and LIST commands to display all versions of the specified files If TCPWARE FTP ALL VERSIONS is defined the logical TCPWARE FTP STRIP VERSION has no effect TCPWARE FTP ALL VERSIONS is ignored if the FTP server is in UNIX emulation mode TCPWARE FTP DISALLOW UNIX STYLE Controls whether UNIX style filename parsing is done If not defined and a is found in the filename it is assumed to be a UNIX style filename The in the logical represents where defined values go Defined values can be either alpha or numeric DEFINE SYSTEM EXEC TCPWARE FTP DISALLOW UNIX STYLE FALSE TCPWARE FTP EXTENSION QUANTITY Defines the default allocation extention quantity for new files and appends The in the logical represents where defined values go Defined values can be either alpha or numeric DEFINE SYSTEM EXEC TCPWARE FTP EXTENSION QUANTITY n number of blocks TCPWARE FTP KEEP DIR EXT Sometimes the FTP server strips the DIR extension from the file name of a directory when the NLST function is requested The FTP server now looks for the logical TCPWARE FTPD KEEP DIR EXT and if
155. P Display help QUIET Don t display certificate information VALIDATE certificate Validate using the CA certificate certificate VERSION Display version information 16 36 Accessing Remote Systems with the Secure Shell SSH Utilities Example CERTVIEW MYCERT PKCS7 P7B 1 SSH2 CRT Certificate MYCERT PKCS7 P7B 1 SSH2 CRT Certificateissuer MAILTO fooGbar com C US ST CO L Denver CN FOOCA Certificate serial number 20668029027158235697617769792662904421 Certificate subject MAILTO fooGbar com C US ST CO L Denver CN FOOCA CMPCLIENT cmpclient options ca access url url subject subject cert file private key Description Allows users to enroll certificates It will connect to a CA certification authority and use the CMPv2 protocol for enrolling a certificate The user may supply an existing private key when creating the certification request or allow a new key to be generated Command Parameters url Specifies the URL for the Certification Authority Subject Specifies the subject name for the certificate For example c ca o acme ou development cn Bob Jones Cert file Specifies the file the certification is written to Private key Specifies the private key to be written to Valid Options BASE lt name gt Specify base prefix for the generated files BITS n Specify the key length in bits CA__URL lt
156. P IP functions supported by TCPware Table 1 2 TCP IP Services This Service Provides Cluster Load Balancing Have the domain name server assign a connection to a specific host to balance the cluster load Analogous to the load balancing services the LAT terminal service provides Database Support Connect Ingres Oracle RDB Progress and Sybase databases on OpenVMS and UNIX systems DECnet over IP Send DECnet data link layer packets point to point over TCP IP connection between two systems running TCPware DECwindows Supports DECwindows graphics oriented applications like Mail File View DECterm and Bookreader A remote X display user can also log in using the X Display Manager Server 1 5 PART I Introduction 1 6 Table 1 2 TCP IP Services Continued This Service Provides Interface Support Interface support which includes Ethernet Token Ring and LAT interfaces Send IP datagrams over Ethernet Token Ring LAN Emulation over Asynchronous Transfer Mode ATM and Classical IP over ATM CLIP networks Supports the Address Resolution Protocol ARP and Reverse ARP RARP Fiber Distributed Data Interface FDDI Send IP datagrams over high speed networks over FDDI controllers Supports ARP and RARP HYPERchannel Directly supports the UNIBUS QBUS MASSBUS and BIBUS interfaces Includes use of ARP to map host internet addresses to physical addresses IP
157. P client and Server use This can sometimes provide a work around for problems encountered with different implementations of the protocol The default value is 4 Protocol versions 2 and 3 are also used by popular implementations B 21 PART Ill Appendixes Table B 1 TCPware Logicals Continued TCPWARE SFTP NEWLINE STYLE This logical controls the newline style that SFTP uses Which can be helpful in transferring text files The values are UNIX If VMS If MAC cr If the logical is not defined or defined to any other value then lt gt lt 1 gt will be used for the text line separator as documented in the SSH File Transfer specification TCPWARE SFTP ODS2 SRI ENCODING This logical controls whether or not SRI encoding is used for filenames on VMS ODS 2 disks If the logical is not defined or is defined to TRUE YES or 1 then SRI encoding 15 used on ODS 2 disks for filenames that contain uppercase letters and special characters TCPWARE SFTP RETURN True Yes 1 When defined to TRUE YES or 1 and files are being transferred in VMS mode this logical causes the allocation quantity to be transmitted when a file is transferred Normally this value is only sent when necessary to avoid having an excessive amount of space allocated to a file when it is transferred from a disk with a large allocation cluster to a disk with a small allocation cluster TCPWARE SFTP TRANSLATE VMS FILE TYPES number
158. P over SSH2 protocol OpenSSH When this 1s defined the file SCP SERVER LOG is created in the user s login directory These files are not purged Larger values yield more debugging information Secure File Transfer TCPWARE SSH SFTP SERVER DEBUG Enables debugging messages for the SFTP SERVER2 image that provides service to SCP2 commands that use the SFTP protocol When this is defined the file SFTP SERVER LOG is created in the user s login directory These files are not purged Larger values yield more debugging information TCPWARE_SFTP_MAXIMUM_PROTOCOL_VERSION This logical can be used to limit the version of the SSH File Transfer Protocol that the SFTP client and Server use This can sometimes provide a work around for problems encountered with different implementations of the protocol The default value is 4 Protocol versions 2 and 3 are also used by popular implementations TCPWARE_SFTP_VMS_ALL_VERSIONS This logical controls whether or not all versions of a file are returned The values TRUE YES or 1 will return all versions any other value is to only return the name of the file without a version The default is to return only one filename without the version number TCPWARE_SFTP_NEWLINE_STYLE This logical controls the newline style that SFTP uses Which can be helpful in transferring text files The values are UNIX If VMS If MAC cr If the logical is not defined or defined to any other value then lt cr gt
159. RE FTP MESSAGE FILE B 9 TCPWARE FTP ONLY BREAK ON CRLF B 9 TCPWARE FTP PASSWORD WARNING MESSA GE B 9 TCPWARE FTP PASSWORD WARNING TIME B 9 TCPWARE FTP RECEIVE THRESHOLD B 9 TCPWARE FTP RECODE NONVMS FILE NAME S B 10 TCPWARE FTP ROOT B 10 TCPWARE FTP SEMANTICS FIXED IGNORE C C B 11 TCPWARE FTP SEMANTICS VARIABLE IGNOR E CC B 11 TCPWARE FTP SERVER DATA PORT RANGE B 11 TCPWARE FTP SERVER LOG LIMIT B 11 TCPWARE FTP SERVER RELAXED PORT COM MAND B 11 TCPWARE FTP STRIP VERSION B 12 TCPWARE FTP SYST BANNER B 12 TCPWARE FTP UNIX STYLE BY DEFAULT B 12 TCPWARE FTP UNIX STYLE CASE INSENSITIV E B 12 TCPWARE FTP username ROOT B 10 TCPWARE FTP WINDOW B 13 TCPWARE KERBV4 MAXAGE B 13 TCPWARE KERBV4 PRIMARY B 13 TCPWARE KERBV4 REALM B 13 TCPWARE KERBV4 RLOGIN B 13 TCPWARE KERBV4 RSHELL B 13 TCPWARE KERBV4 SRVTYP B 13 TCPWARE_KERBV4_TELNET B 13 TCPWARE_KERBV4_TKFILE B 13 TCPWARE LPD DEFAULT USER B 13 TCPWARE LPD OPTIONS B 13 TCPWARE LPD qname FORM B 14 Index TCPWARE LPD qname PARAMETER B 14 TCPWARE LPD qname QUEUE B 14 TCPWARE LPD qname OPTION B 14 TCPWARE LPD SPOOL B 14 TCPWARE LPR PRINTER B 14 TCPWARE LPR qname PRINTER B 14 TCPWARE LPR qname PRINTER DEFAULT B 14 TCPWARE_LPR_QUEUES B 15 TCPWARE LPR SPOOL B 15 TCPWARE LPRSM B 15 TCPWARE NAMED MAX CACHE TTL B 15 TCPWARE NAMESERVERS B 15 TCPWARE NFS ACCESS IDENTIFIER B 15 TCPWARE NFS DFLT GID B 16 TCPWARE NFS DFLT UID B 16 TCPWARE NFS DIRLIFE TIMER
160. RIGHT Find E1 Find Insert Here E2 Insert_Here 3 37 PART Il User Functions DEFINE KEY Table 3 7 Key Designations for Three Terminal Types Continued Key Name LK201 VT100 type VT52 Remove E3 Remove Select E4 Select Prev Screen E5 Prev Screen Next Screen E6 Next Screen HELP Help DO Do F6 F20 F6 F20 equivalence string String to substitute when you press the key If the string contains spaces enclose it in quotes Qualifiers ECHO NOECHO default ECHO displays the equivalence string on your screen after you press the key NOECHO is the default Do not use NOECHO with NOTERMINATE STATE state name NOIF STATE default STATE specifies a list of one or more state names an alphanumeric string for the key definition to be in effect If you specify only one state name you can omit the parentheses By including several state names you can define a key to have the same function in all the specified states NOIF STATE is the default where Client FTP uses the current state Establish states using SET STATE LOCK STATE NOLOCK STATE default LOCK STATE specifies that the state set by SET STATE remains in effect until explicitly changed NOLOCK STATE is the default meaning the state which has been set in effect by SET STATE is in effect only for the next definable key you press or the next read terminating character yo
161. RIPTION ets eee eii E tte he ied pi 16 32 OPTIONS bie OD OR RO PEE DE TUER 16 32 EIEES E e e a oet ied e oiu ei HE ete E Sa e Roe ha ape a epe eatis 16 33 CERT TOOL ices eot teer ERE ERA 16 33 Desctiptlon aite de tia ei ite tese I epu RS 16 33 Valid Options itte tte he deett n Eis 16 34 C 16 36 CERTVIEW i eid ere RE E er E e Qa e Put erroe e Reip 16 36 Description ces rete eee he e Cd eie pet dere deae ER 16 36 Valid Options us o SR ES Ute EROR TRU tei ead abd 16 36 Example icici eot tet ud me IR RS g 16 37 CMPCEIENT 16 37 Descriptions eoe eee NONE RT RESET 16 37 Command Parameters eR RR AR Ret delen 16 37 Valid Options toto toan ea RE d oe 16 37 Ib cnug rig E 16 39 Public key Subsystems 2 12 ee t A RO RI n tae eiae ete 16 39 Publickey Assistant Commands sese enne eren nnne 16 39 Publickey Assistant Qualifiers eese eee 16 40 Other Implementations uh qe a dte RR Ue ERR rund 16 40 Chapter 17 Secure File Transfer SCP SERVER us e pterea tte tse 17 2 SCP2 anui ERRORES PERDERE 17 2 USATE 17 2 17 3 Fale Specificalions aaa asset eee see E E 17 4 tione ied oo emt m Reo eei traten ted 17 7 SETP2
162. RM command line Format LPRM P printer job number username TCPware converts all uppercase letters to lowercase unless you enclose them in quotation marks e If you omit a job number or username and you own the job that is currently active TCPware removes the job Parameters job number Specifies which job you want removed from the remote queue If you omit this parameter TCPware removes the currently active job Use the LPQ command to display the job number of a job username Specifies the owner of the jobs you want removed from the remote queue TCPware removes all jobs the specified user owns You can remove jobs that you do not own from a remote queue only under these conditions The remote host is an OpenVMS host Your local account is mapped to an OpenVMS username that has OPER privilege on the remote host Use the LPQ command to display the usernames for all jobs 5 12 LPRM Network Printing Options P printer host P logical name Specifies a remote printer If you omit this option TCPware removes the job from the queue the TCPWARE LPR PRINTER logical defines wow If you have OpenVMS OPER privileges on the local host this option removes all jobs your local host submitted to the remote queue Otherwise it removes only your jobs Place quotation marks around this option if it is the last character on the command line because OpenVMS treats trailing hyphens as con
163. S EQUIV method combined with RSA based host authentication It means that if the login would be permitted by RHOSTS SHOSTS TCPWARE HOSTS EQUIV or TCPWARE SHOSTS EQUIV file and if the client s host key can be verified see SYSSLOGIN SSHJKNOWN HOSTS and SSH DIR SSH KNOWN HOSTS in the FILES section only then is login permitted This authentication method closes security holes due to IP spoofing DNS spoofing and routing spoofing Note the administrator TCPWARE HOSTS EQUIV RHOSTS and the rlogin rshell protocol are inherently insecure and should be disabled if security is desired Publickey Authentication The SSH client supports DSA based authentication for SSH2 sessions and RSA based authentication for SSH1 sessions The scheme is based on public key cryptography There are cryptosystems where encryption and decryption are done using separate keys and it 1s not possible to derive the decryption key from the encryption key For SSHI 16 4 SSH supports RSA based authentication The scheme is based on public key cryptography There are cryptosystems where encryption and decryption are done using separate keys and it 1s not possible to derive the decryption key from the encryption key RSA 15 one such system The idea is that each user creates a public private key pair for authentication purposes The server knows the public key SYSSLOGIN SSHJAUTHORIZED KEYS lists the public keys permitted for log in and only the user
164. SH2 DIR SSH2 CONFIG See Table 16 2 for details For each parameter the first obtained value is used The configuration files contain sections bracketed by Host specifications That section applies only for hosts that match one of the patterns given in the specification The matched host name is the one given on the command line Since the first obtained value for each parameter is used more host specific declarations should be given near the beginning of the file and general defaults at the end Accessing Remote Systems with the Secure Shell SSH Utilities Note The qualifiers listed in Table 16 1 are position dependent You must place the qualifier s immediately after the SSH command So the correct syntax is SSH qualifier node command Table 16 1 SSH Client Command Options and Qualifiers Qualifier Description ALLOW REMOTE CONNECT Allow remote hosts to connect local port forwarding ports The default 1s only localhost may connect to locally binded ports CIPHER 7 cipher 1 cipher n Select encryption algorithm s COMPRESS Enable compression CONFIG_FILE file Read an alternative client config file DEBUG level Set debug level ESCAPE_CHARACTER char Set escape character none disable default HELP Display help text IDENTITY_FILE file Identity file for public key authentication LOCAL_FORWARD protocol isten port
165. SYS LOGIN DEFINE SYSTEM EXEC TCPWARE FTP KATE ROOT ENGSDISK DEFINE SYSTEM EXEC TCPWARE FTP PAUL ROOT ENGSDISK DEFINE SYSTEM EXEC TCPWARE FTP SYSTEM ROOT default limits KATE limits PAUL full SYSTEM ANONYMOUS user access restrictions are described under TCPWARE_FTP_ANONYMOUS_ROOT The user is not placed automatically in this directory upon successful login B 10 TCPware Logicals Table B 1 TCPware Logicals Continued TCPWARE FTP SEMANTICS FIXED IGNORE CC If this logical is defined to TRUE then GET operations of fixed lengths record files will not have a carriage return line feed added to the end of each record The in the logical represents where defined values go Defined values can be either alpha or numeric DEFINE TCPWARE FTP SEMANTICS FIXED IGNORE CC TCPWARE FTP SEMANTICS VARIABLE IGNORE CC When this logical is defined to TRUE files with variable length records and carriage return carriage control will NOT have a new line character inserted after each line when the file is transferred in image binary mode The default is TRUE and is defined in FTPSERVER_DTP COM DEFINE TCPWARE FTP SEMANTICS VARIABLE IGNORE CC FALSE Users can change this value by defining it in their LOGIN COM file or it can be defined on a system wide basis if this is desired for all users TCPWARE FTP SERVER DATA PORT RANGE Specifies the upper and lower port boundaries that are to be used in passive data
166. See Table 14 1 for examples Table 14 1 Sample Duress PINs If your regular PIN is Then your duress PIN is Applies to 243890 243891 All tokens 243899 243890 All tokens ABCDEF ABCDEG Standard Card and Key Fob ABCDEZ ABCDEA Standard Card and Key Fob 14 9 Chapter 15 WHOIS Username Directory Services The WHOIS utility allows Internet users to query the Network Information Center NIC username directory services To invoke WHOIS enter at the DCL prompt WHOIS name name is the user s name or other search keyword The utility tries to connect to the NIC WHOIS server ds internic net and displays any returned information The source code for this utility is in the TCPWARE COMMON TCPWARE EXAMPLES WHOIS C file 15 1 Chapter 16 Accessing Remote Systems with the Secure Shell SSH Utilities The SSH implementation for TCPware provides the client software for allowing secure interactive connections to other computers in the manner of rlogin rshell telnet The following topics describe how to configure maintain and use the following TCPware client and utilities eSecure Shell Client remote login program SSHKEYGEN SSHAGENT authentication agent SSHADD CERTTOOL CERTVIEW CMPCLIENT ePublic Key Subsystem SSH Protocol Support The SSH client software supports both the SSH1 and SSH2 protocols SSH1 and SSH2 are different and incompatible protocols The SS
167. T II User Functions 2 Check file extensions to determine file types You might need to enter special qualifiers when you transfer certain types of files See Table 3 2 in the next section for a description of the file transfer formats 3 Check the local directory when in FTP FTP gt LDIR If you use the menu driven method see the Local part ofthe for TCPware for OpenVMS screen see Figure 3 2 4 Use the LCD or SET DEFAULT LOCAL command to move to other directories on the local host See the DIRECTORY LDIR and SET DEFAULT commands in the Command Reference for checking directories Figure 3 6 Checking Remote and Local Directories FTP gt DIRECTORY 1 total 49 rwxr xr x 1 smith users 340 Oct 1 16 34 login rWXr Xr X 1 smith users 138 Oct 1 16 34 profile 2 drwxr xr x 2 gmith users 512 Oct 1 16 34 bin rw r r 1 smith users 46080 Oct 1 10 58 sys exe drwxr xr x 2 root daemon 512 Feb 10 2001 wastebasket FTP gt LDIR 3 Directory DOCSDISK DOC ENG ANDY TXT 1 CYN PS 2 DO_HELP TXT 1 GLOSSARY TXT 1 HELP DIR 1 KIT INFO PS 1 LWK PERSONAL LINKBASE 1 SCREEN FTP DIR 1 SEND NORM C 1 Total of 9 files FTP gt LCD HELP 4 FTP gt LDIR Directory DOCSDISK DOC ENG HELP BUILD COM 1 FTPHELP HLB 2 FTPHELP RNO 1 FTPHELP HLB 2 FTPHELP RNO 1 HELP MMS 1 Total of 6 files Checking File Transfer Formats 3 10 You can determine what file format to use during file transfers Client FTP lets you transfer fi
168. T KERBEROS PASSWORD 4 1 SHOW TICKETS 4 1 Kerberos user commands GET TGT 4 3 REMOVE TICKETS 4 5 SET KERBEROS PASSWORD 4 6 SHOW TICKETS 4 7 key designations for three terminal types 3 37 12 24 L local system commands 3 22 DEFINE KEY 3 22 HELP 3 22 LCD 3 22 LDIR 3 22 SET BELL 3 22 SET DEBUG 3 22 SET HASH 3 22 SET LOWERCASE 3 22 SET PASSIVE 3 22 SET VMS 3 22 SHOW STATUS 3 22 SPAWN 3 22 STRUCTURE 3 23 TYPE 3 23 LOCAL_FLOW 12 21 LOCAL_FLOW_CONTROL 12 57 logical FTP_STARTUP B 1 MULTINET_SFTP_FALLBACK_TO_CBT 17 7 MULTINET_SFTP_TRANSLATE_VMS_FILE_TYPE S 17 8 NETCU_STARTUP B 1 TCPWARE ACECLIENT PASSCODE TIME B 3 TCPWARE ACECLIENT CL B 2 TCPWARE ACECLIENT DATA DIRECTORY B 3 TCPWARE ACECLIENT ENABLE B 3 TCPWARE ACECLIENT NETWORK B 3 TCPWARE ACECLIENT REMO B 3 TCPWARE ACECLIENT SHR B 3 TCPWARE DOMAINLIST B 3 TCPWARE DOMAINNAME B 3 TCPWARE FTP 220 REPLY B 4 Index 4 TCPWARE FTP 221 REPLY B 4 TCPWARE FTP 230 REPLY B 4 TCPWARE FTP 421 REPLY B 5 TCPWARE FTP ALL VERSIONS B 5 TCPWARE FTP ALLOWCAPTIVE B 6 TCPWARE FTP ANONYMOUS 230 REPLY B 6 TCPWARE FTP ANONYMOUS RIGHTS B 6 TCPWARE FTP ANONYMOUS ROOT B 6 TCPWARE FTP DISALLOW UNIX STYLE B 7 TCPWARE FTP DONT REPORT FILESIZE B 7 TCPWARE FTP EXTENSION QUANTITY B 7 TCPWARE FTP GETHOST MAX TIME B 7 TCPWARE FTP IDLE TIMEOUT B 7 TCPWARE FTP KEEP DIR EXT B 8 TCPWARE FTP LOG ALL USERS B 8 TCPWARE FTP LOGFILE B 8 TCPWARE FTP MAX SERVERS B 8 TCPWARE FTP MAXREC B 9 TCPWA
169. TCPware for OpenVMS User s Guide Part Number N 5904 59 NN A December 2009 This manual describes how to use the network services provided by the TCPware for OpenVMS product Revision Update This is a revised manual Operating System Version VAX VMS V5 5 2 or later OpenVMS VAX V6 0 or later OpenVMS Alpha V6 1 or later or OpenVMS I64 V8 2 or later Software Version 5 9 Process Software Framingham Massachusetts USA The material in this document is for informational purposes only and is subject to change without notice It should not be construed as a commitment by Process Software Process Software assumes no responsibility for any errors that may appear in this document Use duplication or disclosure by the U S Government is subject to restrictions as set forth in subparagraph c 1 ii of the Rights in Technical Data and Computer Software clause at DFARS 252 227 7013 The following third party software may be included with your product and will be subject to the software license agreement Network Time Protocol NTP Copyright O 1992 by David L Mills The University of Delaware makes no representations about the suitability of this software for any purpose Point to Point Protocol Copyright O 1989 by Carnegie Mellon University All rights reserved The name of the University may not be used to endorse or promote products derived from this software without specific prior written permission Redistribution and use in
170. TELNET EL control function to the server instead of the actual character Ignored if TN3270 mode is active Format SET EL char SET NOEL Parameter char When entered this character sends the TELNET EL control function to the server You can specify this character in either of the following formats Numeric ASCII value of the character String Character string enclosed in quotes Specify control characters by typing a caret before the character There is no default EL character Define the initial EL character using the TCPWARE TELNET EL logical name in the process job group or system logical name tables To define the logical use one of the following formats DEFINE PROCESS TCPWARE TELNET EL 21 DEFINE PROCESS TCPWARE TELNET EL ynnu Both commands set the EL character to Ctr1 U ASCII 21 They are equivalent Examples 1 Each of these equivalent commands sets the EL character to ctr1 u ASCII 21 TELNET gt SET EL 0 TELNET gt SET EL 21 2 This example removes the previous character definition if any for the EL control function TELNET gt SET NOEL 12 49 PART II User Functions SET NOJESCAPE SET NOJESCAPE SET ESCAPE changes the escape attention character This command allows you to change the character to a key that is more convenient The default escape character is You may want to change the escape character if the remote host uses that character
171. TP2 Commands SFTP2 Command Description ASCII s remote lt local gt With s option shows current newline convention remote nl conv sets remote newline convention lt ocal nl conv operates on local side but is not as useful the correct local newline convention is usually compiled in so this is mainly for testing You can set either of these to ask which will cause sftp to prompt you for the newline convention when needed With the exception of s option this command sets transfer mode to ascii Available conventions dos unix sftp vms or mac using r n r n n and r as newlines respectively Note that some implementations of SFTP may check to see if a file can be transferred in ASCII mode before doing so and return errors for files that cannot be transferred SSH for OpenVMS MultiNet and TCPware make this check AUTO Sets the transfer mode ASCII or BINARY to depend upon the extension of the file specification BINARY Sets the transfer mode to be binary This is the default BUFFERSIZE number Sets the size of the buffer used for file transfer A larger buffer size helps speed large transfers Displays the current buffersize when no parameter is specified 17 13 Secure File Transfer Table 17 3 SFTP2 Commands CD directory specification Changes current directory on rem
172. The default device does not change FTP gt SET DEFAULT LOCAL SMITH DOC FTP gt LCD SMITH DOC 2 The following equivalent commands sets the remote default directory to usr src FTP gt SET DEFAULT REMOTE usr src gt CD usr src 3 The following sets the default transfer mode to for subsequent copy commands and sets the default to LOG and NOCONFIRM gt SET DEFAULT IMAGE LOG NOCONFIRM PART II User Functions SET DEFAULT 4 The following sets the remote directory to the anonymous directory on DELTA gt SET DEFAULT DELTA It is equivalent to FTP gt SET DEFAULT DELTA ANONYMOUS user email address 5 The following sets the remote directory to SYS SYSDEVICE USER SMITH gt CD sys sysdevice user smith 3 74 SET NOJALLOWSELFSIGNED FTP Transferring Files SET NOJALLOWSELFSIGNED Allows or disallows self signed certificates for RFC 4217 TLS negotiation The default is to allow self signed certificates Format SET ALLOWSELFSIGNED SET NOALLOWSELFSIGNED 3 75 PART Il User Functions SET NO HASH SET NOJHASH Enables hash marks With SET HASH Client FTP displays a hash mark every 1024 bytes sent or received during a file transfer SET NOHASH is the default Hash marks appear in files only No hash marks appear if the file transfer is output to the terminal screen Note With SET HASH FTP reads only 1024 bytes at a time from the
173. The extension type of the file you want copied see Table 3 2 Setting a file type qualifier overrides the default transfer format for this transaction only See also the SET DEFAULT command ANONYMOUS NOANONYMOUS Enables ANONYMOUS or denies NOANONYMOUS anonymous user access to remote resources You can omit ANONYMOUS if using the node file syntax node path See Anonymous Users APPEND Appends the remote file file to the local filename If local filename does not exist Client FTP creates it Some remote hosts do not support this operation NOTE If the operation fails try appending in binary mode by using the BINARY qualifier ASCII Transfers the file in formatted ASCII format see Table 3 2 BINARY Transfers BIN LDA OBJ and STB files in formatted binary format see Table 3 2 BLOCK Transfers STREAM STREAM CR STREAM LF and UNDEFINED files in block mode see Table 3 2 CONFIRM NOCONFIRM default CONFIRM issues a confirmation prompt before getting a file Useful when source contains wildcards so that you can confirm each file copy Respond with v or NOCONFIRM is the GET FTP Transferring Files default If confirming multiple file gets use with MGET or GET MULTIPLE with a wildcard value Position the qualifier immediately after the GET verb to relate to all files or after the particular filename to relate to that file only CONTIGUOUS blocks Local output file
174. The procedure can check if the logical TT is equal to TCPWARE FTPSERVER DTP COM and exit out of the login procedure Check if this is the TCPware FTP data transfer process IF FSLOGICAL TT EQS UDTCPWARE FTPSERVER DTP COM THEN EXIT Refuse other network connections such as DECnet IF FSMODE EQS NETWORK THEN LOGOUT or allow by using THEN EXIT above Remainder of CAPTIVE procedure follows Sont TCPWARE FTP ANONYMOUS 230 REPLY Defines a message to appear when an ANONYMOUS user successfully logs in If not defined TCPware uses the default message You can define a text string or file DEFINE SYSTEM EXECUTIVE TCPWARE FTP ANONYMOUS 230 REPLY ANONYMOUS login successful Now when a user logs in using the ANONYMOUS account the following message appears 230 ANONYMOUS login successful TCPWARE FTP ANONYMOUS RIGHTS Defines write rename and delete access rights for the ANONYMOUS FTP user in addition to read access DEFINE SYS EXEC NOLOG TCPWARE FTP ANONYMOUS RIGHTS WRITE RENAME DELETE TCPWARE FTP ANONYMOUS ROOT Defines access restrictions for users logged in as ANONYMOUS For example you can set access restrictions for users logged in as ANONYMOUS to allow access to just the ANONYMOUSSUSER directory and its subdirectories DEFINE SYSTEM EXECUTIVE TCPWARE FTP ANONYMOUS ROOT ANONYMOUSSUSER If not set the FTP server defaults to the setting in TCPWARE FTP ROOT i
175. This command reference includes Name of the command Format of the command Qualifiers if applicable Synonym if available Parameters if applicable Examples of usage 12 21 PART II User Functions CLOSE CLOSE Closes the current connection or the session specified by the session number If you are not connected to a remote host this command has no effect When you open a session using the alternate TELNET host format the CLOSE command Exits TELNET if the connection is the only session Keeps you in TELNET with the other session s open if there is at least one other session Format CLOSE session number Synonym DISCONNECT session number Parameter session number Session number to close based on the session number displayed by the SHOW STATUS command If omitted closes the current session If there are any other connections open Client TELNET resets the current session to the next one Examples You can use the SHOW STATUS command to display a list of open connections These examples start with HOMER as the current session There are three TELNET connections as follows with the current session being on HOMER 1 BART nene com telnet 192 168 1 92 23 2 MARGE nene com telnet 192 168 1 91 23 gt 3 HOMER nene com telnet 192 168 1 90 23 1 This example ends the session on MARGE The current session is still HOMER You can close any other session without a
176. UG QUOTED and TIME See the Management Guide Chapter 31 Network Testing Tools for details Functional Overview Securing Resources You can secure resources on the network using the TCPware features described in Table 2 11 Table 2 11 TCPware Features for Securing Network Resources This component Allows you to AS a system manager see the Management Guide AS user see the User s Guide Incoming Access Restrictions Restrict the hosts and networks that can access the services the master server activates Chapter 20 Access Restrictions Outgoing Access Restrictions Restrict requests for remote services to specific users and ports Chapter 20 Access Restrictions Packet Filtering Restrict the datagrams a network interface can receive by protocol source and destination address or destination port Use convenient NETCU commands Chapter 21 Packet Filtering Kerberos Server Provide password encryption and the Key Distribution Center KDC for getting tickets to server applications Also use management and user commands Chapter 23 Managing Kerberos Chapter 4 Kerberos User Commands Kerberos Authentication for RCP Use Kerberos V4 authentication with the RLOGIN Berkeley R Command Chapter 23 Managing Kerberos Chapter 7 RCP Copying Files 2 13 PART I Introduction Table 2 11 TCPware Fea
177. VE 3 22 QUIT 3 21 RECV 3 22 RM 3 22 RMDIR 3 22 SEND 3 22 STATUS 3 22 VERBOSE 3 22 Z 3 22 features 3 2 case conversion 3 2 command line interface 3 2 graphical user interface 3 2 status messages 3 2 wildcards 3 3 login sequence 14 3 preparation 3 1 session 3 1 FTP commands ACCOUNT 3 27 CLOSE 3 28 COPY 3 30 CREATE DIRECTORY 3 35 DEFINE KEY 3 37 DELETE 3 40 DIRECTORY 3 43 DISPLAY 3 45 ERROR_EXIT 3 47 EXIT 3 48 GET 3 49 HELP 3 53 LDIR 3 54 OPEN 3 55 PUT 3 59 PWD 3 64 QUOTE 3 65 REMOTEHELP 3 66 RENAME 3 67 SET DEBUG ICLASS 3 70 DEFAULT 3 72 SHOW STATUS 3 80 SITE 3 81 SPAWN 3 82 STRUCTURE 3 83 TYPE 3 84 USER 3 86 G GA 12 21 12 54 GET 3 13 graphical user interface 3 6 method 3 4 3 9 3 14 from local to remote 3 14 from remote to local 3 14 H HASH 3 76 Hewlett Packard documentation A 7 hosts configuring 2 9 IBM supported models 12 4 IBM to OpenVMS keyboard map 12 13 information about licenses 1 insecure network 16 3 internet newsgroup 1 xxi TCP IP protocol suite A 5 IP 12 21 12 55 IPP client G 7 network printing protocol G 7 print command option COPIES 5 17 DOCUMENT_FORMAT 5 18 FINISHING 5 18 JOB_PRIORITY 5 18 MEDIA 5 19 MULTIPLE DOCUMENT HANDLING 5 18 NUMBER UP 5 18 ORIENTATION 5 18 PAGE RANGE 5 19 PRINTER 5 17 QUALITY 5 19 SIDES 5 17 Index 3 Index print symbiont G 7 K Kerberos command reference 4 2 user command GET TGT 4 1 REMOVE TICKETS 4 1 SE
178. When this logical is defined the SFTP server will translate text files to stream linefeed format so that they are compatible with UNIX systems The number is a bit mask with the following definitions bit 0 value 1 FIXED format files should be translated bit 1 value 2 VARIABLE format files should be translated bit 2 value 4 VARIABLE FIXED CONTROL VFC files should be translated These values can be added together to specify combinations of file types Due to the way the SCP2 client is implemented this logical also serves as a default for the SCP2 client The SCP SERVERI program always translates FIXED VARIABLE and VFC files as it is designed to service requests that come from UNIX systems that use the OpenSSH implementation TCPWARE SFTP VMS ALL VERSIONS This logical controls whether or not all versions of a file are returned The values TRUE YES or 1 will return all versions any other value is to only return the name of the file without a version The default is to return only one filename without the version number TCPWARE SLIP n The START IP command ine specific information parameter provides the OpenVMS device name for the SLIP line If you omit this parameter TCPware assumes that the TCPWARE SLIP 7 system logical where n is the controller number defines the device B 22 TCPware Logicals Table TCPware Logicals Continued TCPWARE LOCALDOMAIN Specifies the default local domain name t
179. X display location the X display server address 15 transmitted to the remote system Use SET NOXDISPLOC before making a connection to disable sending the X display location Format SET XDISPLOC SET NOXDISPLOC Example TELNET gt SET NOXDISPLOC TELNET gt OPEN ALPHA SHOW DISPLAY Error opening DECWSDISPLAY as input No such device available ALPHA 12 62 SHOW OPTIONS TELNET Connecting to Remote Terminals SHOW OPTIONS Displays information about the options in effect Options modify the way TELNET handles your terminal over the network When you first establish a connection both hosts negotiate for the options to use based on the options that each host supports You can also use the SEND command to change options Format SHOW OPTIONS Example TELNET gt SHOW OPTIONS Current TELNET options status Remote ECHO No remote TRANSMIT BINARY normal ASCII No local TRANSMIT BINARY normal ASCII Remote SUPPRESS GO AHEADS Local SUPPRESS GO AHEADS No remote END OF RECORD No local END OF RECORD Local TERMINAL TYPE VT300 Local FLOW CONTROL ON Local WINDOW SIZE 80x35 Local X DISPLAY LOCATION 192 168 5 195 0 0 12 63 PART II User Functions SHOW STATUS SHOW STATUS Displays information about all open TELNET connections and your current TELNET session The screen displays the following information Session number name and internet address of each remote host if a connection is open An ar
180. YGEN SSH2 SSH1 CONVERT file NETCU SSHKEYGEN SSH2 X509 CONVERT file NETCU SSHKEYGEN SSH2 PKCS CONVERT file NETCU SSHKEYGEN SSH2 EXTRACT CERTS file NETCU SSHKEYGEN SSH2 HELP NETCU SSHKEYGEN SSH2 VERSION Table 16 5 SSH2 SSHKEYGEN Options Option Description BASE nnn Number base for displaying key info BITS nnn Specify key strength in bits default 1024 COMMENTS comment Provide the comment DERIVE_KEY file Derive the private key given in file to public key EDIT file Edit the comment passphrase of the key EXTRACT_CERTS file Extract certificates from a PKCS 7 file FINGERPRINT file Dump the fingerprint of file HELP Print help text HOST Generate the host key INFO file Load and display information for file KEYS key keyn Generate the specified key file s KEYTYPE dsa rsa Choose the key type dsa or rsa OPENSSH CONVERT file Convert the specified OpenSSH key to SSH2 format OUTPUT_FILE file Write the key to the specified output file NOPASSPHRASE Assume an empty passphrase PASSPHRASE ppp Provide the current passphrase PKCS_CONVERT file Convert a PKCS 12 file to an SSH2 format certificate and private key QUIET Suppress the progress indicator SSH1_CONVERT file SSH2_CONVERT file Convert SSH1 identity to SSH2 format Convert a private key to SSH2
181. a eine Re e ee i 2 10 Synchronizing Time Clocks sesesessesesesseeeen eene ener enne enne nnne nennen nnns 2 11 Using Network Testing Tools eren ener 2 11 NiseWwaropiv REP 2 13 Tunneling External Applications over IP cceccescesseescesceeseeseeseeeseeseecaecssesaecsseeaeceeseserenteseeees 2 15 Programming Network Interfaces esses ener enne nennen 2 16 Chapter 3 FTP Transferring Files xii Introduction OA di nette tete uda teni nae ud ete 3 1 Before Using c eee RT RR IWON ER P eid 3 1 BM gom 3 1 FETES et p sre ee e e Xe dee PRU EET PEDE REOR MSRP CORTE 3 2 Opening a Connectlon acne eene bae decide ded eade e dedi 3 4 Graphical User Interface ee teri dpa teinte dean 3 6 Closing and Exiting eee e e a eR E RO EN 3 8 Checking Directories nete ratoris tette te A RE a ue 3 9 Checking File Transfer Formats nenne netter enne 3 10 Using GET PUT and CODY cese eene iie eei eei eerie Ree rh 3 13 Anonymous USELS C 3 15 Startup Command File ia eS eet RE n dies 3 16 Site Specific Commarnds esee ae eae ed e HH 3 18 Sample Session cisco dte ctae eR o ttes es deeds 3 19 Command Reference oe certe n OE t e ee ee eT 3 20 Troubleshooting RERO REESE Needed tunt eds 3 26 Graphical User Interface Equivalent e
182. a short message The service then throws away any data it receives and closes the connection realm In Kerberos authentication the name of a group of machines such as those on a LAN identifying the Kerberos administrative domain Record Management Services RMS Set of operating system procedures called by programs to process files and records within files Defines rules about how to store records in files Remote Compact Disk RCD Utility that provides access to CD ROM drives on remote TCP IP systems Remote Copy Program RCP UNIX like command with which you can copy files over the network Remote Login Protocol See TELNET Remote Magnetic Tape RMT Utility that provides access to magnetic tape drives on remote TCP IP systems Glossary 11 PART II User Functions Glossary of Terms Continued Remote Procedure Call RPC Set of protocols developed by Sun Microsystems Inc These protocols allow programs to invoke procedures on remote hosts as if the procedures were local See ONC RPC Services Request for Comments RFC Documents submitted to the Internet governing board to define Internet standards resolver A Domain Name System DNS client that communicates with a DNS server to resolve a host name and internet address The client does not maintain a database The client only sends queries it does not answer them resource record Entry i
183. a specific name on the remote host enter a filename in the New Remote File Dir Name field Fromremote click one or more files on the Remote part ofthe File Transfers screen to local see Figure 3 4 and click lt Copy To give the file a specific name on the local host enter a filename in the New Local Name field See the following information on symbolically linked UNIX systems Figure 3 7 and COPY Command Format CREATE FTP STARTUP COM OPEN IRIS SMITH Sandy SHOW STATUS cCtul z EDIT LOGIN COM 5 DEFINE PROCESS FTP STARTUP SYS LOGIN FTP STARTUP COM cCtl z FTP 220 IRIS process com 192 168 12 34 FTP Open MS FTPD V5 5 c 2001 Process Software 331 Password required Welcome to OpenVMS VAX V6 2 IRIS with TCPware 5 5 230 User logged in proceed 257 SYSSSYSROOT SYSMGR Client FTP V5 5 Copyright 2001 Process Software Connected to IRIS process com 192 168 12 34 Logged in as user SMITH The local default is ENG_DOC ENGINEERING SMITH The remote working directory is SYSSIRIS SMITH Default qualifiers are AVMS gt Symbolic links in UNIX systems UNIX systems can have files or directories pointing to other files or directories known as symbolic links TCPware treats symbolic links as directories which appear in the Remote Directories field on the menu screens Once you click and perform an operation on a symbolic link the directory na
184. able length records the default IMAGE data results in a sequential file with fixed length records of 512 bytes IGNORE NOIGNORE default IGNORE ignores errors so that copying can continue with the next file NOIGNORE terminates copying if an error occurs LOG NOLOG default LOG displays file specifications for each file transferred NOLOG does not display the transferred file s specifications PART II User Functions COPY RESTART For STREAM mode transfers restart the transfer where it was interrupted The client verifies that the server supports the 3659 SIZE and REST commands and ignores the qualifier if it does not This does NOT work for VMS mode transfers STRU VMS and if the remote system is a VMS system it is recommended that a STRU FILE be done before the transfer commnd and to include NOVMS on the command line SET FACTS Set selected file facts on the destination file to match the source file after transfer The facts currently supported are MODIFICATION TIME Examples 1 Each of these commands copies the STUFF TXT file from the local host to remote host SYS1 the receiving system stores the file under the same filename in user SMITH s directory FTP gt COPY STUFF TXT SYS1 SMITH SECRET FTP gt PUT STUFF TXT SYSI SMITH SECRET 2 Each of these commands copies DATA1 TXT DATA2 TXT files from the remote host to the local host assuming that a connection to the rem
185. acter If you enter the defined EC character during a TELNET session Client TELNET sends the TELNET EC control function to the server instead of the actual character Ignored if TN3270 mode is active Format SET EC char SET NO EC Parameter char When entered this character sends the TELNET EC control function to the server You can specify this character in either of the following formats Numeric ASCII value of the character String Character string enclosed in quotes Specify control characters by typing a caret before the character There is no default EC character Define the initial EC character using the TCPWARE TELNET EC logical name in the process job group or system logical name tables To define the logical use one of the following formats DEFINE PROCESS TCPWARE TELNET EC 4 DEFINE PROCESS TCPWARE TELNET EC Both commands set the EC character to ctr1 D ASCII 4 They are equivalent Examples 1 Each of these equivalent commands sets the EC character to Ctr1 D ASCII 4 TELNET gt SET EC p TELNET SET EC 4 2 This example removes the previous character definition 1f any for the EC control function TELNET gt SET NOEC 12 48 SET NO EL TELNET Connecting to Remote Terminals SET NOJEL Defines changes or disables the erase line EL character If you enter the defined EL character during a TELNET session Client TELNET sends the
186. after number in minutes m in hours h in days d or in weeks w If the connections have been idle all channels for that long a period of time the connection is closed down no port forwarding Forbids TCP IP forwarding when this key is used for authentication Any port forward requests by the client will return an error This might be used for example in connection with the command option no x11 forwarding Forbids X11 forwarding when this key is used for authentication An X11 forward request by the client will return an error 16 14 Accessing Remote Systems with the Secure Shell SSH Utilities SSH Client Server Authentication Configuration Examples Hostbased Authentication Example The following is an example of how to set up the SSH client and SSH2 server for Hostbased Authentication 1 First generate the host key ONLY if it doesn t exist 1 netcu sshkeygen ssh2 host Generating 1024 bit dsa key pair 4 oOo o0o o0o0 Key generated 1024 bit dsa myname myclient foo com Thu MAR 06 2003 13 43 54 Private key saved to tcpware ssh2 hostkey dir hostkey Public key saved to tcpware ssh2 hostkey dir hostkey pub directory tcpware ssh2 hostkey dir hostkey Directory TCPWARE SPECIFIC TCPWARE SSH2 HOSTKEYS HOSTKEY 1 HOSTKEY PUB 1 Total of 2 files 1 Copy the client system public key to the user directory on the server 1 DECnet must be running before you execute the followin
187. age of output Use this option only when you use the p option to format a file See the previous note for details on syntax v File is in Sun raster format wnumber Width of the output pages in characters Do not leave a space between the w and the number znumber Length of the output pages in lines Do not leave a space between the z and the number 1string 2string 3string 4string The options name UNIX font files and work the same as they do in UNIX Do not leave a space between the number and the string Use these options only with the d n and t options number Prints multiple copies where number is the number of copies you want of each file Do not leave a space between the and the number 5 10 LPR Network Printing Note LPR does not support the UNIX lpr options s and q Some LPD servers that reside on non UNIX hosts such as the one provided by TCPware do not support the following UNIX lpr options p t n d g v c i w z 1 2 3 and 4 Examples 1 This command prints the file MEMO TXT on the default remote printer LPR MEMO TXT Each of these commands send the file MEMO TXT to the remote printer specified by the logical drp02 LPR P drp02 MEMO TXT lpr pdrp02 memo txt Each of these commands send the file MEMO TXT to the remote printer 1p at host daisy LPR P lp daisy MEMO TXT lpr plp daisy memo txt Each of these commands specify mymemos as the job na
188. al fred daisy com Issued Expires Principal Jun 1 10 11 12 Jun 1 18 11 12 krbtgt daisy comGdaisy com Displays the name of the ticket file ticket owner s principal name issue and expiration dates and service principal name of each ticket 4 7 PART II User Functions SHOW TICKETS 4 8 2 NETCU SHOW TICKETS SRVTAB Server key file TCPWARE SRVTAB Service Instance Realm changepw bart daisy com rcmd bart daisy com Key Version Lists the available Kerberos services on BART as listed in its TCPWARE SRVTAB file Chapter 5 Network Printing Introduction The TCPware for OpenVMS network print services include Line Printer Services LPS and Terminal Server Print Services These network printing services support most printing devices including line printers laser printers and plotters TCPware provides Internet Printing Protocol support refer to the TCPware for OpenVMS Management Guide for more information about IPP LPS lets users print files on printers attached to remote hosts Users can also print files that are on a remote host to printers attached to the local host Terminal Server Print Services lets users print files on printers attached to terminal servers on a TCP IP network TCPware bases the network printing services on UNIX style LPR LPD protocols Line Printer Services LPS implement these protocols LPS supports the UNIX style LPR LPRM and LPQ commands and the OpenVMS style PRINT
189. alues at start up and delete them at shutdown SSH MAX SESSIONS This is set to the maximum number of concurrent SSH sessions allowed to the server system If SSH MAX SESSIONS is not defined the default is 9999 Setting SSH MAX SESSIONS to zero 0 will cause an error The value must be between 1 and 9999 It is defined through TCPWARE CNFNET SSH The configuration procedure should write these to the common configuration file and check the values at start up and delete them at shutdown TCPWARE SSH SFTP SERVER DEBUG Enables debugging messages for the SFTP SERVER2 image that provides service to SCP2 commands that use the SFTP protocol When this is defined the file SFTP SERVER LOG is created in the user s login directory These files are not purged Larger values yield more debugging information TCPWARE SSH SCP SERVER DEBUG Enables debugging messages for the SCP SERVERI image that provides service to SCP2 commands that use the RCP over SSH2 protocol When this is defined the file SCP SERVER LOG is created in the user s login directory These files are not purged Larger values yield more debugging information SSH TERM MBX Mailbox used by SSHD MASTER to receive termination messages from SSHD daemon processes Do not change this logical name This is created by the SSHD MASTER process TCPWARE ACECLIENT CL Points to the shareable image activated by LOGINOUT when login is performed B 2 TCPware Logicals
190. ame parameter specifies the data file or files you want printed Network Printing For example the print request PRINT QUEUE ENG PRINT MEMO TXT sends the file MEMO TXT to the remote printer queue ENGSPRINT for printing on the printer associated with that print queue The standard OpenVMS qualifiers for the PRINT QUEUE command are available See HP s OpenVMS DCL Dictionary for details on the PRINT command Figure 5 1 Using UNIX Style and OpenVMS Style Printing Commands Local OpenVMS Host Remote UNIS Hast Printer R LPR MBMO TXT LPR command issued to UNIX to Printer R h Supported commands LPR LPRM E Local OpenVMS Host Remote UNIX Host Prititer L i PRINT command issued i LPS AS to UNIX to Printer R i Supported commands PRINT Terminal Print Services Printer L Local OpenVMS Host Terminal Server PRINT QUE ENGSPRINT MEMO TCP IP Network PRINT command issued i Terminal Print Services Local or Remote vts i host on TCP IP network to terminal serverto Pinter C i Supported command PRINT PART II User Functions PRINT Qualifiers 5 4 LPS supports the OpenVMS PRINT FORM qualifier on local LPS OpenVMS print queues LPS OpenVMS print queues configured with the VMS formatting option support the FORM qualifier LPS also supports the PARAMETERS qualifier on remote hosts associated with the local LPS OpenVMS print queue OpenVMS print qu
191. an automatically get new IP addresses for a certain lease period DHCP is an extension of the Internet Bootstrap Protocol BOOTP dynamic routing See Gateway Routing Daemon encryption Transformation of plain text into unintelligible text EXPORT database Database on the NFS server system that controls which filesystems the server is able to export to a client exporting Making a network filesystem available to mount on a client system by listing it in the export database Exterior Gateway Protocol EGP Exterior routing protocol that moves routing information between Autonomous Systems ASs External Data Protocol Representation XDR Standard that resolves differences of data representation between different operating systems and hardware architectures Interface FDDI Fiber Distributed Data Set of ANSI ISO standards that define a high bandwidth 100 Mb s general purpose LAN It provides synchronous and asynchronous services between computers and peripheral equipment in a timed token passing dual ring of trees configuration FSS File Sharing Services NetWare service that lets you access OpenVMS directories files and printers using DOS facilities FTP File Transfer Protocol Application level protocol that allows a user on a client host to log in to a server host and perform file functions Glossary 4 Glossary Glossary of Terms Continued
192. an execute most file transfer and manipulation functions from the TCPware FTP OpenVMS File Transfers window shown in Figure 3 3 and Figure 3 4 Many of the 3 3 PART II User Functions functions in this window have command line equivalents If you need further information on performing a particular function in the TCPware FTP OpenVMS File Transfers window see its command equivalent in the Command Reference Note TCPware provides secure FTP OpenVMS logins through its Token Authentication feature if installed and enabled For more information see Chapter 14 Token Authentication Protecting Logins Opening a Connection 3 4 Only one FTP connection can be open at a time Once open all file transfers and other remote operations use that connection You can open an FTP connection by using either the command line user interface or the graphical user interface if you have a DECwindows system Command line method Use this method if you want to issue commands from the DCL prompt see Figure 3 1 1 Enter one of the following at the DCL prompt FTP FTP gt OPEN host in combination hostis the name of the host to which you want to connect Respond to the login prompts if any of the remote host After a successful login the FTP gt prompt appears where you enter the FTP commands described in the following sections This is the option shown in Figure 3 1 FTP TLS host hostis the name ofthe host to which y
193. anization header in outgoing mail TCPWARE SMTP HEADER RETURN RECEIPT TO Generates a Return Receipt To header in outgoing mail Requires the TCPWARE SMTP RETURN RECEIPT TO HEADER ENABLE logical to be defined TCPWARE SMTP HEADER SYS Specifies the text for a System header in outgoing mail TCPWARE SMTP HOST ALIAS FILE Points to the file containing a list of all the host names that should be considered local for this node for incoming mail delivery B 24 TCPware Logicals Table B 1 TCPware Logicals Continued TCPWARE SMTP HOST NAME Specifies all the local host names for this node Used to specify all virtual domains handled by this node Alternatively the node names can be stored in the file TCPWARE SMTP HOST ALIASES TCPWARE SMTP LOG Specifies the output filename If not defined the name defaults to TCPWARE TCPWARE SMTP LOGqueuename TCPWARE SMTP MAXIMUM 822 TO LENGTH Sets the maximum length of the RFC822 To header line when delivering incoming mail to VMS Mail users TCPWARE SMTP MRGATE NAME Specifies the name of the Message Router gateway TCPWARE SMTP NON LOCAL FORWARDER Specifies the name of a forwarder system for non local outgoing mail TCPWARE SMTP NO USER REPLY TO Disallows the use of user defined Reply To headers in outgoing mail TCPWARE SMTP POSTMASTER Specifies the address of the system wide postmaster TCPWARE SMTP REJECT INVALID D
194. ardX11 16 9 GatewayPorts 16 9 Host 16 9 HostCA 16 10 HostCANoCRLs 16 10 IdentityFile 16 10 KeepAlive 16 10 LdapServers 16 11 LocalForward 16 11 Macs 16 11 NoDelay 16 11 NumberOfPasswordPrompts 16 11 PasswordPrompt 16 11 Port 16 11 QuietMode 16 11 RandomSeedFile 16 12 RekeylntervalSeconds 16 12 RemoteForward 16 12 SendNOOPPackets 16 12 StrictHostKeyChecking 16 12 User 16 12 VerboseMode 16 12 SSh2 client keyword Compression 16 9 DebugLogFile 16 9 SSHADD 16 32 SSHADD option LIST 16 32 PURGE 16 32 SSHAGENT 16 31 authentication agent 16 32 authentication private keys 16 31 SSHKEYGEN 16 27 16 33 file IDENTITY 16 33 IDENTITY PUB 16 33 RANDOM_SEED 16 33 SSH OpenVMS 1 3 startup command file 3 16 StrictHostKeyChecking 16 12 STRUCTURE command keyword value FILE 3 83 RECORD 3 83 VMS 3 83 symbiont print queues 5 21 symbolic links in UNIX systems 3 14 system generated PIN receiving a 14 6 TALK using 11 1 TALK command TALK 11 4 TCP IP services cluster load balancing 1 5 database support 1 5 DECnet over IP 1 5 DECwindows 1 5 interface support 1 6 Index 9 Index multicasting 1 6 network management 1 7 network security 1 7 other clients and servers 1 7 PATHWORKS support 1 7 routing 1 8 TCPWARE B 5 B 8 TCPware family members 1 3 FTP OpenVMS 1 3 NFS OpenVMS client 1 3 NFS OpenVMS server 1 3 SMTP OpenVMS 1 3 TCP OpenVMS 1 4 TELNET OpenVMS 1 3 for OpenVMS 1 3 documentation 1 Secure Shel
195. at 4 MAR 2003 14 10 26 16 SREM S END control returned to node MYCLIENT SSH1 Example An example of the procedure of setting up SSH to enable RSA based authentication Using SSH client node to connect to an SSH server node 5 On the client node NETCU SSHKEYGEN SSH1 Initializing random number generator 16 17 Accessing Remote Systems with the Secure Shell SSH Utilities Generating Ps vae eld ele au ERA RS SE distance 662 Generating d werso py beep Rs distance 370 Computing the keys Testing the keys Key generation complete Enter file in which to save the key DISK SYS LOGIN MYNAME ssh identity Enter passphrase Enter the same passphrase again Your identification has been saved in DISK SYS LOGIN MYNAME ssh identity Your public key is 4024 33 13428 gie a 29361 MYNAME long hair com Your public key has been saved in DISK SYS LOGIN MYNAME ssh identity pub 5 5 1 A TCP IP stack must be loaded on the remote system o FTP DAISY USER MYNAME PASSWORD DEMONSOFSTUPIDITY _ PUT DISK SYS_LOGIN MYNAME sshlidentity PUB _ DISK SYS LOGIN MYNAME sshlidentity PUB long hair com TCPware FTP user process V5 9 119 Connection opened Assuming 8 bit connections daisy hair com TCPware FTP Server Process V5 9 16 at Thu 6 Mar 2003 3 20PM EDT Attempting to log in as myname User MYNAME logged into DISK SYS LOGIN MYNAME at Thu 6 MAR 2003
196. at it prints the current TN3270 screen to a print queue TELNET gt SET PRINT QUEUE ENG PRINTER ASCII 12 59 PART II User Functions SET TERMINAL TYPE SET TERMINAL TYPE Requests the server to support a specific terminal type or types if negotiating the terminal type option Normally you do not need to use this command Client TELNET uses the following default list of supported terminal types VT52 VT55 VT61 VT62 VT100 VT102 VT125 VT131 VT132 VT200 VT220 VT240 VT300 VT320 VT340 and IBM 3278 model number If you specify an IBM 3278 terminal type make sure your local terminal supports the screen size associated with the specified model number If your terminal does not support the screen size the data will not display properly See Table 12 1 for screen sizes for each model Use the SHOW STATUS or SHOW OPTIONS commands to show the current terminal type used The TCPWARE TELNET TERMINAL TYPE logical performs the same function as the SET TERMINAL TYPE command This logical requires the following syntax DEFINE SYSTEM EXEC TCPWARE TELNET TERMINAL TYPE type Format SET TERMINAL TYPE ftype type Parameter type A valid terminal type Client TELNET requests the server to support these types in the specified order Examples 1 This example requests the server to support the VT300 and VT100 terminal types in that order TELNET gt SET TERMINAL TYPE VT300 VT100 2 This example requests the server to support
197. ation Kerberos provides network security by regulating user access to networking services Key Distribution Center KDC An alternate name for the Kerberos Server layer The TCP IP protocol suite consists of three layers of services that rest on a layer of hardware little endian Format for storage of binary data in which the least significant byte comes first The VAX Alpha and 164 byte order is little endian See also big endian load balancing Also known as TCP IP load balancing The system whereby the server changes the preferred order of access to systems in a TCP IP cluster in response to their observed load Glossary 7 PART II User Functions Glossary of Terms Continued local area network LAN Two or more hosts connected by the same communications medium The hosts typically span a small geographic area such as a single room or building Management Information Base MIB IT Most recent MIB version for the SNMP protocol collection of data residing on the SNMP agent host and organized into groups Each piece of data within a group is a management object mask address or network 32 bit internet address where the network number is set to all bits one and the host number is set to all bits zero Hosts and gateways use the network mask to route internet packets by extracting the network number of an internet address and comparing the network number with their ow
198. bart 2 This example resumes session 2 on MARGE TELNET gt STATUS Connected sessions 1 BART humor com telnet 192 166 1 92 23 2 MARGE humor com telnet 192 166 1 91 23 gt 3 HOMER illiad com telnet 192 162 1 90 23 TELNET gt RESUME 2 sTCPWARE TELNET I RESUME resuming session 2 MARGE humor com marge 12 36 SEND TELNET Connecting to Remote Terminals SEND Sends TELNET control functions or option negotiations to a remote host Format SEND control function command option Parameters control function Table 12 8 lists the available TELNET control functions Send a control function to gain access to functions of the remote host that are not available from the keyboard Table 12 8 TELNET Control Functions Control Function Definition AO Abort Output AYT Are You There BACKWARD Sends the current Client TELNET Backward character BRK Break EC Erase Character EL Erase Line ESCAPE Sends the current Client TELNET Escape character FORWARD Sends the current Client TELNET Forward character GA Go Ahead IP Interrupt Process NOIP Do Not Interrupt Process SYNCH SYNCH signal Command One of the following TELNET protocol commands used in options negotiation DO WILL DONT WONT 12 37 PART II User Functions SEND Option Negotiated TELNET option Client TELNET supports the following option keywords ECHO for the E
199. been closed TCPWARE FTP 230 REPLY Defines a message to appear when a user successfully logs in If not defined TCPware uses the default message You can define a text string or file For example DEFINE SYSTEM EXECUTIVE TCPWARE FTP 230 REPLY Login successful Now when the user logs in using FTP the following message appears 230 Login successful B 4 TCPware Logicals Table B 1 Logicals Continued TCPWARE FTP 421 REPLY Defines a message sent when a user connects to the server but should not log in After sending the message the connection closes For example you can define this logical to prevent FTP access for a short time period Be sure to deassign the logical after this period to allow FTP access again You can define a text string or file DEFINE SYSTEM EXECUTIVE TCPWARE FTP 421 REPLY _ System maintenance in progress until 17 30 Now when the user connects to the host through FTP the following message appears and then the connection closes 421 System maintenance in progress until 17 30 TCPWARE FTP 421 REPLY has precedence over TCPWARE FTP 220 REPLY TCPWARE FTP ACCESS TCPWARE FTP lt gt ACCESS These SYSTEM logical names are used to specify the types of access that the user of the FTP server is not allowed to perform TCPWARE FTP ACCESS controls all users that do not have TCPWARE FTP username ACCESS defined The values are D Delete e L
200. bleshooting STCPWARE NETCU W NTKTTODES no tickets to destroy Meaning The ticket file does not exist Action Use the GET command to create a ticket file entry STCPWARE NETCU I TKTDESTR tickets destroyed Meaning The ticket was successfully removed STCPWARE NETCU E TKTNODES tickets NOT destroyed Meaning Some error occurred while trying to delete the ticket file Possible reasons are that the ticket file does not grant delete access or you are not its actual owner 4 5 PART II User Functions SET KERBEROS PASSWORD SET KERBEROS PASSWORD For Kerberos users Changes your Kerberos password Note If you change your Kerberos password your ticket granting ticket TGT is deleted from your ticket file You need to create a new TGT using the GET TGT command SET KERBEROS PASSWORD is equivalent to the UNIX command kpasswd Format SET KERBEROS PASSWORD username instance Old password for username old password New password for username new password Verifying please re enter new password Parameters username Kerberos username for which to change the Kerberos password If omitted the OpenVMS username under which the user logged in is used Converted to lowercase unless you enclose it in double quotes instance Usually omitted for a general Kerberos user but can be the name of the machine from which you can obtain ticket granting tickets and service tickets Specify admin for an administrative user
201. but relates to UDP threads TCPWARE NFS XID CACHE SIZE Sets the maximum number of XID cache entries The XID cache prevents the system from transmitting false error messages for operations such as delete create rename and set attributes Setthe NFS XID CACHE SIZE parameter to at least twice 2 times the largest of the number of NFS clients using the NFS Server e UDP threads as set by the NFS_UDP_THREADS parameter TCP threads as set by the NFS_TCP_THREADS parameter The parameter sets the size of both the UDP and TCP XID caches each protocol has a separate XID cache B 19 PART III Appendixes Table TCPware Logicals Continued TCPWARE PCNFSD DFLTPRTOPT Specifies the default print options when submitting a spooled print job for printing The logical for NFS PCNFSD DFLPRTOPT is TCPWARE PCNFSD DFLTPRTOPT TCPWARE PPPD DEBUG LEVEL When you specify the DEBUG or D option it debugs at level 5 display up to warning and significant events For more informational and debugging information raise the debug level to 7 TCPWARE PPPD OPCOM LEVEL For a detached process raise the message level for OPCOM messages By default it is set to 4 to report fatal and error messages Raise it to 5 to monitor the significant events in PPPD or even higher for more detail TCPWARE QUOTE Defines the quote for the server This logical can be either a string or a filename that includes the quot
202. butes This qualifier is useful for transferring a VMS node file to a non VMS node A subsequent GET FDL operation can then return the file with the proper record attributes back from the non VMS node The default is not to create an accompanying FDL file The TYPE or SET TYPE command determines the type of file A transfer of ASCII data results in a sequential file with variable records the default IMAGE data results in a sequential file with fixed length records of 512 bytes FORTRAN Transfers the file in FORTRAN mode see Table 3 2 The first character of each record is a FORTRAN carriage control character Some hosts do not recognize this transfer format IGNORE NOIGNORE default IGNORE ignores errors so that copying can continue with the next file NOIGNORE terminates copying if an error occurs 3 61 PART II User Functions PUT IMAGE size Transfers the file in image mode Optional size sets the record size of the local output file see Table 3 2 Does not apply to remote output files LOG NOLOG default LOG displays file specifications for each file transferred MULTIPLE Transfers multiple files equivalent to Use after ocal file only and include wildcards in local file Necessary because some remote hosts do not recognize the OpenVMS characters for the asterisk percent 96 or the question mark as wildcards RECORD Transfers the file using STRU R so as to communi
203. cate the record structure during the copy A positional qualifier Not all servers support record structure mode If you specify both RECORD and VMS Client FTP uses VMS RESTART For STREAM mode transfers restart the transfer where it was interrupted The client verifies that the server supports the RFC 3659 SIZE and REST commands and ignores the qualifier 1f it does not This does NOT work for VMS mode transfers STRU VMS and if the remote system is a VMS system it is recommended that a STRU FILE be done before the transfer commnd and to include NOVMS on the command line SET FACTS Set selected file facts on the destination file to match the source file after transfer The facts currently supported are MODIFICATION TIME VARIABLE Transfers an image file see IMAGE in variable length record mode All IMAGE records are the same length when stored at the destination Applies to local output image files only VMS Transfers the file in VMS file mode see Table 3 2 Allows you to transfer any type of RMS file between OpenVMS systems VMS is a positional qualifier It should immediately follow the filename in question If you use VMS Client FTP ignores APPEND ASCIIL BINARY BLOCK FORTRAN IMAGE and VARIABLE If you specify both RECORD and VMS Client FTP uses VMS Not all servers support VMS files If the server does and you do not specify another mode using a qualifier or the STRUCTURE or SET DEFAULT command
204. ce and destination HELLO is not currently widely in use host Unique addressable entity that 1s part of an internet A multiuser minicomputer and a terminal server are examples of hosts host byte order Standard a host uses for storage and transmission of integers that specifies that either the least significant byte or most significant byte appears first Sending machines must translate from their host or local machine integer representation to network byte order Receiving machines must translate from network byte order to the local host or local machine representation See big endian and little endian Glossary 5 PART II User Functions Glossary of Terms Continued host equivalence files Security access files on a Berkeley R Commands server host used to authorize access to services by other hosts or users The files list hostnames and optionally usernames and indicate which remote hosts and users have equivalent access as local users These include RHOSTS and HOSTS EQUIV files hostname Name assigned to a host These names are for user convenience and a system maps it to an internet address Host names may either be from a flat namespace or the domain namespace A hostname is a mnemonic given to a host for the purpose of identifying it Because the TCP IP protocols only understand internet address they must translate these hostnames into internet addresses TCPware supports two mea
205. cent version is copied unless in VMS mode and the TCPWARE SFTP VMS ALL VERSIONS logical is defined to be TRUE REMOVE Deletes the source files after they have been copied to the remote system TRANSLATE VMS Translates VMS text files in the copying process to byte streams separated by linefeeds because the defined data transfer format for SCP2 is a binary stream of bytes TRANSLATE VMS is only applicable to the source specification If a remote source file is specified then that system must be running MultiNet v4 4 or higher TCPware 5 6 or SSH for OpenVMS If TRANSLATE_VMS is specified with no value then VARIABLE FIXED and VFC Variable Fixed Control files are translated to stream linefeed files If the value is NONE no files are translated VARIABLE FIXED and VFC can be combined in any manner The SFTP SERVER2 process uses the value of the logical TCPWARE SFTP TRANSLATE VMS FILE TYPES to determine which files should be translated automatically This is a bit mask with bit 0 1 FIXED bit 1 2 VARIABLE and bit 2 4 These values can be combined into a number between 0 and 7 to control which files are translated Note Due to the structure of the programs the SCP2 program uses this logical if the 17 6 TRANSLATE VMS qualifier has not been specified VERBOSE Displays debugging messages that allow the user to see what command was used to start up SSH and other basic debugging information Note that d
206. character in either of the following formats Numeric ASCII value of the character String Character string enclosed in quotes Specify control characters by typing a caret before the character There is no default AYT character Define the initial AYT character using the TCPWARE TELNET AYT logical name in the process job group or system logical name tables To define the logical use one of the following formats DEFINE PROCESS TCPWARE TELNET AYT 7 DEFINE PROCESS TCPWARE TELNET AYT gnun Both commands set AYT character to Ctr1 G ASCII 7 They are equivalent Qualifiers SYNCH NOSYNCH default Sends the AYT command followed by the SYNCH signal Examples 1 Each of these equivalent commands sets AYT character to ctr1 c ASCII 7 TELNET gt SET AYT TELNET gt SET AYT 7 2 This example removes the previous character definition if any for the AYT control function TELNET gt SET NOAYT 12 41 PART 1 User Functions SET NOJBACKWARD SET NOJBACKWARD Defines changes or disables the backward one session BACKWARD character If you enter the BACKWARD character during a TELNET session the previous numbered session becomes active The previous numbered session is the session with the next lowest session number than the current session If the current session already has the lowest session number the session with the highest session number becomes act
207. cified by configuration option DefaultDomain 1s not fully qualified the domain specified by configuration option DefaultDomain is appended to it before comparing it to certificate alternate names If no CA certificates are specified in the configuration file the protocol tries to do key exchange with ordinary public keys Otherwise certificates are preferred Multiple CAs are permitted HostCANoCRLs Certificate None Similar to HostCA but disables CRL checking for the given ca certificate IdentityFile Filename Identification Name of identification file for publickey authentication KeepAlive Y N Y Send keepalives 16 10 Accessing Remote Systems with the Secure Shell SSH Utilities Table 16 2 SSH2 CONFIG File Configuration Keywords Continued Keyword Value Default Description LdapServers ServerURL None Specified as Idap server domainname 389 CRLs are automatically retrieved from the CRL distribution point defined in the certificate to be checked if the point exists Otherwise the comma separated server list given by option LdapServers is used If intermediate CA certificates are needed in certificate validity checking this option must be used or retrieving the certificates will fail LocalForward Port Socket Local port forwarding Macs Algorithm None Select MAC Message Authentication Code algo
208. cksums Enabling checksums maintains data integrity and is the default Note Disabling checksums may increase system performance but could have an adverse affect on certain NFS clients TCPWARE NFS OPENFILE TIMER Sets a time interval in delta time a file remains open after you last accessed it You do not need to open and close it for each request The default is six seconds TCPWARE NFS PCNFSD DFLTPRTOPT Specifies the default print options when submitting a spooled print job for printing The logical for NFS PCNFSD DFLPRTOPT is TCPWARE PCNFSD DFLTPRTOPT TCPWARE NFS PCNFSD ENABLE Enables value of 1 or disables value of 0 the PCNFSD services support A value of 3 enables print spooling of files on the server without enabling PCNFSD authentication The logical for NFS PCNFSD ENABLE is TCPWARE PCNFSD ENABLE B 17 PART III Appendixes Table B 1 TCPware Logicals Continued TCPWARE NFS PCNFSD JOB LIMIT Specifies the maximum packet size of the information displaying the queued print jobs Some systems require this limitation Note If the actual queued job information exceeds the byte limit set by this parameter TCPware truncates the information The logical name for JOB LIMIT is TCPWARE PCNFSD JOB LIMIT If this logical is not defined TCPware determines the size of the packet at run time TCPWARE NFS PCNFSD PRINTER Specifies the print queue you want used if the NFS cl
209. command execution service When the command completes execution on the remote host the RSH command exits and closes the connection you return to your local working environment RSH writes any output from the command to SYSSOUTPUT it writes any error from the command to SYSSERROR unless overridden with the OUTPUT or ERROR qualifier Some servers such as UNIX servers send output with only line feeds for screen display To satisfy OpenVMS screen displays RSH inserts a carriage return by default before each line feed before sending the output to the terminal If your screen display requires only a line feed use the RAW qualifier to bypass the default If you need to preserve case for any of the command elements enclose each in quotes since RSH lowercases unquoted text strings Include a pair of quotes for each redirection of the command If you are redirecting a command through one remote host to have it executed on a third each host in turn strips off a pair of quotes after interpreting the command In this case you may need three pairs of quotes around the command element in order to preserve case Format RSH host command Parameters host Name or internet address of the host you want to execute the command on Can be a domain style name or an IP address command Name of the command or command string to execute on the remote host Qualifiers 9 2 AUTHENTICATION auth type Determines the authentication method
210. command okay gt 3 18 FTP Transferring Files Sample Session This section describes a sample FTP OpenVMS session See Figure 3 11 for the corresponding numbered steps In this example a user on local host BETA 1 o a lt lt Ui 9 Starts Client FTP opens a connection to remote host and logs in as user SMITH the display does not echo the password at the prompt If you are using Token Authentication enter your PASSCODE in place of the password here Using PUT copies the local SYS EXE file to THETA Using GET copies the SYS EXE file on THETA back to BETA Obtains a remote directory listing There is a SYS EXE file Deletes the SYS EXE file Obtains another remote directory listing SYS EXE is now gone Obtains a local directory listing Note that SYS EXE 1 still exists locally Opens a connection to host ALPHA running OpenVMS and FTP OpenVMS and logs in as USER This closes the connection to THETA Obtains a remote directory listing on ALPHA 10Using GET copies the ASCII file SCREEN FTP TXT on ALPHA to BETA 11 Changes the default for transferring files from formatted ASCII to IMAGE 12 Using GET copies the SEND NORM BIN SEND NORM OBJ and SEND OBJ files from ALPHA as image files on the local host 13 Obtains a local directory listing SCREEN FTP TXT SEND NORM BIN SEND NORM OBJ and SEND OBJ are now present 14Exits FTP PART II User Functions Figure3 11 Sam
211. cute FTP commands either at the FTP gt Graphical User prompt or through a DECwindows graphical user interface Interface Command environment The user interface is provided with DECwindows Motif Execution Version 1 1 and later You can use either DCL style syntax or UNIX style syntax at the gt prompt DCL syntax can include qualifiers FTP gt DIRECTORY DIR BRIEF You usually enter UNIX style commands in lowercase FTP gt ls dir Case Conversion Client FTP no longer converts the user name password and account to lowercase if they were not supplied on the OPEN and USER command line and thus prompted for If you are prompted for these parameters you must enter them in the proper case since quotes are no longer needed to maintain case Status Messages Client FTP issues informational and error messages These messages are self explanatory and conform to the standard OpenVMS message format The numeric codes that prefix these messages conform to the RFC 959 standard for FTP 3 2 Transferring Files Table 3 1 Client FTP Features Continued This feature Means that Wildcards Client FTP supports wildcards for the COPY GET PUT DELETE and DIRECTORY commands The acceptable wildcard characters are Percent sign or question mark to represent individual characters e Asterisk to represent multiple characters If you include the asterisk wildcard to rep
212. d for a username password or account then include the parameters on subsequent lines after the USER command in the command file Want to be prompted for a password do not use the command file with a batch job nor specify the password in a command file The display does not echo the password or account information Synonym Par 3 86 LOGIN ameters username Username on the remote host Enclose the username in quotes if case is important or if it contains special characters Prompted if omitted password Password on the remote host Enclose the password in quotes if case is important or if it contains special characters Prompted if omitted and required Not echoed If you are designated by the system administrator as having password authentication through Token Authentication you need to enter the PASSCODE in place of the password Depending on which type of SecurID card you were assigned Enter a combination of your memorized personal identification number PIN and the tokencode that appears on the card with no separating space as the password or Enter your memorized PIN on the PINPAD card and the resulting tokencode that appears on the card as the password USER FTP Transferring Files See the Chapter 15 Token Authentication Protecting Logins for details on obtaining PASSCODEs account Account on the remote host Enclose the account in quotes if case is important or if it contains special charact
213. d Ctr1 Q resumes TELNET transmission Under normal conditions the terminal driver processes Ctr1 s and Ctr1 Q locally and does not send them to the remote TELNET server Client TELNET supports RFC 1372 Telnet Remote Flow Control Option which lets the remote server tell the client when to enable and disable local flow control These commands are not related to that option but rather let the user control the local flow control setting 1f the remote server does NOT support the Remote Flow Control Option Use SET NOLOCAL FLOW CONTROL to pass the ctr1 s and Ctr1 Q characters to the remote TELNET server and NOT process them locally The default flow control setting depends on the TT V TTSYNC value for the terminal You can set TTSync mode local flow control outside of TELNET by using the DCL SET TERMINAL TTSYNC command or set No TTSync mode server flow control by using the DCL SET TERMINAL NOTTSYNC command some full screen editors also set these modes However if you are inside TELNET SET NOLOCAL FLOW CONTROL can force the terminal into No TTSync mode for a particular connection Format SET LOCAL FLOW CONTROL default SET NOLOCAL FLOW CONTROL Example TELNET gt SET NOLOCAL TELNET gt SHOW STATUS Client TELNET V5 9 1 Copyright c 2007 Process Software Connected session gt 1 beans example edu telnet 192 168 0 50 Terminal type VT300 Local flow control OFF D is the escape attention character 12
214. d prints only option negotiations and no data to the TEXT LOG file TELNET gt SET LOG TEXT LOG OPTIONS NODATA 12 58 SET PRINT TELNET Connecting to Remote Terminals SET PRINT Sets how you want the PRINT key to work while in TN3270 mode You must be in TN3270 mode to use this command If you omit the qualifiers the default is SET PRINT FILE SYS LOGIN TN3270 TXT NOAPPEND This means that the default print setting is OPEN TN3270 PRINT FILE SY SSLOGIN TN3270 TXT NOAPPEND Format SET PRINT qualifiers Opens local file file and begins logging To close a log file and stop logging enter SET LOG with no file specification Qualifiers APPEND NOAPPEND default Use with the FILE qualifier only APPEND appends the TN3270 screen dump onto the specified file NOAPPEND creates a new file or overwrites the existing one FILE filename File in which to dump the TN3270 screen You can use this with the optional APPEND or NOAPPEND qualifier FORM form name Use with the QUEUE qualifier only Specifies the form name to use in a TN3270 screen print QUEUE qname Queue to which to print the TN3270 screen You can use this with the optional FORM qualifier and value Examples 1 This example sets the print behavior so that it prints the current TN3270 screen to a print file and appends it onto the end of the file TELNET gt SET PRINT FILE PRINTFILE TXT APPEND 2 This example sets the print behavior so th
215. d that the above copyright notices appear in all copies and that both the above copyright notices and this permission notice appear in supporting documentation and that the name of the University of Washington or The Leland Stanford Junior University not be used in advertising or publicity pertaining to distribution of the software without specific written prior permission This software is made available as is and THE UNIVERSITY OF WASHINGTON AND THE LELAND STANFORD JUNIOR UNIVERSITY DISCLAIM ALL WARRANTIES EXPRESS OR IMPLIED WITH REGARD TO THIS SOFTWARE INCLUDING WITHOUT LIMITATION ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND IN NO EVENT SHALL THE UNIVERSITY OF WASHINGTON OR THE LELAND STANFORD JUNIOR UNIVERSITY BE LIABLE FOR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE DATA OR PROFITS WHETHER IN AN ACTION OF CONTRACT TORT INCLUDING NEGLIGENCE OR STRICT LIABILITY ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE Portions Copyright O 1980 1982 1985 1986 1988 1989 1990 1993 by The Regents of the University of California All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 R
216. de either UNIX or VMS style file specifications can be used Directories are recursively copied with their contents Multiple files may be specified by separating the names with spaces If preserve attributes or p is specified then SFTP attempts to preserve timestamps and access permissions Note that a target filename cannot be provided GETEXT Displays the list of file extensions to use ASCII transfers when in AUTO mode The initial value is txt htm pl php HELP Displays help on commands LCD lt directory specification gt Changes the current directory on the local system VMS file specifications may be used when in VMS mode LCHMOD Change the protection on a file or directory on the local connection to the specified octal mode Unix values R recurses over directories LCLOSE Close the local connection LDELETE lt file gt Removes the specified file from the local system VMS file specifications may be used when in VMS mode LDIRECTORY lt file directory specification gt Displays the contents of the current directory for the local system in VMS format when the transfer mode is VMS File names are displayed as they would be with a DIRECTORY command from DCL 17 15 Secure File Transfer Table 17 3 SFTP2 Commands LLS lt file directory specification Displays the contents of the current directory or specified directory in UNIX format Lists the names of fi
217. double quotes For example PRINT QUEUE IPP QUEUE PARAM PAGE RANGES 1 3 6 9 10 12 14 FILE TXT Note that embedded spaces are allowed and ignored The example specifies the pages 1 3 4 5 6 9 10 12 13 and 14 MEDIA name This attribute identifies the medium that the Printer uses for all pages of the Job The values for media include medium names medium sizes input trays and electronic forms See your printer documentation for details concerning what values are supported for your printer Standard keyword values are taken from ISO DPA and the Printer MIB and are listed in section 14 of RFC 2566 Some servers may support definition of locally created names as well See Table 5 1 and Table 5 2 for the standard media names QUALITY keyword Specifies the quality of the printed material Case is ignored The keyword choices are DRAFT HIGH NORMAL Table 5 1 contains examples of standard names These names include but are not limited to the following Table 5 1 Standard Media Names Name Description default The default medium for the output device iso a4 white Specifies the ISO A4 white medium 5 19 PART II User Functions PRINT 5 20 Table 5 1 Standard Media Names iso a4 colored Specifies the ISO A4 colored medium iso a4 transparent Specifies the ISO A4 transparent medium na letter white Specifies the North American letter white medium na lette
218. ducts derived from this software without specific prior written permission Copyright 1990 by John Robert LoVerso rights reserved Redistribution and use in source and binary forms are permitted provided that the above copyright notice and this paragraph are duplicated in all such forms and that any documentation advertising materials and other materials related to such distribution and use acknowledge that the software was developed by John Robert LoVerso Kerberos Copyright 1989 DES C and PCBC ENCRYPT C Copyright 1985 1986 1987 1988 by Massachusetts Institute of Technology Export of this software from the United States of America is assumed to require a specific license from the United States Government It is the responsibility of any person or organization contemplating export to obtain such a license before exporting WITHIN THAT CONSTRAINT permission to use copy modify and distribute this software and its documentation for any purpose and without fee is hereby granted provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation and that the name of M LT not be used in advertising or publicity pertaining to distribution of the software without specific written prior permission makes no representations about the suitability of this software for any purpose It is provided as is without express or implied warranty
219. e crt into the user s ssh2 directory and edit the ssh2 identification file adding entry certkey private key name dir ssh2 Directory DKAO DILBERT SSH2 AUTHORIZATION 13 IDENTIFICATION 1 MYCERT 1 MYCERT1 CRT 2 Total of 4 files type ssh2 identification certkey mycertl Server setup 1 Copy the CA certificate into your SSH2 DIR directory 2 Add the following entries in 55 2 DIR SSHD2 CONFIG Pki SSH2 DIR CAcertname 16 19 Accessing Remote Systems with the Secure Shell SSH Utilities Mapfile SSH2_DIR lt CAcertname gt map The Pki keyword begins an authority block for a given CA certificate There might be more than one CA certificate along with its own mapping file The Mapfile keyword specifies the location of the certificate to username mapping file In addition for testing you might use PkiDisableCRLs yes to disable CRL checking for the given authorization block Create the mapping file SSH2_DIR lt CAcertname gt map The mapping file consists of rows of the following format userid mappingrule mapdata Userid 1s the userid that s allowed to login for the given cert there might be multiple userids for a given certificate Mapping rule is one of subject email serialandissuer and emailregex Subject means that the following mapdata is matched against the subject of the certificate Email is the e mail alternative subject extension with emailregex can be used reg
220. e destination file If the destination file does not exist Client FTP creates it Only valid 1f appending to a file with the same file transfer type Some remote hosts might not support this operation CONFIRM NOCONFIRM default CONFIRM issues a confirmation prompt before copying a file Useful when source contains wildcards so that you can confirm each file copy Respond with v or NOCONFIRM is the default If confirming multiple file copying use with COPY MULTIPLE with a wildcard value Position the qualifier immediately after the COPY verb to relate to all files or after the particular filename to relate to that file only CONTIGUOUS blocks Local output file should have an initial contiguous allocation of the specified number of blocks If the output file is smaller than the specified blocks Client FTP truncates the allocation If the output file is larger the additional allocations are non contiguous Does not apply to remote output files FDL Uses and then deletes a separate FDL file describing the specified file s OpenVMS RMS record attributes This qualifier is useful after a PUT FDL operation from a VMS node transfers a file to a non VMS node the GET FDL operation can then return the file with the proper record attributes back from the non VMS node The default is not to create an accompanying FDL file The TYPE command determines the type of file A transfer of e ASCII data results in a sequential file with vari
221. e displayed on the center of the fob Token Authentication Protecting Logins SecurID PINPAD card a rectangular card with the tokencode displayed at the upper right hand corner and a digit keypad at the bottom from which to enter the PIN See the Logging In with a SecurID Token section Login Interfaces The user interface to token authentication is through login screens for FTP TELNET RLOGIN and SET HOST that display the usual username prompt followed by For the usual password prompt at which to enter FTP the PASSCODE TELNET RLOGIN your usual password along with an Enter PASSCODE prompt at and SET HOST which to enter the PASSCODE Note For an FTP login the token cannot be in Next Tokencode or New PIN mode Example 14 1 shows a sample FTP login sequence to host BART The shaded areas show values entered but not displayed on the screen The PASSCODE is a combination of the PIN and the tokencode when used with a Standard Card or Key Fob Example 14 1 FTP Login Sequence Using Token Authentication FTP BART 220 bart process com 192 168 34 56 FTP OpenVMS FTPD V5 9 1 c 2007 Process Software 331 Password required 230 User logged in proceed Username MARGE MARGE 331 Password required Password 192837465 230 User logged in proceed 214 SITE VMS recognized Example 14 2 shows a sample TELNET login sequence to host BART The shaded areas show values
222. e host TFTP writes the local file as a STREAM LF formatted file Since TFTP does not authenticate the client the server allows access only to files in the directory and its subdirectories defined by the TCPWARE TFTP ROOT logical The server converts UNIX filenames with their directories into VMS filenames as in Table 13 1 The directory specification is dir and the filename specification with its extension is filename ext Table 13 1 TFTP UNIX to VMS Filename Conversions UNIX Filename Is Converted to VMS Filename dir filename ext dir filename ext dir filename ext dir filename ext Format GET remote file local file Parameters remote file Input file specification on the remote host local file Output file specification on the local host If omitted Client TFTP uses the remote file filename and extension Examples 13 4 1 This command transfers the US DOMAIN INFO TXT file from the previously specified host tftp get us domain info txt 2 This command transfers the US DOMAIN INFO TXT file from the previously specified host as file LOCALSTUFF TXT tftp get us domain info txt localstuff txt HELP Trivial File Transfers HELP Displays a brief help message summarizing the commands Format HELP command Parameter command Optional command for which you want help Examples This command provides help for the CONNECT and GET commands tftp help connect connect to
223. e of your working directory in a raw state on a terminal that requires only line feeds to display the information rsh iris raw pwd This command executes a pwd command on ROSES as sent through VIOLET rsh violet user system password plastic _ rsh roses user root password TCPware pwd The TCPware password is triple quoted to preserve case through the transaction The system strips off the first pair of quotes and executes rsh roses user root pass TCPware VIOLET strips off the second set of quotes and executes rsh roses user root pass TCPware ROSES strips off the third and executes pwd In each case the password string is interpreted literally This command uses Kerberos version 4 authentication to open a connection to remote host IRIS The Kerberos Server resides in the daisy com realm Also displays the name of your current working directory rsh auth kerbv4 realm daisy com iris pwd This command uses Kerberos version 4 authentication to open a connection to remote host IRIS and displays the name of your current working directory Because REALM is omitted the TCPWARE KERBV4 REALM logical value determines the Kerberos realm rsh auth iris pwd Chapter 10 Sending and Receiving Electronic Mail This chapter describes how to use OpenVMS MAIL and ALL IN 1 Mail with TCPware and covers the following major topics Using OpenVMS mail across the network Using mail under ALL IN 1 across the network Using
224. e overhead user ID UID User identification on the UNIX Network File System NFS host User Identification Code UIC User identification on the OpenVMS host in the format username or group member VAX byte order VAX standard for storage and transmission of integers that specifies that the least significant byte appears first VAX byte order is little endian VAX byte order sending machines must translate from the local integer representation to network byte order and receiving machines must translate from network byte order to the local machine representation virtual circuit Facility in a packet switched communication network in which packets passing between a pair of terminals stay in sequence Since this is a property of a circuit a virtual circuit connects the two terminals It can be a permanent virtual circuit or a virtual call virtual directory Temporary directory created by the NFS client that is closer to the root in the file structure than the mount point The virtual directory disappears once you dismount a filesystem virtual network Network in which all connected hosts are able to communicate to each other as if they were all on the same local network Users view an internet as a virtual network Glossary 15 Glossary of Terms Continued Virtual Terminal Protocol See TELNET VMSINSTAL OpenVMS installation procedure used to install TCPware products
225. e session which you want to resume The session number refers to a particular connection as displayed by the SHOW STATUS command You can switch between local TELNET command mode and the remote host as often as you like See the RESUME SET ESCAPE and SHOW STATUS commands in the Command Reference Example 12 4 Issuing TELNET Commands and Resuming a Session BART Ctrl N TELNET gt SHOW STATUS Client TELNET V5 9 1 Copyright c 2007 Process Software Connected sessions 1 BART nene com telnet 192 168 1 92 23 2 HOMER nene com telnet 192 168 1 90 23 3 MARGE nene com telnet 192 168 1 91 23 gt 4 LISA nene com telnet 192 168 1 89 23 is the escape attention character TELNET gt SET ESCAPE escape attention character is A TELNET RESUME BART BART Ctrl N TELNET RESUME 2 STCPWARE TELNET I RESUME resuming session 2 HOMER illiad com HOMER Running Applications over TELNET You can run applications over a TELNET connection by creating an NTA terminal on the local client You can only create such devices from TELNET with no other escaped connection This section describes how to create non permanent NTA devices To create permanent NTA devices see the next section Normally Client TELNET connects to NTA device at the TCPware server end of the 12 7 PART II User Functions connection It does not usually create a local NTA device However you can create a
226. e text Prefix a filename with the e sign and enclose the definition or filename in quotation marks You need SYSNAM or SYSPRV privileges to define the system wide logical DEFINE SYSTEM EXECUTIVE TCPWARE QUOTE Quote of the day DEFINE SYSTEM EXECUTIVE TCPWARE QUOTE SYSSMANAGER QUOTE TXT DEFINE SYSTEM EXECUTIVE TCPWARE QUOTE Today s quote is GSYSSMANAGER QUOTE TXT TCPWARE RCMD FLAGS Set this logical to 1 default 0 to disable user specified SYSSLOGIN RHOSTS files and use the HOSTS EQUIV file only TCPWARE RCMD OUTPUT Sets up a log file for incoming R Services such as RCP and RSH to log messages in the RCMD LOG file DEFINE SYSTEM EXECUTIVE TCPWARE RCMD OUTPUT RCMD LOG TCPWARE RES OPTIONS ndots ndots Sets up to six domains in a search list as well as the minimum number of dots to recognize in a host name to make it fully qualified The client reads this information from two logicals you set through CNFNET TCPWARE RES RETRANS MIN Specifies minimum retransmit time value in seconds B 20 TCPware Logicals Table TCPware Logicals Continued TCPWARE RES RETRIES Specifies retry count TCPWARE SCP VMS MODE BY DEFAULT True Yes 1 When this logical is defined to True Yes or 1 the SCP command defaults to VMS if neither NOVMS TRANSLATE VMS are specified TCPWARE SCP2 CONNECT TIMEOUT This logical defines a number specifying how long S
227. e the like command to Guide Management execute a single Chapter 9 RSH Guide command on a Issuing Chapter 16 remote host Commands on Managing R without logging the Remote Commands in Host 2 5 PART I Introduction 2 6 Table 2 4 TCPware Components for Logging in to Remote Hosts Continued This AS a system As a system component Allows you to programmer AS a user manager TELNET Initiate virtual see the see the User 5 see the OpenVMS terminal Programmer 5 Guide Management connections to Guide Chapter 12 Guide remote hosts Chapter 9 TELNET Chapter 18 using the TELNET Connecting to Managing TELNET Library Remote TELNET protocol You Terminals OpenVMS can open Server multiple remote sessions TCPware also provides a server function so that remote users can make virtual terminal connections to the OpenVMS host Login authentication security 15 available through Token Authentication Functional Overview Transferring Mail and Exchanging Messages You can send and receive mail over the network using the TCPware for OpenVMS components in Table 2 5 Table 2 5 TCPware Components for Sending Network Mail This As a system component Allows you to To use it AS user manager SMTP On a TCP IP The remote see the Users see the OpenVMS network send system must Guide Management and receive mail support SMTP Chap
228. e token authentication server ACE Server with the necessary login information You can set up token authentication through TCPware s Access Control Encryption Client ACE Client on the OpenVMS host which communicates with Security Dynamics ACE Server on a UNIX or Windows NT host Glossary 14 Glossary Glossary of Terms Continued tokencode Random number currently displayed on your Security Dynamics SecurID smart card Used with the token authentication system transaction service Method of data transport provided by UDP that treats each datagram as a separate entity Transmission Control Host layer protocol that provides a reliable data transport service to Protocol TCP the application layer protocols TCP is stream oriented It ensures that the system delivers data in order and without duplication transparency Level at which a user need not be aware of the process involved but only in the results of an operation trap Unsolicited message the SNMP agent sends to a management station to inform it that a change in the network occurred See also Simple Network Management Protocol SNMP UNIX or ULTRIX Set of files organized as a tree with a single root node root filesystem indicated as a slash User Datagram Protocol UDP Host layer protocol that provides transaction oriented data transport UDP does not provide data reliability but does provide data transport with very littl
229. ebugging information can interfere with the normal display of the progress line Equivalent to DEBUG 2 Secure File Transfer VERSION Displays the version of the base SCP2 code VMS Transfers VMS file information similar to that transferred in OVMS mode in FTP such that VMS file structure can be preserved All of the information transferred in FTP OVMS mode is transferred along with the file creation date and protection Timestamps are not adjusted for timezone differences in VMS transfers If the file is a contiguous file and it is not possible to create the file contiguously and the logical TCPWARE SFTP FALLBACK TO CBT has the value of TRUE YES or 1 SFTP SERVER2 attempts to create the file Contiguous Best Try VMS mode is only available with SCP2 provided in MultiNet v4 4 or higher TCPware 5 6 and SSH for OpenVMS The logical name TCPWARE SCP2 VMS MODE BY DEFAULT can be defined to TRUE YES or 1 to specify that VMS should be the default unless NOVMS or TRANSLATE VMS are specified VMS and TRANSLATE VMS can not be used on the same command line If VMS is not specified but the logical is set to enable it by default a TRANSLATE VMS on the command line will take precedence Note that even though SCP2 amp SFTP SERVER2 pass the request for VMS file transfers or to translate a VMS file in a manner that is consistent with the protocol specification other implementations may not handle this information well Since there i
230. edistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 advertising materials mentioning features or use of this software must display the following acknowledgement This product includes software developed by the University of California Berkeley and its contributors 4 Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE Portions Copyright O 1993 by Hewlett Packard Corporation Permission to use copy modify and distribute this software for any
231. ee the AS a user see the This component Allows you to Management Guide User s Guide Secure Shell SSH Configure and Chapter 25 Chapter 16 maintain the Configuring the Accessing Remote TCPware Secure Secure Shell SSH Systems with the Shell SSH server Server Secure Shell SSH This is the server side Utilities Tunneling External Applications over IP You can tunnel DECnet applications over IP networks if you are using DECnet Phase IV see Table 2 12 A connection established between two systems running different protocols is known as a tunnel Table 2 12 TCPware Features for Tunneling Applications over IP This component Allows you to As a system manager see the Management Guide Tunneling DECnet over IP for DECnet Phase IV Connect two DECnet networks over an IP link Use with DECnet Phase IV only There is no need to use this feature with DECnet OSI DECnet Phase V Chapter 28 Tunneling DECnet over IP 2 15 PART I Introduction Programming Network Interfaces If you are a network programmer you can perform programming functions using the programming interfaces discussed in the Programmer s Guide see Table 2 13 Table 2 13 TCPware Network Programming Interfaces This component Allows you to As a system programmer see the Programmer s Guide FTP Library Use a programming interface to the FTP protocol Use the FTP Ope
232. efault value is 1 Note Doing so means you are not adhering to the TELNET protocol B 28 TCPware Logicals Table B 1 TCPware Logicals Continued TCPWARE TELNETD INTRO MSG Defines a special message that appears whenever a user attempts access to the host through TELNET Use this logical to issue warnings such as Authorized Use Only for remote logins If the TCPware ACE Client is enabled and the user is designated for Token Authentication the user is also prompted for the PASSCODE in addition to the username and password Kerberos password protection is also available for the TELNET service TCPWARE TIMED EXCLUDE Determines the networks excluded from clock synchronization either in network addresses or names TCPWARE TIMED INCLUDE Determines the networks included in clock synchronization either in network addresses or names TCPWARE TIMED MODE Determines if the current host is a MASTER FIXED MASTER or SLAVE MASTER primary broadcasts time synchronization requests calculates the time differences and averages and sends adjust time messages FIXED MASTER fixed primary provides absolute time stamps to newly started dependent TIMED hosts SLAVE dependent is the recipient of primary adjust time messages TCPWARE TIMEZONE This logical can have two equivalence strings e hhmmss hh are the hours mm are the minutes ss are the seconds offset from the universal
233. either you create your PIN or your system manager creates your PIN Duress PIN Special PIN to use if you are being compromised during the login process PASSCODE Combination of your PIN and the tokencode If you have a key fob or a standard card you enter the full PASSCODE your PIN immediately followed by the current tokencode without a separating space at the login password prompt If you have a PINPAD card you enter the PIN into your card and then enter the PASSCODE given on the card at the login password prompt Tokencode Random number currently displayed on your Security Dynamics SecurID smart card Identifying the SecurlD Token Type 14 2 SecurID tokens are small hand held devices containing microprocessors that calculate and display unpredictable codes The codes change at a specified interval typically every 60 seconds As an authorized user on a protected system you are assigned a SecurID token to use when accessing a protected resource The code displayed on the token at the moment you attempt access is one part of the user s SecurID PASSCODE which is required for positive authentication and system access The other part is your valid memorized PIN There are currently three hardware types of SecurID tokens Standard SecurID Card a rectangular card with the tokencode displayed at the upper right hand corner of the card SecurID Key Fob an oblong key fob with a key holder with the tokencod
234. en Equivalent to the GET or COPY REMOTE command with SYSSOUTPUT as the local file specification If a VMS Plus mode transfer is requested DISPLAY temporarily cancels VMS Plus mode transfers the file s and resets VMS Plus mode again Note that displaying a non ASCII file might produce unrecognizable output as would be the case with the DCL TYPE command Format DISPLAY remote file remote file Equivalents COPY remote file remote file REMOTE MULTIPLE SYSSOUTPUT M GET remote file remote file SYSSOUTPUT Parameters remote file Input filespec on the remote host Enclose in quotes if you want to preserve case and did not use the SET NOLOWERCASE command or the filespec contains delimiters or symbols the FTP server can interpret in special ways Use a comma between multiple filespecs The remote filespec must conform to the filenaming conventions of the remote host Examples The following shows formats of acceptable equivalent commands that implement the DISPLAY function FTP gt DISPLAY TEXT TXT FTP gt GET TEXT TXT SYSSOUTPUT gt MGET TEXT TXT TEXT2 TXT SYSSOUTPUT gt COPY TEXT TXT REMOTE SYSSOUTPUT FTP gt COPY TEXT REMOTE MULTIPLE SYSSOUTPUT FTP gt COPY NODE USER PASSWORD TEXT TXT SYSSOUTPUT 3 45 PART II User Functions ENABLE DISABLE VMS PLUS ENABLE DISABLE VMS PLUS Turns VMS Plus Mode on or off This lets you specify a transfer mode based on file type f
235. en The operation 1s canceled and your card or key fob is still in New PIN mode If no one else can see your screen press Return to receive your new PIN Your PIN is displayed for 10 seconds or until you press Return 6 Memorize your new PIN Do not write it down 7 You are now ready to log in Wait for the next tokencode then follow the instructions in the Login Steps section Creating Your Own PIN The following steps allow you to create your own PIN 1 If you are going to create your own PIN first give some thought to what it will be Do not pick an obvious number like a birthday or phone number See your checklist You may be allowed letters or digits or just digits and the length may be fixed somewhere between four and eight characters or you may be allowed any number of characters in that range For PINPAD only PINs cannot begin with a zero 14 6 Token Authentication Protecting Logins 2 For PINPAD only Clear PIN entries from your card Press any number on the card then press the P on the lower right of the card The display clears and a new tokencode shows after the last of the countdown indicators disappears from the left of the LCD Note For FTP logins you must first log in on a terminal session such as TELNET or SET HOST to receive your PIN before you can initiate an FTP session 3 Initiate a terminal login session After you respond to the usual prompt for your login name the system asks you to enter a PASSCO
236. entered but not displayed on the screen The PASSCODE 15 a combination of the PIN and the tokencode when used with a Standard Card or Key Fob 14 3 PART II User Functions Example 14 2 TELNET Login Sequence Using Token Authentication TELNET BART STCPWARE TELNET I TRYING trying BART nene com telnet 192 168 142 1 23 TCPWARE TELNET I ESCCHR escape attention character is W Welcome to OpenVMS Alpha TM Operating System Version V6 2 Username MARGE Password MYPASSWORD Enter PASSCODE 192837465 PASSCODE Accepted Bart Logging In with a SecurlD Token You may have been assigned one of the following SecurID tokens Standard SecurID Card a rectangular card with the tokencode displayed at the upper right hand corner of the card SecurID Key Fob an oblong key fob with a key holder with the tokencode displayed on the center of the fob SecurID PINPAD card a rectangular card with the tokencode displayed at the upper right hand corner and a digit keypad at the bottom from which to enter the PIN To access the protected system you must enter a valid SecurID PASSCODE which is made up of two factors Your secret memorized personal identification number PIN The tokencode currently displaying on your token With a conventional security system it is easy for someone to learn your password and log in under your identity Requiring two factors ensures reliable identification
237. ents available for reference Installation amp Configuration Guide Management Guide Network Control Utility NETCU Command Reference Programmer s Guide Requests for Comments RFCs Requests for Comments RFCs documents contain the specifications for all internet protocols Unless specifically noted otherwise on the RFC itself all RFCs are for unlimited distribution You can obtain RFCs by going to the http www rfcs org web site Table A 1 lists the RFCs containing the protocol specifications implemented by TCPware for A 1 PART III Appendixes A 2 OpenVMS Table A 1 Subset of RFCs Implemented by TCPware for OpenVMS Title RFC User Datagram Protocol STD 6 768 Internet Protocol DARPA Internet Program Protocol Specification 791 Internet Control Message Protocol see also RFC 950 792 Transmission Control Protocol 793 Simple Mail Transfer Protocol STD 10 821 Standard for the Format of Text Messages STD 11 822 An Ethernet Address Resolution Protocol 826 TELNET Protocol Specification STD 8 854 TELNET Option Specification STD 8 855 TELNET Binary Transmission STD 27 856 TELNET Echo Option STD 28 857 TELNET Suppress Go Ahead Option STD 29 858 Echo Protocol STD 20 862 Discard Protocol STD 21 863 Character Generator Protocol STD 22 864 Quote of the Day Protocol 865 Daytime Protocol STD 25 867 Time Protocol STD 26 868
238. er the terms of the GNU General Public License as published by the Free Software Foundation either version 1 or at your option any later version This program is distributed in the hope that it will be useful but WITHOUT ANY WARRANTY without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE See the GNU General Public License for more details You should have received a copy of the GNU General Public License along with this program if not write to the Free Software Foundation Inc 675 Mass Ave Cambridge MA 02139 USA IF ACP C Copyright 1985 and IF DDA C Copyright 1986 by Advanced Computer Communications IF PPP C Copyright O 1993 by Drew D Perkins ASCII ADDR C Copyright 1994 Bell Communications Research Inc Bellcore DEBUGC Copyright O 1998 by Lou Bergandi All Rights Reserved NTP FILEGEN C Copyright O 1992 by Rainer Pruy Friedrich Alexander Universitaet Erlangen Nuernberg RANNY C Copyright O 1988 by Rayan S Zachariassen All Rights Reserved MD5 C Copyright 1990 by RSA Data Security Inc All Rights Reserved Portions Copyright 1981 1982 1983 1984 1985 1986 1987 1988 1989 by SRI International Portions Copyright O 1984 1989 by Free Software Foundation Portions Copyright O 1993 1994 1995 1996 1997 1998 by the University of Washington Permission to use copy modify and distribute this software and its documentation for any purpose and without fee is hereby granted provide
239. erai eoi RO RD Ree ue teo m ide 17 11 Bile Specitications eU etit eee mee E a ee ee ROE 17 11 SFTP2 Command Syntax and Qualifiers 17 11 Usage tie Detention e oe CE EROR DAE 17 11 xvi Contents Qualiflets eser E RT ERE REEF NE REST 17 11 Configuration File Parameters sees eren eene nnne nennen 17 20 ETP OVer S SEL tree the HR EE te oS e Et S Rr E AERE 17 20 References Introduction x itor to tege ese a pede E UR Pe Recap he Peas 1 TCPware for OpenVMS Documentation eese 1 Requests for Comments RECS 1 Internet TCP IP Protocol Suite and Related Subjects A 5 Hewlett Packard Documentation sessi ener 7 TCPware Logicals Glossary Introductions o E t ner Md G 1 xvii Contents xviii Preface Introducing This Guide This guide describes the TCPware products components and features and the user environment and functions It is an introduction for all users as well as a procedural guide for end users What You Need to Know Beforehand Before using TCPware you should be familiar with Computer networks in general HP s OpenVMS operating system and file system How This Guide Is Organized This guide has the following contents Part I ntroduction Introduces and provides a functiona
240. erring Files CLOSE Closes the connection to the remote FTP server if one is open and keeps you in FTP OPEN and CONNECT also close an existing connection before opening another one Graphical User Interface Equivalent TCPware FTP OpenVMS File Transfers Connection Close Or Open Format CLOSE Synonym DISCONNECT Example The following closes the current connection FTP gt CLOSE PART II User Functions COPY COPY Copies files to or from a remote host You specify whether the source or destination file is local or remote using the LOCAL or REMOTE qualifier COPY supports full wildcard filespecs except wildcard symbols enclosed in a quoted string Use the MULTIPLE qualifier for a wildcard remote source filespec REMOTE also supports use of asterisk wildcards after a semicolon in remote file specifications This creates the same version in the destination file as in the source file instead of creating a new version If the server is not OpenVMS the version number is part of the filename TCPware does not issue a warning if the server host already has a higher numbered version Graphical User Interface Equivalent For TCPware FTP OpenVMS File Transfers Select file s in Local Files for local to remote copy or select file s in Remote Files for remote to local copy Copy gt for a local to remote copy or lt Copy for a remote to local copy Give file new name if desired in New Local Name or
241. ers Prompted if omitted and required Not echoed Example The following sets the username on the remote host to SMITH and specifies a password and an account FTP gt USER SMITH PASSWORD SMITH 3 87 PART II User Functions USER 3 88 Chapter 4 Kerberos User Commands Introduction This chapter describes the user functions needed to get a ticket granting ticket for Kerberos applications and maintaining the ticket file Ticket File Location Logical The default ticket file for the user is SYSSLOGIN KERBVA TICKET If you define the TCPWARE KERBVA4 TKFILE logical you can have the ticket file located somewhere else Here is an example of how you can define this logical to locate the ticket file in a specific directory DEFINE PROCESS TCPWARE KERBV4 TKFILE SYS DISK MYDIR TICKET TXT Kerberos User Commands The user interface with Kerberos comprises the following commands GET TGT Gets the ticket granting ticket TGT to authenticate yourself to Kerberos REMOVE TICKETS Removes the TGT and any service tickets you might have SET KERBEROS PASSWORD username Changes your Kerberos password SHOW TICKETS Lists all tickets TGT and service tickets in the ticket file You can access these commands using the Network Control Utility NETCU by entering either 4 1 PART II User Functions 5 NETCU NETCU gt command 5 NETCU command Uppercase command parameters are c
242. es Establish states using the SET STATE qualifier see below If you specify several state names you can define a key to have the same function in all the specified states LOCK STATE NOLOCK STATE default LOCK STATE specifies that the state set by the SET STATE qualifier remains in effect until explicitly changed NOLOCK STATE is the default where the state set by SET STATE is in effect only for the next definable key that you press or for the next read terminating character that you type You can only specify STATE with SET STATE 12 25 PART II User Functions DEFINE KEY SET_STATE state name NOSET_STATE default SET_STATE specifies the state name an alphanumeric string to set when pressing the key State name is an alphanumeric string The default is NOSET_STATE where the current locked state if any remains in effect TERMINATE NOTERMINATE default Specifies whether to terminate execute the current equivalence string when you press the key NOTERMINATE the default lets you create key definitions that insert text into command lines at prompts or into other text you type 12 26 EXIT TELNET Connecting to Remote Terminals EXIT Exits the Client TELNET utility and returns to the DCL level If there is an open connection or log file Client TELNET closes it before exiting Once you exit all connections to remote hosts are disconnected Format EXIT Synonyms QUIT BYE
243. es To define the logical use one of the following formats DEFINE PROCESS TCPWARE TELNET IP 25 5 DEFINE PROCESS TCPWARE TELNET IP Both commands set the IP character to Ctr1 ASCII 25 They are equivalent Qualifiers FLUSH default NOFLUSH With FLUSH Client TELNET discards all characters currently in the server s output stream when sending the IP control function It uses the TELNET timing mark option the server does not have to support this option for this feature to work With NOFLUSH Client TELNET sends only the IP control function If you omit both the previous setting remains The initial default is FLUSH If a Server fails to respond properly to the timing mark option Client TELNET can continue to discard all output from the server If so use FLUSH to resume normal operation SYNCH NOSYNCH default Sends the IP command followed by the SYNCH signal 12 55 PART II User Functions SET NO IP Examples 1 Each of these equivalent commands sets the IP character to Ctr1 v ASCII 25 TELNET gt SET IP y TELNET gt SET IP 25 2 This example removes the previous character definition if any for the IP control function TELNET gt SET NOIP 12 56 SET NOJLOCAL FLOW CONTROL TELNET Connecting to Remote Terminals SET NOJLOCAL FLOW CONTROL Controls the handling of the XON XOFF characters Ctr1 s and Ctr1 Q when connected to a remote system Ctr1 s stops transmission an
244. es DCL command mode displays the local time logs out and returns to Client FT FTP gt SPAWN SHOW TIME 3 NOV 2001 14 02 51 LOGOUT Process SMITH 1 logged out at 3 NOV 2001 14 02 54 34 gt 3 82 STRUCTURE Transferring Files STRUCTURE Changes the default file structure Client FTP uses FILE structured files as the default Use the NO RECORD qualifier for the COPY GET or PUT commands to override this default for individual transactions Format STRUCTURE keyword Parameter keyword Table 3 9 lists valid values for keyword Table3 9 STRUCTURE Command Keyword Values Value Purpose FILE Sets FILE as the default file structure FILE structured files consists of sequential bytes Equivalent to SET DEFAULT NORECORD This is the default RECORD Sets RECORD as the default file structure RECORD structured files consists of a collection of records Equivalent to SET DEFAULT RECORD VMS Sets VMS as the default file structure VMS file structure allows you to transfer all types of RMS files between OpenVMS systems using File Descriptor Language FDL information May OpenVMS systems that implement FTP support this structure Equivalent to SET DEFAULT VMS Note Some FTP servers do not support the RECORD or VMS structures Example The following changes the default file structure to FILE FTP gt STRUCTURE FILE PART II User Functions TYPE Changes the default
245. especs The filespec format is node username password path node hostname or DECnet node name with OpenVMS Alpha V6 1 and later and all OpenVMS 164 systems the host name can be a domain name or IP address username valid account on the host password password PASSCODE if using Token Authentication for the account path location and name of the file You can omit the node username password part of the specification unless it is for a DECnet file If omitted Client FTP uses the current default directory You can use the node path syntax omitting the username and password if you want access to anonymous FTP resources in which case the ANONY MOUS qualifier is implied PART II User Functions PUT wildcarded local files Input filespec on the local host in wildcard format Wildcards include the percent symbol 96 or the question mark symbol to indicate individual characters and the asterisk symbol to indicate remote filename Output filespec on the remote host Enclose the filespec in quotes if you want to preserve case and did not use the SET NOLOWERCASE command If the remote filename is omitted Client FTP uses the ocal file filename and extension unless they are part of a quoted string Also enclose the filespec in quotes if it contains delimiters or symbols the FTP server can interpret in special ways For example the following remote filespec 1s enclosed in quotes becau
246. eue setting overrides the global setting for that queue TCPWARE LPD QUEUE Defines the print queues for an alias queue name qname Supports clients that may not allow standard OpenVMS queue names as the remote printer such as IBM s AIX which restricts remote printer names to seven characters TCPWARE LPD SPOOL Points to the work directory for the LPD server This directory holds temporary files TCPWARE LPR PRINTER Defines the default remote printer for the LPR LPRM and LPQ commands Define your own TCPWARE LPR PRINTER logical in a LOGIN COM file TCPWARE LPR qname PRINTER TCPWARE LPR qname PRINTER DEFAULT Defines the absolute printer for the PRINT command You cannot override this logical when submitting a print job Use to restrict printing to one printer per queue B 14 TCPware Logicals Table TCPware Logicals Continued TCPWARE LPR QUEUES Lists the names of all TCPware print symbiont queues Defined only if you defined one or more print queues TCPWARE LPR SPOOL Points to the work directory for the PRINT command This directory holds temporary files TCPWARE LPRSM The TCPWARE LPRSMB print symbiont provides similar retry interval and timeout tuning logicals as those for TCPWARE VMSLPRSMB The TCPWARE LPRSMB logicals are TCPWARE LPRSMB RETRY INTERVAL TCPWARE LPRSMB qname RETRY INTERVAL TCPWARE LPRSMB TIMEOUT TCPWARE LPRSMB qname TIMEOUT T
247. eues configured with the LPD formatting option support the PARAMETERS qualifier LPS also supports the LIBRARY and other qualifiers associated with the OpenVMS INITIALIZE QUEUE command You can specify these qualifiers during CNFNET configuration Figure 5 2 shows the effects of using the FORM and PARAMETERS qualifiers on an LPS OpenVMS queue configured for vs formatting option set up during configuration use the FORM qualifier LPD formatting option set up during configuration use the PARAMETER qualifier If you intend to use the FORM or PARAMETER qualifier The format of the PRINT command with the FORM option is PRINT QUEUE qname filename FORM form qname is the OpenVMS queue name and form is the form name or number Use the SHOW QUEUE FORM command to display the list of the available forms for use with LPS The format of the PRINT command with the PARAMETERS option is PRINT QUEUE qname filename PARAMETERS parameters qname is the OpenVMS queue name and parameters is any of a number of supported parameters and their values separated by commas such as PARAMETERS SIDES 2 NUMBER UP 2 which indicates double sided printing with two print frames the number up per page Ask your system manager for a list of LPS OpenVMS print queues that support these qualifiers Ask your system manager for a list of available forms for LPS Network Printing Figure 5 2 FORM and PARAMETERS Qualifiers wit
248. evious example with these additions The user who issued the command receives a mail message when the job completes The file contains UNIX troff commands 5 This command is identical to the previous example except that parameter 1 1s omitted PRINT QUEUE LPRS PRINT PARAMETERS m t MEMO TXT The result 1s that the file MEMO TXT goes to the printer defined by the TCPWARE LPR LPR PRINT PRINTER DEFAULT logical PRINT Command Options Print command options are specified using the OpenVMS standard PARAMETERS qualifier The list of options 1s enclosed in parenthesis For example PRINT QUEUE IPP PRINTER 1 PARAMETER COPIES 3 ORIENTATION LANDSCAPE FILE TXT These options are not case sensitive The underscores in the option names are optional Each may be abbreviated as long as the result is not ambiguous The available print command options are PRINTER 7printer uri Specifies the target printer when the queue default is not desired or when there is no queue default The printer URI specified must match at least one of the defined printer uri s for the print queue Wildcards cannot be used in the printer URI COPIES number Specifies the number of copies of each document to print The default value is 1 SIDES keyword Specifies how the printing is to be placed on the paper The keyword must be one of the following e ONE SIDED or Isided prints each consecutive page upon one side of consecutive media sheets
249. extended terminals this support does not add the simultaneous multiple character set functionality the extended terminals provide The TELNET command line and OPEN command include two qualifiers to support TN3270 Internationalization HOST CHARACTER SET host character set name TERMINAL CHARACTER SET rerminal character set name HOST CHARACTER SET lets you specify the national EBCDIC character set Table 12 3 contains the supported character sets and their corresponding IBM code page numbers TERMINAL CHARACTER SET lets you specify the character set used on the terminal OpenVMS system side Table 12 4 includes the supported Multinational and National Replacement character set values You can also use logicals to specify the host terminal character set selection The system manager may choose to set up a system logical to specify the default character set for his site The logicals are TCPWARE TN3270 HOST CHARSET Host character set TCPWARE TN3270 TERMINAL CHARSET Terminal character set You can specify the same values as you do with the corresponding qualifiers For example DEFINE SYSTEM EXEC TCPWARE TN3270 HOST CHARSET CANADIAN DEFINE SYSTEM EXEC TCPWARE TN3270 TERMINAL CHARSET LATIN1 The TELNET SHOW STATUS command displays the currently selected character set for TN3270 For example TELNET gt SHOW STATUS Client TELNET V5 9 1 Copyright c 2007 Process Software Connected session 1 LOCIS LOC GOV
250. eyboard but want to use the graphics keypad characters as they are on OpenVMS keys When you modify the MAP3270 DAT file to map the graphics keypad use the key naming conventions shown in Table 12 5 Then make the keypad map to the graphics on the keys as follows 1 Modify TCPWARE MAP3270 DAT or a variant of it to include the entry as shown in Example 12 8 2 Search through the file and delete any other occurrences of these escape sequences 3 The enter key EOM maps to the HOME function by default Change it to ENTER if desired Table 12 5 Graphics Keypad Naming Conventions Use To represent OpenVMS Keypad Key NUMO through NUM9 graphics 0 through 9 PERIOD period COMMA comma HYPHEN hyphen Example 12 8 Sample Keypad Graphics Characters Definitions in the MAP3270 DAT File Use keys on numeric keypad as themselves numbers hyphen EOm comma 1 period EOn EOp numl EOq num2 EOr num3 EOs num4 EOt num5 EOu num6 EOv num7 NEOw num8 EOx num9 EOy TN3270 Screen Printing and Dumping You can print or dump to a file a TN3270 session screen by using additional qualifiers with the TELNET TN3270 or OPEN TN3270 command You can specify a screen print or dump either during or after opening a connection to a host To print a screen in TN3270 mode or dump a screen into a specified file see Example 12
251. f it exists B 6 TCPware Logicals Table TCPware Logicals Continued TCPWARE FTP DISALLOW UNIX STYLE Controls whether UNIX style filename parsing is done If not defined it defaults to TRUE UNIX style life specifications are not allowed Defining to FALSE allows file specifications with the character in them to be treated as UNIX file specification DEFINE SYSTEM NOLOG EXECUTIVE TCPWARE FTP DISALLOW UNIX STYLE TCPWARE FTP DONT REPORT FILESIZE If this logical is defined the reporting of the estimate of the number of bytes to be transferred in the 150 response line is suppressed Some FTP clients expect this number to be exact The FTP server is unable to determine an exact count without processing the entire file so an estimate of the number of bytes used to store the file is returned The inaccuracy comes from the differences in the way OpenVMS records and line breaks are handled The in the logical represents where defined values go DEFINE SYSTEM EXEC TCPWARE FTP DONT REPORT FILESIZE TCPWARE FTP EXTENSION QUANTITY Defines the default allocation extension quantity for new files and appends The in the logical represents where defined values go Defined values must be numeric DEFINE SYSTEM NOLOG EXECUTIVE TCPWARE FTP EXTENSION QUANTITY TCPWARE FTP GETHOST MAX TIME When a new connection arrives at the FTP server it attempts to resolve the name of the host that
252. face between a terminal emulation program and the TES Client software ARPANET First entity to implement TCP IP ARPANET is the DARPA internet that served as the backbone for TCP IP research TCP IP was so successful in the ARPANET that DARPA designated TCP IP as a networking standard Asynchronous Transfer Mode ATM See Classical IP over ATM attributes data file ADF Special file in the NFS Client that maintains the attributes for an OpenVMS data file These files appear on the server as SADFS filename although the client system cannot see them Glossary 1 PART II User Functions Glossary of Terms Continued authenticator The Kerberos protocol uses authenticators to prevent eavesdroppers from stealing a ticket The client sends a new authenticator with each request for service from a server An authenticator consists of the client s name client s IP address and a timestamp showing the current time automounting Automatic and transparent mount in NFS that mounts a filesystem when accessing it Autonomous System AS Set of routers under a single technical administration using an internal protocol and common metrics to route packets within the AS and an external protocol to route packets to other ASs The NIC assigns AS numbers background mount Attempts to mount a filesystem on the NFS client made at least once at varying intervals and specified number of retries
253. fault is 30 seconds TCPWARE NFS DYNAMIC EXPORT Reloads updates to the shared database on the cluster automatically when you set this logical to CLUSTER DEFINE SYSTEM EXECUTIVE TCPWARE NFS DYNAMIC EXPORT CLUSTER The server uses locks to communicate changes to all the servers on the cluster The default is LOCAL not to use locks B 16 TCPware Logicals Table B 1 TCPware Logicals Continued TCPWARE NFS DYNAMIC PROXY Enables dynamic PROXY database reloading DEFINE SYSTEM EXECUTIVE TCPWARE NFS DYNAMIC PROXY keyword keyword The keywords are e CLIENT enables Client reloading SERVER enables Server reloading e NOCLIENT and NOSERVER when used with the ADD PROXY or REMOVE PROXY commands overrides the logical setting TCPWARE NFS FILE CACHE SIZE Determines the maximum number of files allowed to have attributes in cache at any one time The number must be larger than the SYSGEN parameter CHANNELCNT The value must also be larger than the number of combined TCP and UDP threads TCPWARE NFS LOG CLASS Enables the type of information written to the log file TCPWARE NFSSERVER LOG This parameter is a bit mask value in decimal TCPWARE NFS NOCHECKSUM Enables or disables checksum generation for UDP datagrams This parameter is a boolean value When the value is 0 false the server generates checksums for outgoing datagrams When the value is 1 true the server does not generate che
254. ferring OpenVMS files 3 12 FTP Transferring Files Using GET PUT and COPY Use the GET PUT or COPY commands to transfer files GET Gets a copy of a file from the remote host and places it in the current local directory PUT Puts a copy of a local file in the current directory the remote host COPY Gets or puts a copy of a file depending on use of the LOCAL or REMOTE qualifier after the source or destination parameter COPY requires the destination parameter Command line method Figure 3 9 shows the format and filename syntax of the GET PUT and COPY commands Follow the examples and observe the following conventions when you transfer files between remote and local hosts the sequence is not important Note If using GET or PUT omit destination if you want to use the source filename and extension if it exists unless source is a quoted string COPY requires the destination parameter If using COPY use a wildcard asterisk for destination when you want to use the source filename as the destination filename If copying to or from a non OpenVMS filespec enclose it in double quotes Separate multiple filespecs with commas If using wildcarded source filespecs with an asterisk use the MULTIPLE qualifier Alternatively use the MGET or MPUT command to copy wildcarded source files Note that this requires setting the remote default directory first Including an as
255. ffected For PKCS 10 DNS set certificate DNS names Email set certificate email addresses For PKCS 12 e KeyPBE set the PBE scheme for shroud ing keys default means pbeWithSHA And3 KeyTripleDES CBC e SafePBE set the PBE scheme for protect ing safes default means pbe WithSHA Aand40BitRC2 CBC OUTPUT_FILE prefix Use prefix as the prefix for all output filenames Private key filenames will be prefix SSH2 and PKCS 10 files will be prefix PKCS 10 PRIVATE KEY keyname Use keyname as the private key SUBJECT subject PKCS 10 only Use subject as the certificate subject VERSION Display the version of CERTTOOL 16 35 Accessing Remote Systems with the Secure Shell SSH Utilities Example CERTTOOL PK10 SUBJECT cn john doe cn lima cn beans PRIVATE KEY DKAO JOHENDOE SSH2 ID DSA 1024 A PKCS 10 creation successful Wrote certificate request to output pkcs10 CERTVIEW certview options certificate certificate certificate Description CERTVIEW can be used to view certificates and check their validity This tool can also be used to output the data in format that is suitable for insertion in the 55 2 DIR SSHD2 CONFIG configuration file Valid Options COMMENT Prepend information lines with comment mark DEBUG n Set debug level to n FORMAT OUTPUT Output data in a format suitable for insertion to user map HEL
256. ffecting the status of the current session TELNET gt CLOSE 2 STELNET S LCLCLOSED Local connection closed TELNET I SESSION Session 02 host marge nene com port 23 S TELNET I CURRSESSION current session is now 3 homer nene com 2 This example ends the current session on HOMER and defaults to the session on BART Because you are closing the current session Client TELNET resets the current session to the next connected session 12 22 CLOSE TELNET Connecting to Remote Terminals TELNET CLOSE STELNET S LCLCLOSED Local connection closed TELNET I SESSION Session 03 STELNET I CURRSESSION host homer nene com port 23 current session is now 1 bart nene com 12 23 PART II User Functions DEFINE KEY DEFINE KEY Associates an equivalence string and a set of attributes with a key on the terminal keyboard Format DEFINE KEY key name equivalence string Parameters key name Name of the key to define Table 12 7 lists key designations for three terminal types e On LK201 terminals the numeric keypad editing keypad except the and arrow keys or function key row except F1 through F5 On 52 terminals all definable keys are on the numeric keypad e On VT100 type terminals you can also define lt and keys On VT200 terminals the lt and F6 through F14 keys are for command line editing Issue the DCL command SET TERMINAL NOLINE EDITING to define these keys before you ru
257. file contains a host name in the fully qualified form returned by name servers and then a user name on that host separated by a space This file must be owned by the user and must not have write permissions for anyone else The recommended permission is read write for the user and not accessible by others SSH DIR SHOSTS Server Is used the same way as RHOSTS System SSH2 DIR SSH2 CONFIG Client This is a system wide client System configuration file This file provides defaults for those values that are not specified in a user s configuration file and for users who do not have a configuration file This file must be world readable TCPWARE HOSTS EQUIV Server Is used during rhosts authentication System It contains fully qualified hosts names one per line If the client host is found in this file login is permitted provided client and server user names are the same Additionally successful RSA host authentication 1s required This file should only be writable by SYSTEM TCPWARE SHOSTS EQUIV Server Is processed exactly as System TCPWARE HOSTS EQUIV This file may be useful to permit logins using SSH but not using rshell rlogin 16 26 Accessing Remote Systems with the Secure Shell SSH Utilities Table16 3 SSH2 Files Continued Resides File Name On Description TCPWARE SSH2 KNOWNHOSTS DIR Server Contains public host keys for all hosts System the system has log
258. file to the previously specified host tftp put us domain info txt 2 This command transfers the US DOMAIN INFO TXT file to the previously specified host as file REMOTESTUFF TXT tftp put us domain info txt remotestuff txt 13 7 PART II User Functions QUIT QUIT Exits the TFTP program You can also use Ctrl Z and EXIT to exit the program Format QUIT Synonyms EXIT Ctrl Z Examples Each of these equivalent commands exits from TFTP tftp quit tftp exit tftp Ctrl1 Z 13 8 REXMT Trivial File Transfers REXMT Sets the retransmit timer in seconds The initial value is 5 seconds The value you enter for REXMT is also used together with the specified maximum timeout set using the TIMEOUT command to determine the number of times to try and the actual maximum timeout reported in a status request STATUS If the default 5 seconds retransmit interval is used together with the default 25 seconds maximum timeout the number of times to try is 5 according to the formula Max timeout Rexmt interval x Tries The REXMT value you enter is always reported unchanged on the Rexmt interval line in a STATUS request However the maximum timeout may be recalculated before being reported as Max timeout See the TIMEOUT command for details on Max timeout recalculation Format REXMT time Parameter time The time value to set the retransmit timer If omitted the value is 5 seconds Example
259. file transfer format for all future file operations in this session The following rules apply to the TYPE command The default file transfer format remains set until you redefine it It does not change when opening or closing a connection The default format changes only 1f the remote host accepts the type change Ifthere is no default file format defined Client FTP tries to determine the file format based on the local file s file extension Use the COPY GET or PUT command qualifiers to override this default for individual transactions Format TYPE keyword Equivalents SET DEFAULT type qualifier ASCII TYPE ASCII BINARY TYPE IMAGE IMAGE TYPE IMAGE Parameter keyword Table 3 10 lists valid values for keyword See Table 3 2 for a full description of the file transfer types Table 3 10 Command Keyword Values Keyword Purpose ASCII Sets formatted ASCII format see Table 3 2 Equivalents SET DEFAULT ASCII ASCII BINARY Sets formatted binary format see Table 3 2 SET DEFAULT BINARY 15 equivalent 3 84 TYPE FTP Transferring Files Table 3 10 TYPE Command Keyword Values Continued Keyword Purpose IMAGE Sets image format see Table 3 2 Equivalents SET DEFAULT IMAGE BINARY IMAGE FORTRAN Sets ASCII format and specifies that the first character of each record is a FORTRAN carriage control character see Table 3 2 SET DEFAULT
260. for handling filenames with multiple dots spaces and other characters that VMS does not allow in filenames while retaining the OpenVMS directory syntax DEFINE TCPWARE FTP RECODE NONVMS FILE NAMES filename TCPWARE FTP ROOT Defines the system wide default directory access restrictions for client users For example you can restrict all users logged in via FTP to the COMMONSUSER directory and its subdirectories DEFINE SYSTEM EXECUTIVE TCPWARE FTP ROOT COMMONSUSER The default directory is not set to the value of this logical or to the value of TCPWARE FTP username ROOT TCPWARE FTP username ROOT The TCPWARE FTP username ROOT system level executive mode logical defines access restrictions for an FTP client logging in as username For example you can restrict user CLARK to the COMMONSUSER CLARK directory and its subdirectories as follows DEFINE SYSTEM EXEC TCPWARE FTP CLARK ROOT COMMONSUSER CLARK Because the FTP server restricts access by default to the directory setting in the TCPWARE FTP ROOT logical described earlier if it exists you may want to use the special wildcard setting with the TCPWARE FTP username ROOT logical to bypass the default for username For example to restrict the bulk of users to DISKSSYS LOGIN restrict users KATE and PAUL to ENG DISK but allow SYSTEM full access to locations covered by its account define the following logicals DEFINE SYSTEM EXEC TCPWARE FTP ROOT DISK
261. g the Client qualifiers that are also server qualifiers are sent to the server ASSIST default NOASSIST Action to take when the device cannot mount on the remote system With ASSIST operator messages appear on the remote system indicating corrective action to take if supported With NOASSIST only a local message appears Not allowed when used with CD Note The BACKUP command s ASSIST and NOASSIST qualifiers further direct messages to the local operator and user respectively 6 3 PART II User Functions RMTSETUP 6 4 BLOCKSIZE size Default block size of the remote tape device Not allowed when used with CD CD Indicates that the remote device is a CD ROM device COMMENT string Used with the ASSIST qualifier to send a message to the remote operator when a mount operation fails Not allowed when used with CD DENSITY density Density in bits per inch at which to write the remote tape Not allowed when used with CD LOG NOLOG default Displays log information during RMTSETUP execution MOUNT default NOMOUNT MOUNT allows the user exclusive access to the device NOMOUNT disables exclusive access to the device NOMOUNT also prevents a remote tape from rewinding when deallocating the pseudodevice on the client Not allowed when used with CD You cannot combine NOMOUNT with ASSIST BLOCKSIZE COMMENT or DENSITY Use NOMOUNT carefully since it allows multiple users access to the sa
262. g Files for details on FTP OpenVMS Invoking TFTP To invoke TFTP enter at the DCL prompt TFTP host port If you specify a host name TFTP uses that host for subsequent file transfers If you also specify a port number TFTP uses the specified host and port for subsequent file transfers Command Reference You interact with TFTP by typing commands at the TFTP gt prompt Client TFTP supports the following OpenVMS style commands CONNECT MODE REXMT TIMEOUT HELP GET PUT STATUS TRACE QUIT 13 1 PART II User Functions TFTP offers 20 line recall on the command level 13 2 CONNECT TFTP Trivial File Transfers CONNECT Sets the host and optionally the port number for subsequent file transfers Note that TFTP uses UDP and therefore does not maintain the connection between transfers Format CONNECT host port Synonym OPEN Parameters host Name of the remote host to which you want to connect The host must exist on the network port Service name or number of the remote port that you want to connect to The default port number is 69 for read and write requests You do not need to specify the port number unless you are connecting to a nonstandard server Example Each of these equivalent commands connects to host SIGMA for a file transfer tftp connect sigma tftp open sigma 13 3 PART II User Functions GET GET Gets a file from the previously specified remot
263. g access restrictions 2 13 IP Security Option IPSO 2 14 Kerberos authentication for RCP 2 13 RLOGIN 2 14 RSH 2 14 TELNET 2 14 Kerberos server 2 13 outgoing access restrictions 2 13 packet filtering 2 13 secure shell SSH 2 15 token authentication 2 14 sending network mail IMAP server 2 7 POP3 server 2 7 SMTP OpenVMS 2 7 TALK utility 2 8 Index 2 time synchronization Network Time Protocol 2 11 TIMED 2 11 transferring network files FTP OpenVMS 2 3 RCP 2 3 TFTP 2 3 tunneling applications over IP tunneling DECnet over IP 2 15 Compression 16 9 conventions 1 xxiii COPY 3 13 customer support obtaining 1 xx D destination printer 5 21 directory checking 3 9 FTP commands ENABLE 3 46 documentation set 1 Duress PIN 14 2 usinga 14 8 E EC 12 21 12 48 EL 12 21 12 49 electronic mail 1 xx encrypted data 16 21 enterprise wide networking 1 1 ESCAPE 12 21 12 50 ESCAPE CHARACTER char 16 7 external applications over IP tunneling 2 15 F file printing 2 4 transfer format checking 3 10 type qualifiers positional 3 32 files transferring 2 3 FLAG 5 18 flag page 5 16 FLUSH 12 21 12 52 FORWARD 12 21 12 53 forwarded ports tunnels 16 21 FTP command synonyms ASCII 3 21 BELL 3 21 Index BINARY 3 21 BYE 3 21 CD 3 21 CONNECT 3 21 DEBUG 3 21 DISCONNECT 3 21 H 3 21 HASH 3 21 IMAGE 3 21 LCD 3 21 LIST 3 21 LOGIN 3 21 LS 3 21 MDELETE 3 21 MGET 3 21 MKDIR 3 22 MPUT 3 22 PASSI
264. g commands 1 copy tcpware ssh2 hostkey dir hostkey pub _ myserv myname myuser ssh2 knownhosts myclient foo com ssh dss pub 1 Finally log into the server system and ensure the TCPWARE HOSTS EQUIV file is correct 1 SET HOST MYSERV Welcome to OpenVMS TM VAX Operating System Version V7 3 Username myname Password Welcome to OpenVMS VAX V7 3 Last interactive login on Monday 3 MAR 2003 17 07 Last non interactive login on Monday 3 MAR 2003 08 30 16 15 Accessing Remote Systems with the Secure Shell SSH Utilities MYSERV type tcpware hosts equiv HOSTS EQUIV names of hosts to have default r utility access to the local system This file should list the full domain style names This list augments the users SYSSLOGIN RHOSTS file for authentication Both the RHOSTS and the HOSTS EQUIV files are cached by tcpware see the section entitled RLOGIN and RSHELL Authentication Cache in the Administrator s Guide_ for more information on controlling the cache This file is ignored for the users SYSTEM and ROOT SYSTEM and ROOT must have a SYSSLOGIN RHOSTS file if you want to use RSHELL or RLOGIN with them localhost myclient foo com myname MYSERV MYSERV logout MYNAME logged out at 3 MAR 2003 13 46 58 91 SREM S END control returned to node MYCLIENT Publickey Authentication Example The following is an example of how to set up the SSH client and SSH
265. ge Window shows all the actions FTP OpenVMS takes from this point on Figure 3 3 and Figure 3 4 on the following pages show an example of the two parts to the TCPware FTP OpenVMS File Transfers window that appears when you open a connection from the TCPware FTP OpenVMS Connections window Figure3 1 Opening an FTP Connection Using the Command Line Method Eta FTP 1 gt Username SMITH Password FTP gt GET TEST TXT FTP gt CLOSE Figure3 2 Opening an FTP Connection Using the Graphical User Eta SET DISPLAY CREATE NODE MYNODE TRANSPORT TCPIP 4 Eta DECW FTP TCPware FTP OpenVMS Connections Remote Host Username Password Note For the graphical user interface FTP OpenVMS stores the connection information in the DECW FTP PROFILE DAT file in your login directory to set up the next connection See the note in the previous section first 3 5 PART II User Functions Figure 3 3 Local and Remote Part of the File Transfers Window amp TCPware FTP Graphical User Interface The graphical user interface method offers a number of options from the TCPware FTP OpenVMS File Transfers screen You can set various options by clicking Options on the menu bar on the TCPware OpenVMS File Transfers screen see Figure 3 3 These options are Settings see the top screen in Figure 3 4 V
266. ged into The files specifications have the format KEY port hostname PUB portis the port over which the connection was made hostname is the hostname of the key s host For example if tulip flowers com was accessed via port 22 the keyfile would be KEY 22 TULIP FLOWERS _ COM PUB If this file changes on the host for example the system manager regenerates the host key SSH will note this and ask if you want the new key saved This helps prevent man in the middle attacks SSHKEYGEN Generates authentication key pairs The format of the keys is incompatible between SSH1 and SSH2 Therefore the correct format keys must be generated for each version of the protocol to be supported There is no way to recover a lost passphrase If the passphrase is lost or forgotten you need to generate a new key and copy the corresponding public key to other systems Each key may be protected via a passphrase or it may be left empty Good passphrases are 10 30 characters long and are not simple sentences or otherwise easily guessable Note that the passphrase can be changed later but a lost passphrase cannot be recovered as a one way encryption algorithm is used to encrypt the passphrase Note The Host Key has no password 16 27 Accessing Remote Systems with the Secure Shell SSH Utilities SSHI NETCU SSHKEYGEN SSH1 NETCU SSHKEYGEN SSH1 NETCU SSHKEYGEN SSH1 NETCU SSHKEYGEN SSH1 NETCU SSHKEYGE
267. gt prompt TELNET gt SET PRINT FILE filename NO APPEND The default print setting is SET PRINT FILE SYSSLOGIN TN3270 TXT NOAPPEND The FILE qualifier is like the FILE parameter and the optional APPEND qualifier is like the APPEND keyword in step 3 5 Resume the current session When you are at the desired screen press the Escape character however it is defined together with the character P uppercase or lowercase In the example the Escape character is defined as F11 so that the print key sequence is F11 P Exit the session and check for the existence of the print queue or file Example 12 9 Printing and Dumping TN3270 Screens TELNET LOCIS LOC GOV TN3270 PRINT QUEUE ENG PRINTER ANSI LOCIS LIBRARY OF CONGRESS INFORMATION SYSTEM Choice F11 P quit SHOW QUEUE ENG PRINTER ANSI shows active printer queue TELNET LOCIS LOC GOV TN3270 LOCIS LIBRARY OF CONGRESS INFORMATION SYSTEM Choice Ctr1 C 12 18 TELNET Connecting to Remote Terminals TELNET gt SET PRINT QUEUE ENG PRINTER ASCII TELNET RESUME Choice F11 P quit TELNET gt QUIT SHOW QUEUE ENG PRINTER ANSI shows active printer queue TELNET LOCIS LOC GOV TN3270 PRINT FILE PRINTFILE TXT APPEND LOCIS LIBRARY OF CONGRESS INFORMATION SYSTEM Command F11 P quit TELNET QUIT DIR PRINTFILE TXT shows filename in directory screen is appended onto existing file TELNET gt OPEN LOCIS LOC GOV TN3270
268. h LPS OpenVMS Print Effects of the FORM Qualifier Command issued PRINT QUE ENGSPRINT MEMO TXT FORM FORMI Remote Host LPS 4 print queue Formatting option V MS Additional qualifier LIBRAR Y LNIGDEVCLT LPS Open 4uiS queue formats the file sets the printer control information and passes the filetothe remote printer for printing LPS suppresses all remote LPDD formatting Effects of the PARAMETERS Qualifier Command issued PRINT QUE ENG PRINT MEMO TA3T PARAMETERSz rr Local Host Remote Host Printer L P LPS 4 print queue Formatting option L PD Additional qualifier LIBRAR Y LNIGDEVCLT LPS Open 4uiS queue formats the file as is to the remote queue which sets the printer control information and pirts the fie c specified by the PARAMETERS qualifier the remote host sends a mail messagetothe useruho issuedthe PRINT command Effects of the FORM Qualifier Sent to Remote Hostfor Printing Command issued PRINT QUE ENG PRINT MEMO TXT FORM FORMI Local Hast Remote Host LPS Open 4MS print queue Formatting option LPD Additional qualifier LIB RAR Y LPS Because the Open 4uiS queue is configured for remote formatting it passes the file as is tothe remote queue which ignores the FORM qualifier sets the printer control information and pirts the fie PART II User Functions LPQ Displays the status of specific print requests or all requests in
269. h as routing line status volume of traffic and error conditions SNMP supports the MIB I and MIB II Management Information bases as well as SNMP Multiplexing SMUX and SNMP Agent eXtensibility AGENTX Network Control Utility NETCU is the utility program see the VETCU Command NETCU system managers and user useto Reference configure and control network activity Simple Network Obtain timely information about see the Management Guide Chapter 7 Managing SNMP Services see the Programmer s Guide Chapter 10 SNMP Extendible Agent API Routines 2 10 Functional Overview Synchronizing Time Clocks TCPware provides the network time synchronization components listed in Table 2 9 Table 2 9 TCPware Features for Time Synchronization This component On a TCP IP network allows you to As a system manager see the Management Guide Network Time Protocol synchronize your system clock with an Internet Time Server Chapter 10 Network Time Protocol NTP TIMED use the Time Synchronization Protocol TSP and the timed service to synchronize the clocks of LAN hosts Using Network Testing Tools TCPware provides various network testing tools and utilities and services with which you can obtain network information as listed in Table 2 10 Table 2 10 TCPware Network Testing Tools Chapter 11 TIMED This component Allows you to AS a user As
270. he FTP OpenVMS Server supports the SITE SPAWN and SITE SHOW TIME site specific commands The Client FTP can issue these commands at any time Site specific commands can vary depending on the remote FTP server some servers do not support any Issue the FTP OpenVMS site specific commands in one of the following ways at the FTP gt prompt see Figure 3 10 1 SITE SHOW TIME This command returns the current date and the time of day for the OpenVMS system in the reply message 2 SITE SPAWN dcl command This command allows you to execute any DCL command as a subprocess You typically use this command to print files submit batch jobs execute command procedures or issue other commands The screen does not display the output the subprocess generates The system returns status from the subprocess as the status for the SITE SPAWN command Note Spawning is not allowed for CAPTIVE accounts See the SITE and SPAWN commands in the Command Reference Figure 3 10 Issuing Site Specific Commands FTP FTP gt OPEN CONDOR Username wombat WOMBAT _ Password FTP gt SITE SHOW TIME 200 The date and time is FTP gt FTP gt DIR Directory DOCSDISK DOCUMENT WOMBAT 3 NOV 2001 11 36 18 30 ANDY TXT 1 4 4 NOV 2001 09 08 41 13 CYN PS 2 53 14 JAN 2001 14 10 41 22 DNIP TXT 1 8 10 JAN 2001 14 00 08 40 DO HELP TXT 1 8 19 NOV 2001 09 49 37 92 FTP gt SITE SPAWN PRINT QUE ENG PRINTER ANSI ANDY TXT 2 200 SITE
271. he NFS your local Chapter 13 filesystems on OpenVMS system No Managing NFS remote servers Client You special OpenVMS so that they must have commands are Client appear as authorization to required resident access them filesystems in OpenVMS NFS OpenVMS Provide a For remote see the Server service so that systems users to Management remote system access Guide users can access OpenVMS files Chapter 14 your local on your system Managing NFS OpenVMS run the NFS OpenVMS filesystems as if OpenVMS Server they were their Server The own remote user must have authorization to access your local filesystems Functional Overview Transferring Files You can transfer files to or from your OpenVMS system using FTP OpenVMS which includes the RCP feature or the TFTP feature of TCP OpenVMS Transfer files using the TCPware for OpenVMS components in Table 2 2 Table 2 2 TCPware Components for Transferring Network Files This component Allows you to To use it you need FTP OpenVMS Copy get and put files to and from remote systems using the File Transfer Protocol FTP TCPware provides both the client function so that local users can transfer files to and from remote systems and the server function so that remote users can transfer files from your local system Login authentication security is available through Token The remote system must support FTP As use
272. he OPEN command to open a remote TELNET session in one of the following ways a To use standard authentication at the TELNET gt prompt enter either TELNET gt OPEN host TELNET gt OPEN host AUTH NULL host 1s the name of the host to which you want to connect AUTH NULL explicitly specifies to use standard authentication b use Kerberos version 4 authentication enter at the TELNET gt prompt TELNET gt OPEN host AUTH KERBVA REALM realm host is the name of the host to which you want to connect AUTH KERBVA specifies the use of Kerberos version 4 authentication REALM realm specifies the name of the Kerberos Server realm You must first get a ticket granting ticket TGT from the Kerberos Server See Chapter 4 Kerberos User Commands You can specify the Kerberos realm using the REALM qualifier If you omit the qualifier the contents of the TCPWARE KRB REALMS file determines the Kerberos realm To open a connection TELNET first tries to use Kerberos version 4 authentication if requested then reverts to standard authentication 1f Kerberos version 4 authentication fails 3 Respond to the login prompts if any of the remote host including any PASSCODE 4 Open another session if desired a Return to the local TELNET prompt by entering the escape sequence displayed when opening the connection usually ctr1 The previous session remains open b Use the OPEN command to open the next session Repeat steps
273. he command aborts with an error The default is eight characters If the local username is also the remote username if you omit the USER qualifier TCPware also truncates the remote username to the indicated length However it never truncates a remote username specified explicitly with the USER qualifier USER remote username Username on the remote host that is different from the username with which you are currently logged in to the local host TCPware never truncates an explicitly specified remote username see the TRUNCATE qualifier The remote username is converted to lowercase unless you enclose it in quotes or use the NOLOWERCASE qualifier RLOGIN RLOGIN Logging In to a Remote Host Examples 1 Each of these equivalent commands opens a connection to host IRIS using standard authentication RLOGIN IRIS RLOGIN AUTH NULL IRIS 2 This command opens a connection to remote host IRIS using Kerberos version 4 authentication The Kerberos Server resides in the daisy com realm RLOGIN AUTH KERBV4 REALM DAISY COM IRIS USER Smith The quotes around Smith are necessary because the name contains a mix of upper and lowercase characters that you would want to preserve in sending the command Without the quotes RLOGIN converts the name to lowercase which then may not match the username on the remote host 3 This command opens a connection to remote host IRIS using Kerberos version 4 authentication Because REALM is omitted
274. he connection to the X11 display forwards to the remote side any X11 programs started from the interactive session or command through the encrypted channel Also the connection to the real X server is made from the local system The user should not set DECWSDISPLAY manually Forwarding of X11 connections can be configured on the command line or in configuration files The DECW DISPLAY value set by SSH points to the server system with a display number greater than zero This is normal and happens because SSH creates a proxy X server on the server system for forwarding the connections over the encrypted channel SSH sets up fake Xauthority data on the OpenVMS server as OpenVMS does not support Xauthority currently It generates a random authorization cookie stores it in Xauthority on the server and verifies that any forwarded connections carry this cookie and replace it by the real cookie when the connection 1s opened The real authentication cookie is never sent to the server system and no cookies are sent in plain text Configuring the SSH Client The SSH client uses only SSH2 configuration keywords There are no SSH1 specific configuration keywords for the SSH client The SSH client obtains configuration data from the following sources in this order 1 Command line options See Table 16 1 for details 2 User s configuration file SYS LOGIN SSH2 SSH2 CONFIG See Table 16 2 for details 3 System wide configuration file S
275. he initial FORWARD character using the TCPWARE TELNET FORWARD logical name in the process job group or system logical name tables This logical value has the same syntax as char To define the logical use one of the following formats DEFINE PROCESS TCPWARE TELNET FORWARD 1 DEFINE PROCESS TCPWARE TELNET FORWARD Both commands set the FORWARD character to ctr1 a ASCII 1 They are equivalent Examples 1 Each of these equivalent commands sets the FORWARD character to ctr1 a ASCII 1 TELNET gt SET FORWARD A TELNET SET FORWARD 1 2 This example removes the previous character definition 1f any for the FORWARD control function TELNET gt SET NOFORWARD 12 53 PART II User Functions SET NO GA SET NOJGA Defines changes or disables the go ahead GA character If you enter the defined GA character during a TELNET session Client TELNET sends the TELNET GA control function to the server instead of the actual character Ignored if TN3270 mode is active Format SET GA char SET NOGA Parameter char When entered this character sends the TELNET GA control function to the server You can specify this character in either of the following formats Numeric ASCII value of the character String Character string enclosed in quotes Specify control characters by typing a caret before the character There is no default GA character Define the initial GA character u
276. he recipient s IP address but not the host name or if the host name is not registered in the Domain Name System specify the recipient address as follows To smtp recipient aa bb cc dd where aa bb cc dd is the destination system s IP address in dotted decimal form You must specify the IP address in square brackets The OpenVMS Mail utility also allows you to specify an addressee on the command line MAIL filename addressee To use this form of the command with TCPware you must enclose the address in quotes and you must double all existing quotes as follows MAIL filename smtp recipientedestination The following example shows the user sending mail using the OpenVMS MAIL utility to a user named John Smith with a user name of johns on system SALES FLOWERS COM MAIL MATL gt SEND To SMTP johns sales flowers com Subj This is a test message Enter your message below Press Ctrl Z when complete or Ctrl C to quit Hi John this is a test of the TCPware extension to the VMS MAIL utility Ctrl Z MAIL gt EXIT You receive network mail as you would all other mail in the VMS MAIL utility The following example shows the user WHORFIN reading an SMTP mail message sent by the user johns New mail on node KAOS from SMTP johnsGsales flowers com John Smith MAIL You have 1 new message MAIL READ NEW 1 03 23 2001 10 05 40 79 From SMTP johnsesales flowers com John Smith To WHORFIN CC
277. he remote filename If the remote filename file does not exist Client FTP creates it Some remote hosts do not support this operation NOTE If the operation fails try appending in binary mode by using the BINARY qualifier PUT FTP Transferring Files ASCII Transfers the file in formatted ASCII format see Table 3 2 BINARY Transfers BIN LDA OBJ and STB files in formatted binary format see Table 3 2 BLOCK Transfers STREAM STREAM CR STREAM LF and UNDEFINED files in block mode see Table 3 2 CONFIRM NOCONFIRM default CONFIRM issues a confirmation prompt before putting a file Respond with v or N If confirming multiple file puts use with MPUT or PUT MULTIPLE with a wildcard value Position the qualifier immediately after the PUT verb to relate to all files or after the particular filename to relate to that file only CONTIGUOUS blocks Local output file should have an initial contiguous allocation of the specified number of blocks If the output file is smaller than the specified blocks Client FTP truncates the number of blocks If the output file 15 larger the additional allocations are non contiguous Does not apply to remote output files CONVERT NOCONVERT default CONVERT translates the internal file formatting characters of Variable Forms Control VFC files NOCONVERT does not do the conversion FDL Uses a separate FDL file describing the specified file s OpenVMS RMS record attri
278. hen a text file is transferred to a non VMS system method has been provided to convert those files that can be translated into a format that will be usable on the remote system Files that are converted from non VMS systems are stored as stream files on the VMS system which provides compatibility for text files from those systems Filenames are SRI encoded when files are stored on ODS 2 disks SCP SERVER1 The SCP SERVERI program is used when a system with OpenSSH initiates an SCP command OpenSSH uses RCP over SSH2 instead of the SFTP protocol SCP SERVERI will always convert VMS text files 1f possible when copying a file from VMS Converted VMS text files may have some trailing nulls at the end of them due to the RCP protocol not being able to tolerate a file that comes up short of the reported size SCP SERVERI and SFTP SERVER2 use sophisticated methods to estimate the amount of user data in the file to minimize this On ODS 5 disks the estimation routine uses the file size hint if it is valid On ODS 2 disks and ODS 5 without a valid size hint the size of the file and file characteristics are used to estimate the amount of user data The method provides as accurate an estimate as possible without actually reading the file and never underestimates the amount of data in the file Underestimating would cause significant problems as the programs use the size of the file to determine how much data to expect SCP2 Usage SCP2 qualifiers
279. hich you can configure network hosts as listed in Table 2 7 Table 2 7 TCPware Features for Configuring Hosts This component Allows you to As system manager DHCP BOOTP Assign IP addresses and provide configuration data to hosts over the network see the Management Guide Chapter 2 DHCP BOOTP Server Domain Name Services Obtain information such as host Internet addresses and names by connecting to a distributed database see the Management Guide Chapter 3 Domain Name Services 2 9 PART I Introduction Table2 7 TCPware Features for Configuring Hosts Continued This component Allows you to As system manager Point to Point Protocol PPP Configure the network to send IP datagrams over serial links including DECnet or modern connections enter PPPD TCPWARE PPPD EXE See the Management Guide Chapter 5 Serial Link Interfaces PPP and SLIP Serial Line IP SLIP Protocol Further configure the network to send IP datagrams over serial links Controlling Network Functions You can perform network management functions and test networks by using the TCPware for OpenVMS features in Table 2 8 Table 2 8 TCPware Features for Additional Management This component Allows you to As a system manager Management Protocol SNMP Services network activities of OpenVMS server hosts suc
280. ical tape or CD ROM device on the server When you conclude the activity you can discard the pseudodevice using the DEALLOCATE command Note that not all tape drives or CD ROM drives can fully support use of the RMT Client and RCD Client For example quarter inch tape drives on UNIX systems typically support only fixed length 512 byte records You cannot use these tapes with the OpenVMS COPY or BACKUP commands because the latter require variable length records An attempt to perform an unsupported operation to a remote device results in a SYSTEM E UNSUPPORTED error message Troubleshooting You can lose the TCP IP connection between the RMT or RCD client and server if An RMT or RCD server receives a command that it does not recognize Rather than returning an error message it simply closes the connection 6 1 PART II User Functions 6 2 A bug in an RMT or RCD server causes it to crash Ifthe RMT or RCD server or its system crashes or is shut down In these situations the RMT Client or RCD Client detects the loss of the TCP IP connection and returns the following error message for all subsequent commands SYSTEM F LINKABORT network partner aborted logical link The only alternative at this point is to deallocate the existing device and reconnect to the server when it becomes available by running RMTSETUP again RMTSETUP RCD and RMT Remote CD ROMs and Tapes RMTSETUP Configures RMT RCD pseudodevice
281. ication ACE Client API Functions Use API functions for programs that interact between the ACE Client and ACE Server to enable Token Authentication Chapter 11 Token Authentication API Functions 2 17 PART Il User Functions Chapter 3 Chapter 4 Chapter 5 Chapter 6 Chapter 7 Chapter 8 Chapter 9 Chapter 10 Chapter 11 Chapter 12 Chapter 13 Chapter 14 Chapter 15 Chapter 16 Appendix A Glossary FTP Transferring Files Kerberos User Commands Network Printing RCD and RMT Remote CD ROMs and Tapes RCP Copying Files RLOGIN Logging in to a Remote Host RSH Issuing Commands on a Remote Host SMTP Transferring Mail TALK Exchanging Terminal Messages TELNET Connecting to Remote Terminals TFTP Initiating Trivial File Transfers Token Authentication Protecting Logins WHOIS Username Directory Services Accessing Remote Systems with the Secure Shell SSH Utilities TCPware Logicals Chapter 3 FTP Transferring Files Introduction The File Transfer Protocol FTP transfers files to and from a remote host FTP OpenVMS controls the method by which FTP transfers the files The Client FTP utility is your interface to FTP OpenVMS You can run Client FTP interactively or through a startup command procedure For FTP OpenVMS to operate between two hosts the remote host must provide a compliant client or server You can run FTP directly interactively or indirectly from a command procedure Client
282. ice when deallocating the local RMT pseudodevice NOUNLOAD disables this Note thata DCL MOUNT or DISMOUNT with UNLOAD or NOUNLOAD overrides the RMTSETUP UNLOAD or NOUNLOAD Not allowed when used with CD USERNAME username Username for access to the remote system If omitted the username of the client process is sent to the server subject to truncation by TRUNCATE USERNAME Username is converted to lowercase unless you enclose it in quotes Use together with PASSWORD WRITE default NOWRITE Writing to the remote tape is usually enabled NOWRITE is a precautionary measure to prevent remote tape from being written Not allowed when used with CD Examples 1 This example uses tape drive MKB500 on remote OpenVMS system IRIS to back up all the TCPWARE data files that start with SM The tape is left loaded in the drive after its use NOUNLOAD MYTAPE is the logical name for the RMT9 device created RMTSETUP IRIS MKB500 MYTAPE NOUNLOAD LOG Connecting to RMT server on host IRIS through port 514 rsh Opening MKB500 NOSTREAM NOUNLOAD _RMT9 created BACKUP LOG TCPWARE SM DAT MYTAPE TCPWARE BCK SAVE SET SMOUNT I MOUNTED TEST1 mounted on RMT9 BACKUP S COPIED copied SYSSSPECIFIC TCPWARE SM DAT 1 SBACKUP S COPIED copied SYSSSPECIFIC TCPWARE SM BAK DAT 1 DISMOUNT MYTAPE NOUNLOAD DEALLOCATE MYTAPE This example requests access to tape drive dev rst0 remote UNIX system using a
283. ide s Excellent Good Fair Poor Accuracy Completeness enough information Clarity easy to understand Organization structure of subject matter Figures useful Index ability to find topic Ease of use 1 would like to see more less 2 Does this guide provide the information you need to perform daily tasks 3 What like best about this guide 4 What like least about this guide 5 Do you like this guide s binding If not what would you prefer My additional comments or suggestions for improving this guide found the following errors in this guide Page Description Please indicate the type of user reader that you most nearly represent System Manager Educator Trainer Experienced Programmer Sales Novice Programmer Scientist Engineer Computer Operator Software Support Administrative Support Other please specify o Name Dept Company Date Mailing Address After filling out this form FAX or mail it to Process Software 959 Concord Street Framingham MA 01701 4682 Attention Technical Publications Group FAX 508 879 0042 e mail techpubs process com
284. ient does not specify a printer This is an optional parameter and the default is SYS PRINT when the client does not specify a printer most clients specify the printer The logical for NFS_PCNFSD_ PRINTER is TCPWARE PCNFSD PRINTER TCPWARE NFS PCNFSD PRINTER LIMIT Specifies the maximum packet size of the information displaying the printers known on the server Some systems require this limitation Note If the actual printer information exceeds the byte limit set by this parameter TCPware truncates the information The logical for PCNFSD PRINTER LIMIT is TCPWARE PCNFSD PRINTER LIMIT If this logical is not defined TCPware determines the size of the packet at run time TCPWARE NFS PCNFSD SPOOL Specifies the name of the PCNFSD print spool directory as a UNIX style pathname The directory must be an exported directory This is the directory must be an entry in the EXPORT database or a subdirectory of an exported directory The logical for PCNFSD SPOOL is TCPWARE PCNFSD SPOOL Because you export different OpenVMS directories to different clients with the same path it is possible for the PCNFSD SPOOL parameter to refer to different OpenVMS directories depending on which PCNFSD client requests the print spooling services TCPWARE NFS PORT Sets the TCP and UDP port through which the NFS MOUNT and PCNFSD protocols receive data B 18 TCPware Logicals Table B 1 TCPware Logicals Continued
285. iewer Preferences see the bottom screen in Figure 3 4 Here is the process to use 3 6 FTP Transferring Files 1 Click options followed by Settings togetthe TCPware FTP OpenVMS Settings window This window presents the following options FTP Logs You can select to log Commands Replies or Both Your password appears on the screen if you use the Commands or Both setting Confirm on Delete Click the box to confirm file or directory deletion Beep After Copy Click the box to enable a beep when copying is complete Timeout secs Set the FTP session timeout in seconds PASV Mode Click the box to set passive mode transfers see the SET NO PASSIVE command To accept the settings you make on this screen click to cancel the window click Cancel 2 Click Options followed by View to get the TCPware FTP OpenVMS File Viewer Preferences window with the following options File Enter a file extension to indicate the type of file you would like to view for example Type enter for files with the C extension ps for files with the PS extension or for any file type Viewer Enter the type of viewer to use for the file type these should be DCL commands or foreign commands you define before invoking the application for example enter the DCL command view interface decwindows format ps to use the CDA Viewer with PS files Click Add to add the File Type and Viewer combination
286. if available 3 20 FTP Transferring Files Enter FTP commands at the gt prompt Client FTP supports the following commands ACCOUNT ENABLE VMS PL PWD SET PASSIVE CCC ERROR EXIT QUOTE SET VMS CLOSE EXIT REMOTEHELP SET STATUS COPY GET RENAME SITE CREATE DIR HELP SET BELL SPAWN DEFINE KEY LDIR SET DEBUG STRUCTURE DELETE OPEN SET DEFAULT TYPE DIRECTORY PROTECTION SET HASH USER DISPLAY PUT SET LOWERCASE Table 3 3 FTP Command Synonyms This command Is a synonym for the FTP command ASCII TYPE ASCII BELL Toggles between SET BELL and SET NOBELL BINARY or IMAGE TYPE IMAGE BYE or QUIT EXIT CD SET DEFAULT REMOTE CONNECT OPEN DEBUG Toggles SET DEBUG CLASS COMMANDS DISCONNECT CLOSE H HELP HASH Toggles between SET HASH and SETNOHASH LCD SET DEFAULT LOCAL LIST or LS DIRECTORY NAME LIST LOGIN USER MDELETE DELETE MULTIPLE MGET GET MULTIPLE 3 21 PART II User Functions 3 22 Table 3 3 FTP Command Synonyms Continued This command Is a synonym for the FTP command MKDIR CREATE DIRECTCORY MPUT PUT MULTIPLE PASSIVE Toggles between SET PASSIVE and SET NOPASSIVE RECV GET RM DELETE RMDIR DLETE DIRECTORY SEND PUT STATUS HOW STATUS VERBOSE Toggles SET DEBUG CLASS REPLIES Z SPAWN Table 3 4 Commands to Use
287. ifies the engineering C size medium d Specifies the engineering D size medium PRINT Network Printing Table 5 1 Standard Media Names e Specifies the engineering E size medium The following standard values are defined for input trays Table5 2 Input Tray Names Name Description top The top input tray in the printer middle The middle input tray in the printer bottom The bottom input tray in the printer envelope The envelope input tray in the printer manual The manual feed input tray in the printer large capacity The large capacity input tray in the printer main The main input tray side The side input tray Submitting Jobs to IPP Symbiont Print Queues This section describes how to submit jobs to the IPP symbiont print queues Printing a Single Text File to an IPP Queue Print the file FOO TXT to the IPRINTER default destination printer set up in the prior examples PRINT QUEUE IPRINTER QUEUE foo txt Specifying the Destination Printer on the Print Command Print a single text file to a non default printer on a queue with a wild carded printer URL PRINT QUEUE iprinter queue PARAM printer ipp another mynet com ipp portl foo txt Note The above will fail unless the queue specifies another mynet com as a legal URL either explicitly or by using wildcards 5 21 PART II User Functions PRINT Using Other Print Qualifiers Print a te
288. ile Transfers screen see Figure 3 4 Table3 2 Client FTP File Transfer Formats This file With format extension Means Formatted ASCII records terminated with a CR and LF and transferred as ASCII ASCII Use for all except formatted binary and image files maximum formatted ASCII record size is 8192 bytes In OpenVMS to FTP ASCII conversion CR LF pairs are added to the end of records In FTP ASCII to OpenVMS conversion CR LF pairs are removed from the end of records Formatted OBJ Binary records transferred as IMAGE In OpenVMS to FTP Binary STB IMAGE conversion record header and checksum are added to i all records In FTP IMAGE to OpenVMS conversion record BIN header and checksum are removed from each record LDA Remote hosts might not be able to distinguish between formatted binary and image files because both file types are transferred using FTP IMAGE format In this case the formatted binary files are stored as image files and if properly transferred back are formatted binary files again This is typically not a problem because formatted binary files are system dependent files 3 11 PART II User Functions Table3 2 Client FTP File Transfer Formats Continued This file format With extension Means BLOCK File blocks transferred as IMAGE Use for STREAM STREAM CR STREAM LF and UNDEFINED record formats Provides the highest transfer rates since i
289. iles lt objects gt Description The CERTTOOL utility is used for different needs concerning X 509 certificates 16 33 Accessing Remote Systems with the Secure Shell SSH Utilities Valid Options BITS n Key strength in bits default 2048 DEBUG n Set debug level to EXTENDED KEY USAGE flag1 flagn PKCS 10 only Extended key usage flags as a comma separated list Valid values are e anyExtendedKeyUsage e ServerAuth clientAuth codeSigning e emailprotection No extended flags are set by default HELP PK10 PK12 Display help More detailed help on manipulating PKCS 10 and PKCS 12 certs is available by adding the PK10 and PK 12 qualifier respectively to the HELP switch INPUT_FILES file1 filen PKCS 12 only List of files to include in the PFX package KEY TYPE type Create a new key of type DSA or RSA KEY USAGF flagl flagn PKCS 10 only Key usage flags as a comma separated list Valid values are e digitalSignature nonRepudiation e keyEncipherment e dataEncipherment keyAgreement e keyCertSign e CRLSign encipherOnly e decipherOnly Default values are digitalSignature and keyEncipherment 16 34 Accessing Remote Systems with the Secure Shell SSH Utilities OPTION x y Set ceriticate option x to y The options that can be set are dependant upon the type of certificate PKCS 10 or PKCS 12 being a
290. in the output stream from the server when sending the BRK function Client TELNET uses the TELNET timing mark option to accomplish this the server does not have to support this option for this feature to work If you specify NOFLUSH Client TELNET sends only the BRK function If you omit both the previous setting remains The initial default is FLUSH Note If a server fails to respond properly to the timing mark option Client TELNET may continue to discard output from the server In this case use the FLUSH command to resume normal operation 12 44 SET NOJBRK TELNET Connecting to Remote Terminals Examples 1 Each of these equivalent commands sets the break character to ctr1 ASCII 29 TELNET gt SET BRK TELNET gt SET BRK 29 2 This example removes the previous character definition if any for the break control function TELNET gt SET NOBRK 12 45 PART II User Functions SET DEBUG SET DEBUG Enables or disables the display of debugging information Format SET DEBUG CLASS keyword Qualifier CLASS keyword SET DEBUG requires the CLASS qualifier The optional keyword specifies the classes of debugging information to enable or disable Use parentheses for multiple keywords separated by commas Table 12 9 lists the supported keywords Table 12 9 Class Keywords Keyword Description ALL Enables the display of all classes OPTIONS Enables the display of options negotiation i
291. information on the PRINT command mat PRINT file spec file spec ameter file spec Specifies the file or files if separated by commas you want printed Qualifiers 5 14 COPIES n Prints multiple copies of output where n is the number of copies If you place this qualifier immediately after the PRINT command each file listed in the command string prints times The same effect occurs when you use the number option with the LPR command If you place this qualifier after a file specification only that file prints n times FORM form name Specifies the name or number of the form you want associated with the print job If omitted the default form for the execution queues with the job Forms have attributes such as print image width and length or paper stock To see which forms are defined for your system use the SHOW QUEUE FULL command PRINT Network Printing NAME job name Names the job If you do not use this qualifier the job name is the name and extension of the first file in the job This name displays on the screen when you use the LPQ command to request queue information and on the flag page This qualifier is equivalent to the option used with the LPR command NOFLAG Suppresses printing of the burst page This qualifier is equivalent to the h option used with the LPR command NOTE string Names the job classification you want used on the burst page If you omit this qualifier the j
292. ing C job classification or cjob classification Names the job classification you want used on the burst page If you omit this option the job classification is the domain name of the local host See the previous note for details on syntax d File contains output from TeX formatting commands f Uses a filter that interprets the first character of each line in the file as a standard FORTRAN carriage control character 5 File contains standard UNIX plot data as produced by the plot routines h Suppresses the printing of the burst page i number Indents the output the specified number of blank spaces If you do not enter a number the output indents eight spaces Do not leave a space between the i and the number J job or jjob Prints the job name on the burst page If you do not use this option the job name is the name and extension of the first file in the job See the Note for details on syntax 1 Uses a transparent filter so that you can send data to the printer unchanged Note that the data 1s UNCONVERTED print services does not convert the files to STREAM LF format Use this option with BINARY data or files containing all of the characters including carriage returns CRs when you want them sent to the printer m Sends a mail message to the user who issued the LPR command upon completion of the job You can use this option only if your local host implements the Simple Mail Transfer Protocol
293. inued TCPWARE FTP STRIP VERSION Causes VMS mode output to have no versions The in the logical represents where defined values go Defined values can be either alpha or numeric DEFINE SYSTEM NOLOG EXECUTIVE TCPWARE FTP STRIP VERSION TCPWARE FTP SYST BANNER When this logical is defined the SYSTem banner is not displayed in response to the STATUS command When this logical is not defined the format of the banner varies depending upon whether the SERVER is operating in UNIX mode VMS mode DEFINE SYSTEM NOLOG EXECUTIVE TCPWARE FTP SYST BANNER TCPWARE FTP UNIX STYLE BY DEFAULT Starts the FTP server in UNIX emulation mode The in the logical represents where defined values go Defined values can be either alpha or numeric DEFINE SYSTEM NOLOG EXECUTIVE TCPWARE FTP UNIX STYLE BY DEFAULT When sending the command from a non OpenVMS client a space is required between the file specification and the qualifier GET filename LOG To disable this requirement DEFINE SYSTEM EXECUTIVE MODE TCPWARE FTPD NOUNIX SYNTAX TRUE This logical has no effect if TCPWARE FTP DISALLOW UNIX STYLE is not set to FALSE TCPWARE FTP UNIX STYLE CASE INSENSITIVE Allows UNIX style filename handling to be case insensitive The in the logical represents where defined values go Defined values can be either alpha or numeric DEFINE SYSTEM NOLOG EXEC TCPWARE FTP UNIX STYLE CASE INSENSITIVE
294. ioMail Corporation the Internet Software Consortium nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY RADIOMAIL CORPORATION THE INTERNET SOFTWARE CONSORTIUM AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL RADIOMAIL CORPORATION OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE This software was written for RadioMail Corporation by Ted Lemon under a contract with Vixie Enterprises Further modifications have been made for the Internet Software Consortium under a contract with Vixie Laboratories IMAPARI C MISC C RFC822 C SMTP C Original version Copyright 1988 by The Leland Stanford Junior University NS PARSER C Copyright O 1984 1989 1990 by Bob Corbett and Richard Stallman This program is free software You can redistribute it and or modify it und
295. ion system name are not case sensitive that is you can type them in either uppercase or lowercase letters However the destination recipient specification may be case sensitive depending on the destination system s software On some UNIX systems ROOT and root specify two different user names and hence different electronic mail addresses You receive network mail as you would all other mail in the ALL IN 1 mail subsystem Contact your system manager for the correct syntax for remote users frequently the proper syntax is 1 yourdomain ivering Mail to Specific Folders The SMTP server supports incoming mail delivery to folders other than the NEWMAIL folder The foldernames are restricted to UPPERCASE characters only the pound sign and the underscore _ Use of the comma in a foldername causes an error Mail addressed to user folder host is delivered to the specified folder Note Your system manager can disable this feature by defining the system wide logical name Us 10 4 TCPWARE_SMTP_DISABLE_FOLDER_DELIVERY er Defined Headers You can further customize your messages by defining special RFC 822 message headers SMTP OpenVMS supports defining certain message header fields in the RFC 822 part of the message header Defining RFC 822 headers involves running the TCPWARE CONFIG_SMTP_HEADERS COM command file to define the following headers Full name Comments Reply to Return receipt
296. ion that you make in such a way that it is clearly associated with such covered works as are present in that distribution In any electronic distribution the license must be in a file called ISC LICENSE If you make a distribution that contains works from more than one ISC distribution you may either include a copy of the ISC LICENSE file that accompanied each such ISC distribution in such a way that works covered by each license are all clearly grouped with that license or you may include the single copy of the ISC LICENSE that has the highest version number of all the ISC LICENSE files included with such distributions in which case all covered works will be covered by that single license file The version number of a license appears at the top of the file containing the text of that license or if in printed form at the top of the first page of that license 11 If the list of associated documentation is in a seperated file you must include that file with any distribution you make in such a way that the relationship between that file and the files that refer to it is clear It is not permissible to merge such files in the event that you make a distribution including files from more than one ISC distribution unless all the Bootstrap Licenses refer to files for their lists of associated documentation and those references all list the same filename 12 If a distribution that includes covered works includes a mechanism for automatically installi
297. is included in the remote system specification the specification must be enclosed in quotes Qualifiers Table 17 2 2 Qualifiers Qualifier Description IBATOCHBIUES S UO specuicanan Provides file with SFTP commands to be executed Starts SSH2 in batch mode Authentication must not require user interaction UPPER SUE Number of bytes of data to transfer in a buffer Default is 7500 CIPHER cipher 1 cipher n Selects encryption algorithm s COMPRESS Enables SSH data compression Number of concurrent read requests to post to the CONCURRENT REQUEST integer source file Default is 4 DEBUG level Sets debug level 0 99 HELP Displays help MAC mac 1 mac n Select MAC algorithm s NOPROGRESS Do not show progress indicator 17 11 Secure File Transfer Table17 2 SFTP2 Qualifiers Continued Qualifier Description Tells sftp2 which port sshd2 listens to on the remote PORT machine VERBOSE Enables verbose mode debugging messages Equal to debug 2 You can disable verbose mode by using debug disable VERSION Displays version number only NO VMS Negotiates ability to transfer VMS file information VMS transfer mode will be automatically negotiated if SFTP2 detects that the server is capable of doing VMS transfers unless NOVMS is specified 17 12 Secure File Transfer SFTP2 Commands Table 17 3 SF
298. is qualifier Use with the AUTHENTICATION KERBV4 qualifier and value The realm is converted to lowercase unless you enclose it in quotes TERMINAL CHARACTER SET name Use with the TN3270 qualifier to set the OpenVMS terminal character set for TN3270 Internationalization Table 12 4 shows the supported Multinational and National Replacement character set values TIMEOUT seconds Timeout time for establishing the TELNET control connection If not specified the default value of 120 seconds 2 minutes applies The minimum allowable value is 20 TN3270 NOTN3270 TN3270 enables TN3270 mode Use this qualifier when you want your OpenVMS terminal to emulate an IBM 3270 class terminal but the server cannot negotiate this mode automatically If the server can negotiate TN3270 mode automatically you can omit this qualifier Only one TN3270 session can be open at any one time Use the PRINT qualifier for printing or file dumping a TN3270 screen Use TN3270 with the HOST_CHARACTER_SET TERMINAL CHARACTER SET qualifiers to support TN3270 Internationalization 12 33 PART II User Functions OPEN NOTN3270 disables TN3270 mode Use this qualifier if you connect to a remote terminal that supports both IBM 3270 mode and non IBM 3270 connections Examples 1 This example opens a connection to host DAISY and enables TN3270 mode Use TN3270 only 12 34 if the server cannot negotiate TN3270 mode automatically Client TELNET al
299. ive If there is only one active session available that session remains active In this case SET BACKWARD has no effect Ignored if TN3270 mode is active Format SET BACKWARD char SET NOBACKWARD Parameter char When entered this character causes the previous numbered session to become active You can specify this character in either of the following formats Numeric ASCII value of the character String Character string enclosed in quotes Specify control characters by typing a caret before the character There is no default BACKWARD character Define the initial BACKWARD character using the TCPWARE TELNET BACKWARD logical name in the process job group or system logical name tables To define the logical use one of the following formats DEFINE PROCESS TCPWARE TELNET BACKWARD 2 DEFINE PROCESS TCPWARE TELNET BACKWARD Both commands set the BACK WARD character to ctr1 B ASCII 2 They are equivalent Examples 1 Each of these equivalent commands sets the BACKWARD character to Ctr1 B ASCII 2 TELNET gt SET BACKWARD B TELNET gt SET BACKWARD 2 2 This example removes the previous character definition if any for the BACKWARD control function TELNET gt SET NOBACKWARD 12 42 SET NO BINARY TELNET Connecting to Remote Terminals SET NO BINARY Initiates negotiations to enable the TRANSMIT BINARY option for the client and server This command Pertai
300. ive opens Use partially specified opens when you do not know the requesting host Note that a passive open does not send requests to establish a connection until the system receives a request from another host pathname Directory path in a remote NFS filesystem PCNFSD NFS authentication server to allow remote printing over NFS PC peer Synchronized host in the Network Time Protocol NTP which is either a time server or client and is identified by a relative NTP strata number PIN Your personal identification number and part of the token authentication system The PIN consists of four to eight alphanumeric characters PING Packet InterNet Groper a utility that tells you whether a host is up and whether you can reach it The PING utility uses the ICMP echo and echo reply messages Point to Point Protocol PPP Protocol whereby you can send IP datagrams over serial links including LAT or modem connections PPP is an enhancement to the nonstandard Serial Line IP SLIP interface providing self contained error detection and automatically negotiated header compression It also provides authentication through the Password Authentication Protocol PAP or Challenge Handshake Authentication Protocol CHAP port and port number Abstract point through which a datagram passes from the host layer to the application layer protocols Port number is a number the network drivers use to name the ends of logical con
301. l SSH client 16 1 TCPWARE FTP MAX PRE ALLOCATION 3 23 TCPWARE FTP USE SRI ENCODING ON ODS5 B 12 TCPWARE FTP username ROOT logical B 10 TCPWARE SCP VMS MODE BY DEFAULT B 21 TCPWARE SFTP FALLBACK TO CBT B 21 TCPWARE SFTP RETURN ALQ 17 8 B 22 TCPWARE SFTP TRANSLATE VMS FILE TYPES B 22 TCPWARE SSH SCP SERVER DEBUG B 2 TCPWARE SSH SFTP SERVER DEBUG B 2 telephone 1 xxi TELNET closing a session 12 5 command reference CLOSE 12 21 DEFINE KEY 12 21 EXIT 12 21 FLUSH 12 21 HELP 12 21 OPEN 12 21 RESUME 12 21 SEND 12 21 SET DEBUG 12 21 SET DELETE ALLOWED 12 21 SETLOG 12 21 SET PRINT 12 21 SET TERMINAL TYPE 12 21 SET TRANSLATION 12 21 SHOW OPTIONS 12 21 SHOW STATUS 12 21 SHOW TRANSLATION 12 21 SPAWN 12 21 command synonym BYE 12 21 CONNECT 12 21 DISCONNECT 12 21 ESCAPE 12 21 Index 10 QUIT 12 21 SET HOST 12 21 STATUS 12 21 Z 12 21 control function AO 12 37 AYT 12 37 BACKWARD 12 37 BRK 12 37 EC 12 37 EL 12 37 ESCAPE 12 37 FORWARD 12 37 GA 12 37 12 37 NOIP 12 37 SYNCH 12 37 issuing local commands 12 6 login sequence 14 4 opening a session 12 2 preparation 12 1 running applications over 12 7 sample session 12 19 startup command file 12 10 TELNET commands CLOSE 12 22 DEFINE KEY 12 24 EXIT 12 27 FLUSH 12 28 HELP 12 29 OPEN 12 30 RESUME 12 36 SEND 12 37 SET DEBUG 12 46 DELETE ALLOWED 12 47 LOG 12 58 PRINT 12 59 TERMINAL TYPE 12 60 TRANSLATION 12 61 SHOW OPTIONS 12 63 STATUS 12 64 TRANSLATION 12 65 SPAWN
302. l files with the TMP extension in the remote default directory You do not need MULTIPLE when doing this delete operation between OpenVMS systems If several versions of any TMP file exist it deletes only the latest version FTP gt DELETE TMP MULTIPLE 3 The following deletes all files with the FOO filename in the remote default directory You do not need MULTIPLE when doing this delete operation between OpenVMS systems If several versions of any FOO file exist it deletes only the latest version FTP gt DELETE FOO MULTIPLE 4 The following deletes all files and file versions with the FOO filename in the remote default directory For example this command deletes FOO EXE 1 FOO EXE 2 FOO C 1 FOO C 2 and FOO TXT 1 You do not need MULTIPLE when doing this delete operation between OpenVMS systems FTP gt DELETE FOO MULTIPLE DIRECTORY FTP Transferring Files DIRECTORY Lists files on the remote host If the remote host is a TCPware host also lists the creation date and file type See LDIR to list files on the local host Graphical User Interface Equivalent TCPware FTP OpenVMS File Transfers Enter directory path in Current Remote Directory Refresh Format DIRECTORY directory Synonym LS directoryJ DIRECTORY BRIEF NAME LIST Parameter directory Directory to list on the remote host in the format node username password directory To open a connection use node username
303. l overview of the TCPware for OpenVMS products components and features Part II User Functions Provides user instructions for the following TCPware components and features arranged in chapters alphabetically FTP OpenVMS Kerberos authentication user commands Network print functions Line Printer Services and Terminal Server Print Services Remote Compact Disk RCD and Remote Magnetic Tape RMT Remote Copy Program RCP RLOGIN Remote Shell RSH Simple Mail Transfer Protocol SMTP xix TALK TELNET OpenVMS Trivial File Transfer Protocol TFTP Token Authentication User Functions WHOIS Secure Shell SSH Appendixes including a list of references and a glossary of terms Online Help You can use help at the DCL prompt to find the following Topical help Access TCPware help topics only as follows HELP TCPWARE topic The topic entry is optional You can also enter topics and subtopics at the following prompt and its subprompts TCPWARE Subtopic Online help is also available from within certain TCPware components FTP OpenVMS Client and Server Network Control Utility NETCU TELNET OpenVMS Client NSLOOKUP and TRACEROUTE Use the HELP command from within each component Example NETCU gt HELP topic Error messages help Access help for TCPware error messages only as follows HELP TCPWARE MESSAGES If the err
304. le and the server system having prior knowledge of the client system s public host key For SSH2 When a user logs in 1 The server checks the TCPWARE HOSTS EQUIV file and the user s S YSSLOGIN RHOSTS and SYSSLOGIN SHOSTS files for a match for both the system and username Wildcards are not permitted 2 The server checks to see if it knows of the client s public host SSH2_ DIR HOSTKEY PUB on VMS client systems in either the user s SYS LOGIN SSH2 KNOWNHOSTS directory or in the system wide directory pointed to by the TCPWARE SSH2 KNOWNHOSTS DIR logical name The key file is named lt FQDN gt _ lt algorithm gt PUB For example if the client 1 In this chapter the SSH subdirectory in the user s login directory displays as SYS LOGIN SSH SSH2 displays as SYSSLOGIN SSH2 16 3 Accessing Remote Systems with the Secure Shell SSH Utilities system is and its key uses DSS algorithm the file that would contain its key on the server would be FOO BAR COM SSH DSS PUB This key file must exist on the server system before attempting hostbased authentication 3 If the key file is found by the server the client sends its digitally signed public host key to the server The server will check the signature for validity For SSHI This form of authentication alone is not allowed by the server because it is not secure The second and primary authentication method is the RHOSTS or HOST
305. lementation and Internals Second edition Prentice Hall Comer Douglas E amp David L Stevens 1996 Internetworking with TCP IP Volume III Client Server Programming and Applications for the BSD Socket Version Second edition Prentice Hall Frey Donnalyn Rick Adams 1989 A Directory of Electronic Mail Addressing and Networks O Reilly amp Associates Inc LaQuey Tracy L editor 1990 The User s Directory of Computer Networks HP Press Perlman Radia 1992 Interconnections Bridges and Routers Addison Wesley Quarterman John S 1990 The Matrix Computer Networks and Conferencing Systems Worldwide HP Press A 5 PART III Appendixes A 6 Santifaller Michael 1991 TCP IP and NFS Internetworking in a UNIX Environment translated by Stephen S Wilson Addison Wesley Stallings William 1991 Data and Computer Communications Third edition MacMillan Stevens W Richard 1990 UNIX Network Programming Prentice Hall Tanenbaum Andrew S 1996 Computer Networks Third edition Prentice Hall Tolhurst William A et al 1994 Using the Internet Special Edition Que Corp Table A 2 lists documentation to which you can refer for details on specific topics Table A 2 Additional Documentation For Details on See Process Software s home page on the World Wide Web For information about Process Software its products and its services enter the following Universal Resource
306. les in formatted ASCII formatted binary image block FORTRAN carriage control and VMS formats On OpenVMS systems the filename extension can indicate the file type Formatted ASCII is the default transfer file type and is usually sufficient for most files FTP converts the various file formats to formatted ASCII or IMAGE Executable and zip compressed files are popular files in this category The formats are similar to the formats that the OpenVMS EXCHANGE utility provides to transfer between OpenVMS and DOS 11 or RT 11 file systems You either specify the file transfer format when you use the GET PUT or COPY command or Client FTP determines the format from the source filename s extension See Figure 3 8 for an explanation of the file transfer formats FTP Transferring Files Check file extensions to determine file types You might need to enter special qualifiers when you transfer certain types of files When you use the COPY GET or PUT commands to transfer files you can use the ASCII BINARY BLOCK FORTRAN IMAGE or VMS qualifiers to set the file transfer format You can also set default file transfer formats using these qualifiers with the SET DEFAULT command or specifying these keywords with the TYPE command See the SET DEFAULT and TYPE commands in the Command Reference for equivalent usage f you use the menu driven method you can make the file type selections in the middle part of the TCPware FTP OpenVMS F
307. les on the local server For directories contents are listed See LS for options and more details LLSROOTS Like LSROOTS but for the local side LMKDIR directory specification Creates the specified directory on the local system LOCALOPEN user host port 1 Tries to connect the local side to the host hostname If successful Ils and friends will show the contents of the filesystem on that host With the 1 option connects to the local filesystem which doesn t require a server There is an implied LOCALOPEN when SFTP2 starts up Note that an implicit LOCALOPEN is done when SFTP2 starts so the only time that a user needs to do a LOCALOPEN is when neither directory tree is immediately accessible OPEN is the command that is generally used to establish the connection with the remote system LOPEN is a synonym for LOCALOPEN LPWD Displays the current working directory on the local system LREADLINK lt path gt Provided that lt path gt is a symbolic link shows where the link is pointing to This command is not supported for VMS LRENAME lt oldfile gt lt newfile gt Renames a file on the local system LRM lt file specification gt Removes the specified file from the local system VMS file specifications may be used when in VMS mode LRMDIR lt directory specification gt Deletes a directory on the local system 17 16 Secure
308. leshooting ertet e RHONE RO TW RE ERG TG ic eds 11 5 Chapter 12 TELNET Connecting to Remote Terminals Introduction 12 1 Before Using TELNET sentes ee OE ede tee e RIRs 12 1 Opening a TELNET Session Nice eed ite e ast 12 2 Opening a TN3270 S 68810 es Eh reet Ree i Ei D NE ERN ends 12 3 Closing a SESSION x ced stood ast S ash tede cite ien Aad ttt euis as Oa oie ise cut 12 5 Issumg Eocal Commands n seach tenes teen e b ee avis ages OI ei aer d eco Esi 12 6 Running Applications over TELNET sese eren inneren 12 7 Creating a Permanent NTA Device 12 9 Handling a Broken eene enne nnne nennen 12 10 Closing the Connection After a Deassign esses eene 12 10 Startup Command File essere eene 12 10 TN3270 Keyboard Mapping cete eee e e i Ce cs 12 12 Alternative Mappings Sissis nennen ener eren 12 13 TN3270 Internationalization at eie ge ere eis 12 14 TN3270 Keypad Graphics Characters sese enne 12 17 TN3270 Screen Printing and Dumping sese 12 17 Sample Session ee Ret d ERO RT EUER e RT ERR 12 19 Command bees En ee ER tet em semen editt 12 20 Chapter 13 TFTP Trivial File Transfers Introduction one i iE Ee e
309. lows only one TN3270 session at any one time TELNET gt OPEN TN3270 DAISY login procedure to daisy daisy Ctr1 TELNET gt OPEN TN3270 ROSE STCPWARE TELNET E MAXTN3270 only one TN3270 session may be open at any time TELNET gt This example opens a connection to host DAISY in TN3270 mode and specifies a Danish TN3270 Internationalization host character set TELNET gt OPEN TN3270 HOST CHARACTER SET DANISH DAISY lt login procedure to daisy gt daisy 5 This example opens three sessions The first two use Kerberos version 4 authentication the third uses standard authentication The Kerberos Server realm is determined by the contents of the TCPWARE KRB REALMS file TELNET gt OPEN AUTH KERBV4 BART bart TELNET gt OPEN AUTH MARGE marge W TELNET gt OPEN LISA lt login procedure to LISA gt lisa This example opens a TN3270 connection and prints the next screen that appears to the print queue ENG PRINTER ASCII TELNET gt OPEN DAISY TN3270 PRINT QUEUE ENG PRINTER ASCII login procedure to daisy This example creates a permanent NTA device for the connection to MARGE port 7 for the user application In case the connection goes down it is set up so that automatic reconnection retries occur every 10 seconds for a total of 10 retries OPEN TELNET Connecting to Remote Terminals TELNET gt OPEN LOGICAL MY PORT _TELNET gt CREATE PERMANENT INTERVAL 1
310. mats are the same See the local filename parameter wildcarded remote files Input filespec on the remote host in wildcarded format Wildcards include the or symbol to indicate individual characters and the symbol to indicate multiple characters Examples of local filename Output filespec on the local host If omitted Client FTP uses the remote file filename and extension if it exists unless remote file is a quoted string If used must conform to the OpenVMS filenaming format node username password path node hostname or DECnet node name with OpenVMS Alpha V6 1 and later and all OpenVMS I64 systems the host name can be a domain name or IP address 3 49 PART II User Functions GET username valid account on the host password password PASSCODE if using Token Authentication for the account path location and name of the file You can omit the node username password part of the specification unless it is for a DECnet file If omitted Client FTP uses the current default directory You can use the node path syntax omitting the username and password if you want access to anonymous FTP resources in which case the ANONY MOUS qualifier is implied Qualifiers 3 50 If you omit one of the file type qualifiers ASCII BINARY FORTRAN IMAGE VMS Client FTP transfers the file based on either The current default setting for example ASCII or IMAGE
311. me defined for the allocated NTA device Use only with the CREATE qualifier The table values are PROCESS the default JOB GROUP or SYSTEM The mode values are SUPERVISOR the default or EXECUTIVE PORT port Nonstandard service name or number of the remote port to which you want to connect The default 12 32 OPEN TELNET Connecting to Remote Terminals is 23 for the TELNET Server Use only to connect to a nonstandard server ALTERNATIVE Use the port command parameter DO NOT use both in the same command see Example 12 6 PRINT FILE file NO APPEND QUEUE qname FORM form Prints a TN3270 screen or dumps it into a file Use only with the TN3270 qualifier Provides the functionality of the PRINT key which the TCPWARE MAP3270 DAT file defines by default as follows lprt Ep EP ESCAPE p ESCAPE P Use either FILE or QUEUE but not both FILE file Output file the default is SYS LOGIN TN3270 TXT APPEND appends each print page onto the file NOAPPEND the default creates a new file for each page QUEUE qname Location of the print queue FORM form specifies the form to use when sending the page output to a print queue RAW Specifies a raw binary connection that does not adhere to the TELNET protocol Use only with the CREATE qualifier REALM realm Assigns the name of the Kerberos realm If the Kerberos Server resides in a different realm than the local host use th
312. me device PASSWORD password NOPASSWORD PASSWORD sets the password to access the remote system and causes the RMT server to use the rexec rather than the xshe11 service The password is converted to lowercase unless you enclose it in quotes NOPASSWORD uses the rexec service with a blank password Without either qualifier access to the remote tape device is controlled through the TCPWARE HOST EQUIV and SYSSLOGIN RHOSTS files Use together with USERNAME Using the password value can pose a security risk Also using a null password for which you have to be prompted can cause an error in a command procedure REWIND default NOREWIND REWIND rewinds a tape before its initial use NOREWIND causes the tape to stay in an arbitrary position after running RMTSETUP Not allowed when used with CD ISTREAM NOSTREAM default A tape is normally written as a series of records STREAM ignores record boundaries and returns data read from the tape as a stream of bytes the UNIX model Not allowed when used with CD RMTSETUP RCD and RMT Remote CD ROMs and Tapes Most OpenVMS utilities expect tape drives to operate in non stream mode so take care in overriding the NOSTREAM default TRUNCATE_USERNAME length Truncates the username sent to the RMT server to the specified ength to accommodate requirements of some non OpenVMS systems The default ength is 8 UNLOAD default NOUNLOAD UNLOAD unloads the remote dev
313. me disappears from the Remote Directories field and the file to which it points appears in the Remote Files field You can then treat the file like a regular UNIX file 3 14 FTP Transferring Files Anonymous Users You can access some remote resources as an ANONYMOUS user instead of with your usual username and password This is especially useful for access to sites such as the U S Library of Congress LOCIS LOC GOV that allow anonymous user access to some of their files Anonymous access depends on your use of the ANONYMOUS qualifier with the FTP commands that require a file or directory specification using the node name syntax You can access some remote resources as an ANONYMOUS user in one of the following ways see Figure 3 9 1 By default use the node name file syntax as described below with any FTP command that requires a file or directory specification such as COPY DIRECTORY RENAME and SET DEFAULT This file syntax sends the ANONYMOUS username and your e mail address as a password Thus the following file or directory specification node path is equivalent to node ANONYMOUS your email address path With OpenVMS Alpha V6 1 and later and all OpenVMS 164 systems node can be a domain name or IP address 2 Use the filespec syntax described in Figure 3 8 and optionally add the ANONYMOUS qualifier or deny remote anonymous access using the NOANONY MOUS qualifier Using the node name file syntax and A
314. me on the burst page and send MEMO2 TXT and MEMO3 TXT to the default remote printer LPR J mymemos MEMO1 TXT MEMO2 TXT MEMO3 TXT lpr jmymemos memol txt memol txt memo2 txt memo3 txt This command sends three copies of the MEMO TXT and LETTER TXT files to the default remote printer LPR 3 MEMO TXT LETTER TXT This command LPR t h w72 MEMO LIS Indicates that The file contains UNIX troff formatting code The burst page should not be printed The width of the output should be 72 characters The MEMOLLIS file is sent to the default remote printer PART II User Functions LPRM LPRM Removes one or more jobs from a remote print queue You can remove jobs from remote queues in these situations only The jobs were submitted from your local host Your local host has direct access to the remote host The following files define this access TCPWARE LPD USERS DAT the LPD Access File for TCPware hosts etc hosts lpd etc hosts equiv for UNIX hosts When removing remote jobs from an OpenVMS host use the LPRM command instead of the OpenVMS DELETE ENTRY command LPRM removes files from the TCPWARE LPD SPOOL directory whereas DELETE ENTRY does not The LPRM command displays a message only when it removes a job or encounters an error If it does not delete a job such as when the queue is empty a message does not appear You can specify up to 50 jobs and 50 usernames on one LP
315. mmand TIMEOUT n Agent should delete this key after the timeout value in minutes expires UNLOCK Unlock the locked agent URL Give key to the agent as a URL FILES These files exist in SYSSLOGIN SSH IDENTITY Contains the RSA authentication identity of the user This file should not be readable by anyone but the user It is possible to specify a passphrase when generating the key That passphrase is used to encrypt the private part of this file This is the default file added by SSHADD when no other files have been specified If SSHADD needs a passphrase it reads the passphrase from the current terminal if it was run from a terminal If SSHADD does not have a terminal associated with it but DECWSDISPLAY is set it opens an X11 window to read the passphrase SSHIDENTITY PUB Contains the public key for authentication The contents of this file should be added to SSH AUTHORIZED KEYS on all systems where you want to log in using RSA authentication There is no need to keep the contents of this file secret SSHIRANDOM SEED Seeds the random number generator This file should not be readable by anyone but the user This file is created the first time the program is run and is updated every time SSHKEYGEN is run CERTTOOL certtool options pk10 subject lt subject gt key usage flags extended key usage lt flags gt multinet certview options 12 input_f
316. modification date during a copy PRESERVE and p are equivalent REALM realm Assigns the name of the Kerberos realm Use if the Kerberos Server resides in a different realm than the local host Use with the AUTHENTICATION KERBV4 qualifier and value The RCP client converts realm to lowercase unless you enclose it in quotes RECURSIVE r Recursively copies each subtree rooted at the directory you specify in the UNIX system filespec This makes it possible to copy entire UNIX system directories and their files In OpenVMS specify dir with the three trailing dots in the filespec instead of using RECURSIVE r is the UNIX system equivalent USER remote username User on the remote host Use only if the remote host s hosts or HOSTS file does not include your local host name or username If necessary truncate username to the required number of characters using the TRUNCATE qualifier Converted to lowercase if not enclosed in quotes Do not use with DECnet file syntax TRUNCATE n Truncates the username to the specified n number of characters since some UNIX systems restrict the length of usernames If you omit n the default is eight characters RCP RCP Copying Files Examples 1 This command copies a remote UNIX system source file in its home directory to a local host file of the same name in the current directory The copy preserves the source file s protection mode and modification date rcp preserve uni
317. n vms n sftp vn Default unix BATCH Starts SSH2 in BATCH mode When SSH2 is running in BATCH mode it does not prompt for a password so user authentication must be performed without user interaction 17 4 Secure File Transfer BUFFER SIZE integer Number of bytes of data to transfer in a buffer Default 1s 7500 CIPHER cipher cipher n Lets you select which SSH2 cipher to use COMPRESS Enables SSH2 data compression This can be beneficial for large file transfers over slow links The compression level is set by the client configuration file for SSH2 CONCURRENT_REQUEST integer Number of concurrent read requests to post to the source file Default is 4 DEBUG Enables debugging messages for SCP2 and SSH2 Higher numbers get more messages The legal values are between 0 none and 99 Debugging for SFTP SERVERQ2 is enabled via the TCPWARE SSH SFTP SERVER DEBUG logical DIRECTORY Informs SCP2 that the target specification should be a directory that the source file s will be put in This qualifier is necessary when using wildcards in the source file specification or RECURSIVE HELP Displays command qualifier list and parameter format IDENTITY FILE file Specifies the identity file that SSH2 should use for Public Key authentication PORT number Specifies the port that SSH2 uses on the remote system Note that 1f both the source and destination files are remote this value is applied to
318. n Equivalent to big endian See little endian Glossary 8 Glossary Glossary of Terms Continued Network Control Utility NETCU TCPware s utility program system managers and operators use to configure and control networks that run TCPware Network File System NFS Application layer protocol developed by Sun Microsystems Inc that provides access to a remote computer s files as if they were local files Network Information Central organization of a network with the authority to create Center NIC network names and addresses NIC DDN MIL is the specific Internet NIC that holds the authority to create root servers Network Lock Manager The way in which the Network File System NFS supports file NLM and Status locking Many NFS client systems support file locking even on the Monitor NSM record and byte level as long as the byte ranges do not overlap File locking on the Server is multithreaded where the Server can satisfy more than one lock request at a time The NSM cooperates with other status monitors on the network to notify the NLM of any changes in system status such as when a crash occurs Network Print Services NPS NetWare service that lets OpenVMS users print their files on any printer connected to NetWare LANs Network Time Protocol NTP Protocol that synchronizes timekeeping among a set of distributed time servers and clients NSLOOKUP Utility that
319. n Client TELNET You can also press Ctr1 v to enable keys F7 through F14 Table 12 7 Key Designations for Three Terminal Types Key Name LK201 VT100 type VT52 PFI PFI PFI blue PF2 PF2 PF2 red PF3 PF3 PF3 gray 4 4 4 n a KPO K P9 0 9 0 9 0 9 gt MINUS Enter ENTER ENTER LEFT RIGHT Find E1 Find Insert Here E2 Insert Here 12 24 DEFINE KEY TELNET Connecting to Remote Terminals Table 12 7 Key Designations for Three Terminal Types Continued Key Name LK201 VT100 type VT52 Remove E3 Remove Select E4 Select Prev Screen E5 Prev Screen Next Screen E6 Next Screen HELP Help DO Do F6 F20 F6 F20 equivalence string String to substitute when you press the key If the string contains spaces enclose it in quotes Qualifiers ECHO default NOECHO ECHO the default displays the equivalence string on your screen after you press the key NOECHO disables this Use NOECHO with TERMINATE only STATE state name state name NOIF STATE default STATE specifies one or more state names alphanumeric strings separated by commas for the key definition to be in effect You can omit the parentheses if you specify only one state name NOIF STATE is the default where the current state appli
320. n Table 2 6 Table 2 6 TCPware Features for Providing Access to Network Tape Drives To use it you protocol This need to As a system component Allows you to configure AS a user manager RMT Client Use OpenVMS a pseudodevice see the User 5 commands such on your Guide as BACKUP OpenVMS Chapter 6 RCD MOUNT system using the and RMT COPY and command Remote CD EXCHANGE RMTSETUP ROMs and on remote The remote Tapes backup tape system must drives support the rmt 2 8 Functional Overview Table 2 6 TCPware Features for Providing Access to Network Tape Drives Continued To use it you This need to As a system component Allows you to configure AS a user manager RCD Client Use OpenVMS a pseudodevice see the User 5 commands such on your Guide as BACKUP OpenVMS Chapter 6 RCD MOUNT system using and RMT COPY and command Remote CD EXCHANGE RMTSETUP ROMs and on remote CD The remote Tapes ROM drives system must support the rmt protocol RMT Service Provide a the Berkeley R see the service so that Commands for Management remote clients RMT services Guide can use the The remote Chapter 16 rdump or system must Managing R rrestore support the rmt Commands UNIX utilities protocol to access a magnetic tape on your system Configuring Hosts TCPware provides various components and features with w
321. n a Domain Name System DNS database files Reverse Address Resolution Protocol RARP Protocol used to map the physical hardware addresses to the IP address used on Ethernet and FDDI Diskless machines use this protocol to find their IP addresses from the server rlogin Remote login a Berkeley UNIX system service that allows users of one machine to connect to other UNIX machines across the Internet and interacts as 1f their terminals were directly connected to the machines The software passes information about the user s environment such as terminal type to the remote machine Router Discovery Protocol IETF standard protocol used to inform hosts of the existence of routers without having hosts wiretap routing protocols such as RIP Used in place of or in addition to statically configured default routes in hosts Routing Information Protocol RIP Distance vector protocol for distributing routing information at the local network level of the Internet In distance vector routing each router transmits destination addresses and costs to its neighbors Serial Line IP SLIP A point to point protocol used when you need to route TCP IP traffic over a serial line instead of an Ethernet cable You most commonly use SLIP to connect systems on two Ethernet networks some distance apart Compressed SLIP CSLIP is used to compress the TCP IP headers only and not the data over the SLIP line server Host p
322. n request SSH sends an open channel request to midsys telling it there s a connect request for port 23 on remotesys Midsys will connect to remotesys 23 and send back the port information to mysys Mysys completes the connection request and the TELNET session between mysys and remotesys is now in place using the tunnel just created through the firewall between mysys and midsys 16 21 Accessing Remote Systems with the Secure Shell SSH Utilities traffic between mysys and midsys through the firewall is encrypted decrypted by SSH on mysys and SSHD on midsys and hence is safe TELNET does not know this of course and does not care Note that ports can also be forwarded from a localhost to the remotehost that s running SSHD as illustrated in this figure remotesys SSHD port 2300 port 23 In this example port 2300 on mysys is being forwarded to remotesys 23 To do this use SSH on mysys SSH2 remotesys local forward 2300 remotesys 23 Then also on mysys type telnet localhost port 2300 When SSH and SSHD start their dialog SSHD on remotesys connects back to itself port 23 and the TELNET session is established REMOTE FORWARD remoteport1 remotehost remoteport2 This causes remoteport1 on system to which SSH connects to be forwarded to remotehost remoteport2 In this case the system on which the client is running becomes the intermediary between the other two systems
323. n routing information to determine if the packet is bound for a local address master file directory MFD Root directory 000000 in OpenVMS that 15 the default mount point for an NFS filesystem mount NFS protocol that provides file handles for server access and keeps track of mounts mount point Point on the remote NFS directory tree that you are interested in mounting or the point on the local directory tree where the remote filesystem is attached mounting Process in NFS of attaching a server filesystem to the file structure of a client to make it accessible using the client s normal operating facilities multicasting Special form of broadcasting that delivers copies of the packet to only a subset of all possible destinations See broadcasting multiplexing Transmission of a number of different messages simultaneously over a single circuit multithreading Ability to service transactions from many clients simultaneously network Element of an internet in which two or more hosts are connected with the same communications medium A LAN is an example of an internet network element network byte order Internet standard for transmission of integers that specifies most significant byte appears first Sending machines must translate from the local integer representation to network byte order and receiving machines must translate from network byte order to the local machine representatio
324. nOS Release 4 1 1 GENERIC 10 Fri Feb 9 23 16 21 EST 2007 tulip 1s bin mnt notes test c test def h tulip gt W TELNET SET ESCAPE a STCPWARE TELNET I ESCCHR escape attention character is TELNET gt SHOW STATUS Client TELNET V5 9 1 Copyright c 2007 Process Software Connected session 1 tulip flower com telnet 192 168 1 56 23 a is the escape attention character TELNET RESUME tulip 1s A forward bin test c 2 login mnt test def h cshrc profile notes TELNET gt EXIT Iris Command Reference The following pages consist of command descriptions for the available Client TELNET commands 12 20 TELNET Connecting to Remote Terminals You interact with Client TELNET by typing commands at the TELNET gt prompt Client TELNET supports the following OpenVMS style commands CLOSE SET NO BINARY SET NO LOCAL FLOW DEFINE KEY SET NO BRK SET LOG EXIT SET DEBUG SET PRINT FLUSH SET DELETE ALLOWED SET TERMINAL TYPE HELP SET NO EC SET TRANSLATION OPEN SET NO EL SET NO XDISPLOC RESUME SET NO ESCAPE SHOW OPTIONS SEND SET NO FLUSH SHOW STATUS SET NO AO SET NO FORWARD SHOW TRANSLATION SET NO AYT SET NO GA SPAWN SET NO BACKWARD SET NO IP Table 12 6 TELNET Command Synonyms Synonym Equivalent Synonym Equivalent BYE or QUIT EXIT SET HOST OPEN CONNECT OPEN STATUS SHOW STATUS DISCONNECT CLOSE Z SPAWN ESCAPE SET ESCAPE
325. nVMS library routines in your own applications to provide FTP capabilities Chapter 7 FTP Library Socket Library Use either the HP Computer C Socket Library for OpenVMS Version 5 3 and later or the TCPware Socket Library for earlier version or you are using the Remote Procedure Call routines Chapter 8 Socket Library TELNET Library Use a programming interface to the TELNET protocol Use the TELNET OpenVMS library routines in your own applications to provide FTP capabilities Chapter 9 TELNET Library UCX Compatibility Services Use the BGDRIVER QIO programming interface for compatibility with HP s TCP IP Services for OpenVMS formerly UCX product Chapter 2 UCX Compatibility Services QIO Programming Interfaces Use QIO programming interfaces to TCP IP These include the BGDRIVER TCPDRIVER UDPDRIVER IPDRIVER and INETDRIVER interfaces Chapter 10 SNMP Extendible Agent API Routines 2 16 Functional Overview Table 2 13 TCPware Network Programming Interfaces Continued This component Allows you to As a system programmer see the Programmer s Guide SNMP Extendible Agent Application Programming Interface API Routines Use API routines required for an application program to export private Management Information Bases MIBx using the TCPware SNMP agent Chapter 10 SNMP Extendible Agent AAPI Routines Token Authent
326. ndard logoff procedures Failure to log off properly can create a route into the system that is completely unprotected Protect your SecurID token from physical abuse Do not immerse it in liquids do not expose it to extreme temperatures and do not put it under pressure or bend it Each SecurID token comes with care instructions that you should read and follow Before You Begin Have your ACE Server security administrator fill in the following information before you attempt to log in for the first time The system will assign a PIN to you you cannot create your own See the Receiving a System Generated PIN section You can use a PIN that you make up yourself see the Creating Your Own PIN section Your PIN can contain letters as well as digits Applies to the Standard Card and Key Fob only PINs on the system must be the same number of characters Applies to the Standard Card and Key Fob only All PINs on the system must be the same number of digits Applies to the PINPAD card only Your PIN can contain from through characters Applies to the Standard Card and Key Fob only Your PIN can contain from through digits Applies to the PINPAD card only You can use a duress PIN See the Using a Duress PIN section 14 5 PART II User Functions Receiving a System Generated PIN The following steps allow you to use a system generated PIN 1 For PINPAD only Clear PIN entries from your card Press any number
327. nection For applications run by the creating process use the LOGICAL qualifier to create a predefined name for the device If this device is to be used by another process the qualifier LOGICAL TABLE may help reference it For example TELNET SIGMA CREATE LOGICAL TELNET NTA TABLE SYSTEM MODE EXEC See the OPEN command in the Command Reference for other parameters you can use with the CREATE qualifier Example 12 5 Opening a TELNET Connection to a Terminal Device TELNET MARGE CREATE STCPWARE TELNET I TRYING trying marge nene com telnet 192 168 1 91 23 STCPWARE TELNET I ALOC MARGESNTA1 allocated SET HOST DTE NTA1 DEALLOCATE NTA1 TELNET BART S REM I TOQUIT connection established TELNET Connecting to Remote Terminals Press Ctrl N to quit Ctrl for command mode OpenVMS VAX 5 2 with TCPware for OpenVMS 5 6 Username Ctr1 TELNET gt OPEN CREATE STCPWARE TELNET I ALLOC _NTA1 allocated SET HOST DTE NTA1 DEALLOCATE NTA1 Creating a Permanent NTA Device You can also run applications over a TELNET connection by creating a permanent NTA terminal on the local client This permanent device acts more like a LAT device it is not automatically deleted when there are no process channels assigned to it it can be handed off to other applications and it has reconnect capabilities in case of a connection break This section describes how to create permanent NTA devices To create
328. nections Port numbers are 16 bit values Some standard server port numbers are 21 for FTP 23 for TELNET and 25 for SMTP Servers generally use the port numbers from 0 to 255 User port numbers start at 1024 Specify port numbers in normal VAX byte order unless indicated otherwise Glossary 10 Glossary Glossary of Terms Continued Post Office Protocol Version 3 POP3 Multithreaded server that can handle up to 31 simultaneous client connections POP3 does not perform any mail delivery functions but simply allows clients mostly PCs to retrieve new mail from local inboxes principal Kerberos client and server names in the format name instanceGrealm For clients name is the user s login name for servers name is the service name See instance and realm print symbiont Privileged process used to manage a queue of jobs sent to a local or remote printer Product Authorization Key PAK HP s product licensing mechanism protocol Standard that defines how computers on a network communicate with each other PROXY database Database on the NFS client or server system that authorizes a client s access to the remote host s filesystems The database contains the UNIX identity of its client consisting of a UID and GID Quote of the Day service QUOTED TCP based character generator service that listens for TCP connections on TCP port 17 Once you establish a connection the service sends
329. nent Allows you to need AS a user manager Line Printer Send files to to define the see the User 5 see the Services remove jobs remote printers Guide Management from and during Chapter 5 Guide display the installation Networking Chapter 15 status of remote Printing Managing Print print queues Services using UNIX like commands Line Printer Services also provides a server so that remote users can access local print queues Terminal Server If you are ona Use the regular see the User 5 see the Print Services TCP IP PRINT QUEUE Guide Management network send commands Chapter 5 Guide Chapter files to printers Network 15 Managing connected to Printing Print Services remote terminal servers the Terminal Server Print Services section Functional Overview Logging In to Remote Hosts You can log in to and execute commands on remote hosts using the RLOGIN or RSH features of TCP OpenVMS or TELNET OpenVMS Log in to or emulate remote hosts using the components in Table 2 4 Table 2 4 TCPware Components for Logging to Remote Hosts This AS a system As a system component Allows you to programmer AS a user manager RLOGIN Use a UNIX see the User 5 see the like command to Guide Management log into a Chapter 8 Guide remote host RLOGIN Chapter 16 Logging In to a Managing R Remote Host Commands RSH Use a UNIX see the User 5 se
330. nfiguration file is hostname keyword value keyword value hostname2 keyword value keyword value For example 16 12 for different destination Accessing Remote Systems with the Secure Shell SSH Utilities petunia port 17300 user dilbert host petunia flowers com rose port 16003 user dogbert host rose flowers com allowedauthentications password beans com user limabean keepalive no ciphers 3des twofish In the preceding example When a user types SSH PETUNIA the client will connect to port 17300 on petunia flowers com and will use the default username of dilbert When a user types SSH ROSE the client will connect to port 16003 on host rose flowers com and will use the default username of dogbert and only allow password authentication When a user types SSH lt anything gt BEANS COM the client will use the default username of limabean will not send keepalives and will only allow 3DES or TWOFISH encryption The user may override defaults specified in configurations Options that are specified on the command line override any like options in the configuration file For example if the user wants to use a username of catbert when connecting to host rose instead of the default username of dogbert this would be specified as SSH USER CATBERT ROSE Authorization File Options The authorization file has the same general syntax as the co
331. nfiguration files The following keywords may be used Key This is followed by the filename of a public key in the SSH2 directory file that is used for identification when contacting the host If there is more than one key they are all acceptable for login 16 13 Accessing Remote Systems with the Secure Shell SSH Utilities Options This keyword if used must follow the Key keyword above The various options are specified as a comma separated list See below for documentation of the options Command This keyword 15 deprecated though it still works Use Options instead Options that can be specified allow from and deny from Specifies that in addition to public key authentication the canonical name of the remote host must match the pattern s These parameters follow the logic of Allow Deny Hosts described in detail in sshd2 config Specify one pattern per keyword and multiple keywords can be used command command This is used to specify a forced command that will be executed on the server side instead of anything else when the user is authenticated This option might be useful for restricting certain public keys to perform just a specific operation An example might be a key that permits remote backups but nothing else Notice that the client may specify TCP IP and or X11 forwarding unless they are explicitly prohibited idle timeout time Sets idle timeout limit to time in seconds s or nothing
332. nformation Client TELNET displays messages when it sends or receives TELNET options NETINPUT Logs data that Client TELNET receives and sends while in TN3270 mode NETOUTPUT Logs data that Client TELNET sends while in TN3270 mode NONE Disables the display of all classes TTYINPUT Logs data entered by the user at the terminal The initial setting is NONE SET DEBUG alone or SET DEBUG CLASS without the keyword shows the current debug classes Examples 1 This example enables the display of options negotiation information TELNET gt SET DEBUG CLASS OPTIONS 2 This example enables the display of options negotiation information and log data sent and received while in TN3270 mode TELNET gt SET DEBUG CLASS OPTIONS NETINPUT 12 46 SET DELETE ALLOWED TELNET Connecting to Remote Terminals SET DELETE ALLOWED Allows deletion of an NTA device originally set up as permanent The deletion occurs when there are no process channels assigned to the device See the OPEN CREATE command for details on creating permanent NTA devices Format SET DELETE ALLOWED nta device Parameter nta device NTA device set up using OPEN CREATE PERMANENT Example This example allows the NTA33 device to be deleted when no channels are assigned to it TELNET SET DELETE NTA33 12 47 PART II User Functions SET NO EC SET NOJEC Defines changes or disables the erase character EC char
333. ng off Rexmt interval 4 seconds Max timeout 20 seconds tftp timeout 40 tftp stat Connected to spica nene com Mode netascii Tracing on Rexmt interval 4 seconds Max timeout 40 seconds tftp timeout 30 tftp stat Connected to spica nene com Mode netascii Tracing on Rexmt interval 4 seconds Max timeout 28 seconds 13 10 TIMEOUT TFTP Trivial File Transfers TIMEOUT Sets the total retransmission period in seconds The initial value is 25 seconds Note Minor adjustments to the specified retransmission period as reported using STATUS can occur based on concurrent changes made to the retransmit timer setting REXMT The retransmission period is calculated based on the following formula Max timeout Rexmt interval x Tries The Tries value must be an integer value Thus if the Max timeout specified using the TIMEOUT command forms a non integer ratio with the Rexmt interval value the Max timeout is adjusted accordingly See the example Format TIMEOUT time Parameter time The total retransmission period in seconds If omitted the value is 25 seconds Examples Note the way in which the retransmission period is adjusted in this example tftp connect spica tftp stat Connected to spica nene com Mode netascii Tracing off Rexmt interval 5 seconds Max timeout 25 seconds tftp rexmt 4 tftp stat Connected to spica nene com Mode netascii Tracing off Rexmt interval 4
334. ng covered works following that installation process must not cause the person following that process to violate this license knowingly or unknowingly In the event that the producer of a distribution containing covered files accidentally or wilfully violates this clause persons other than the producer of such a distribution shall not be held liable for such violations but are not otherwise excused from any requirement of this license 13 COVERED WORKS ARE PROVIDED AS IS ISC DISCLAIMS ALL WARRANTIES WITH REGARD TO COVERED WORKS INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 14 IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE DATA OR PROFITS WHETHER IN AN ACTION OF CONTRACT NEGLIGENCE OR OTHER TORTIOUS ACTION ARISING OUT OF OR IN CONNECTION WITH THE USE OF COVERED WORKS Use of covered works under different terms is prohibited unless you have first obtained a license from ISC granting use pursuant to different terms Such terms may be negotiated by contacting ISC as follows Internet Software Consortium 950 Charter Street Redwood City CA 94063 Tel 1 888 868 1001 toll free in U S Tel 1 650 779 7091 Fax 1 650 779 7055 Email info isc org Email licensing isc org DNSSAFE LICENSE TERMS This BIND software includes the DNSsafe software from RSA Data Security Inc which is copyrighted software
335. not use USER or PASSWORD when using DECnet syntax for a source or destination host username password filespec You also cannot use DECnet syntax for both source and destination as for a remote to remote copy that involves two passwords destination Destination host and pathname information in the same format as source Qualifiers AUTHENTICATION auth type Determines the authentication method If KERBVA4 or you omit the value uses Kerberos v4 authentication If NULL or you omit the qualifier uses standard authentication LOG Logs the files copied to or from the local system The default is not to log Logging only applies to the first remote host transaction in a third party copy 7 3 PART II User Functions RCP VMS MULTINET TCPWARE default NOVMS If VMS is omitted RCP by default attempts a TCPware style VMS mode transfer This retains VMS file attributes across copies Use VMS MULTINET to do a transfer involving a MultiNet machine Use NOVMS only if you get the error DCL W IVKEYW unrecognized keyword check validity and spelling with the RCP command NOVMS disables maintaining VMS file attributes during a third party copy PASSWORD remote password Password for the remote account Use with the USER qualifier Do not use with DECnet source or destination syntax CAUTION The password is sent across the network as plain text 7 4 PRESERVE P Preserves the file protection mode and
336. ns REMOTEHELP REMOTEHELP Accesses the remote FTP server s on line help See HELP to bring up Client FTP s on line help Format REMOTEHELP topic Equivalents HELP REMOTE topic HELP REMOTE SITE REMOTEHELP SITE SITE HELP QUOTE HELP SITE Parameter topic Optional topic for which you want help from the remote server If you do not specify a topic HELP provides you with a list of topics and prompts you to choose one RENAME FTP Transferring Files RENAME Renames a file on the remote host Graphical User Interface Equivalent TCPware FTP OpenVMS File Transfers Select file in Remote Files Give file new name in New Remote File Dir Name Rename Format RENAME old name new name Parameters old name File on the remote host to rename The remote filespec must conform to the filenaming conventions of the remote host Enclose the filespec in quotes if it contains delimiters or symbols the FTP server can interpret in special ways If a remote OpenVMS file the specification is node username password path node hostname or DECnet node name with OpenVMS Alpha V6 1 and later and all OpenVMS 164 systems the host name can be a domain name or IP address username valid account on the host password password PASSCODE if using Token Authentication for the account path location and name of the file You can omit the node username password part of the specification
337. ns for translating a hostname into an internet address or vice versa the HOSTS file and Domain Name System DNS The HOSTS file supports any naming conventions you wish to use Typically use of a HOSTS file involves using a flat namespace For larger networks and the Internet systems now more commonly use the Domain Name System DNS idempotency Remote Procedure Call RPC jargon for performing an operation more than once with identical results and without causing any harm For example an NFS server receives a delete file request from a client deletes the file and sends a success reply but the network loses the reply before it reaches the client Because the client does not receive a reply it sends the delete file request again Rather then process the request again and send a false error message stating that the file does not exist the server simply retransmits the original reply instance In Kerberos authentication identifies an instantiation of a principal name such as the name of the system running a server internet Network formed by connecting dissimilar hosts and networks with TCP IP protocols When capitalized Internet this term refers to the ARPANET the DARPA internet that forms the backbone of internet research Glossary 6 Glossary Glossary of Terms Continued internet address Unique 32 bit value assigned to each host in an internet internet communicatio
338. ns only to the current session Automatically resumes the current session Use the SET NOBINARY command to initiate negotiations to disable the TRANSMIT BINARY option for the client and server Format SET BINARY SET NOBINARY 12 43 PART II User Functions SET NO BRK SET NO BRK Defines changes or disables the break BRK character If you define the BRK character during a TELNET session Client TELNET sends the TELNET BRK control function to the server instead of the actual character Ignored if TN3270 mode is active The Server ignores the break character Format SET BRK char SET NOBRK Parameter char When entered this character sends the TELNET break control function to the server Specified in either of the following formats Numeric ASCII value of the character String Character string enclosed in quotes Specify control characters by typing a caret before the character There is no default BRK character Define the initial BRK character using the TCPWARE TELNET BRK logical name in the process job group or system logical name tables To define the logical use one of the following formats DEFINE PROCESS TCPWARE TELNET BRK 29 DEFINE PROCESS TCPWARE TELNET BRK Both commands set the break character to Ctr1 ASCII 29 They are equivalent Qualifiers FLUSH default NOFLUSH If you specify FLUSH Client TELNET discards all characters currently
339. ns with a particular host use its internet address TCPDRIVER UDPDRIVER IPDRIVER INETDRIVER and BGDRIVER use internet addresses to identify a host on the network Each host on the network assumes a unique internet address Internet addresses are 32 bit values Internet addresses are in reverse VAX byte order the most significant byte of the internet address is in the least significant byte of the longword value Internet Control Message Protocol ICMP Performs a function of IP by providing a communications facility for gateways and hosts Internet Message Access Protocol IMAP Allows IMAP compliant mail programs to access messages stored remotely as if the storage were local Internet Protocol IP Basis of TCP IP providing the network interface and message routing services for the higher level protocols Internet Printing Protocol IPP The IPP print symbiont is an OpenVMS print symbiont working with the OpenVMS printing subsystem to implement an IPP Client It allows printing over a network to printers and servers that support the IPP v1 0 network printing protocol IP routing Mechanism provided by IP to deliver datagrams from the source to the destination IP Security Option IPSO U S Department of Defense standard for protecting datagrams over the network Kerberos Authentication system for open systems and networks Kerberos uses a set of encrypted keys and tickets for authentic
340. nse 3 If you take significant portions of any source file covered by this license and include those portions in some other file then you must also copy the Bootstrap License into that other file and that file becomes a covered file You may make a good faith judgement as to where in this file the bootstrap license should appear 4 The acronym ISC when used in this license or generally in the context of works covered by this license is an abbreviation for the words Internet Software Consortium 5 A distribution as referred to hereafter is any file collection of printed text CD ROM boxed set or other collection physical or electronic which can be distributed as a single object and which contains one or more works covered by this license 6 You may make distributions containing covered files and provide copies of such distributions to whomever you choose with or without charge as long as you obey the other terms of this license Except as stated in 9 you may include as many or as few covered files as you choose in such distributions 7 When making copies of covered works to distribute to others you must not remove or alter the Bootstrap License You may not place your own copyright message license or similar statements in the file prior to the original copyright message or anywhere within the Bootstrap License Object files and executable files are exempt from the restrictions specified in this clause 8 Ifthe version of a c
341. nsfers Enter new directory name in New Remote File Dir Name Make Dir Format CREATE DIRECTORY remote directory Synonym MKDIR Parameter remote directory Directory to create on the remote host in the format node username password directory To open a connection first use the node username password part of the format This syntax is optional If you omit the parameter and a connection is already open Client FTP uses the current default directory The directory part of the format is any valid remote directory specification Enclose the specification in quotes 1f it contains special characters or embedded spaces or is case sensitive Use the node directory syntax to create an anonymous user directory The ANONYMOUS qualifier is implicit Qualifier ANONYMOUS NOANONYMOUS Enables ANONYMOUS or denies NOANONY MOUS creation of anonymous user directories You can omit ANONYMOUS if using the node file syntax node pathname See Anonymous Users Examples 1 These commands are equivalent and create a directory USERS on the remote OpenVMS host SYSI with the username and password specified explicitly FTP gt CREATE DIRECTORY SYS1 SMITH SECRET USERS FTP gt mkdir sysl smith secret users PART 1 User Functions CREATE DIRECTORY 2 All three of the following commands create a directory USERS in the anonymous directory on the remote OpenVMS host SYS2 FTP gt CREATE DIRECTORY SYS2 USERS
342. ntain information from a previous request to process a new one The Network File System NFS is an example of a stateless operation stratum Number for a peer in the Network Time Protocol NTP that identifies the relative hierarchy of the peer Lower strata peers act as time servers while higher strata peers are clients who adjust their time clocks according to these servers An Internet Time Server ITS on the network is assigned stratum 1 because it has radio clock generated time based on Universal Coordinated Time UTC stream service TCP service that transfers data in a continuous flow without the use of markers to show the beginning or end of messages STREAM LF file Record structure OpenVMS uses where it views the file s records as a continuous stream of bytes delimited by a line feed LF character subnetwork subnet Subdivision of a network used to provide a means to logically group hosts within a large network Glossary 13 PART II User Functions Glossary of Terms Continued subnet mask Thirty two bit internet address created by taking bits from the host number and using them to extend the network mask Hosts and gateways local to a subnet use the subnet mask for local routing superuser UNIX or NFS user having almost unlimited privileges The superuser usually has a User ID UID of 0 symbiont Process that transfers record oriented data to or from a device
343. ntication You can log in to the remote host with a different username by specifying the USER qualifier When RLOGIN starts up it processes the flow control characters Ctrl S and Ctrl Q locally unless the remote host instructs otherwise RLOGIN passes all other keystrokes directly to the remote process and perform according to conventions established on the remote host The special RLOGIN commands in Table 8 1 are available once you start the connection to the remote host Enter the special RLOGIN commands as the first character on a line Table8 1 Special RLOGIN Commands Command Purpose Closes the connection and exits RLOGIN Z Spawns a subprocess on the local host and connects SYSSINPUT SYSSOUTPUT and SYSSERROR to that process When the subprocess logs out control returns to the remote session Note You cannot spawn with CAPTIVE accounts Sends a single tilde to the remote system Format RLOGIN host Parameter host Name or internet address of the remote host where you want to log in Qualifiers AUTHENTICATION auth type Determines the authentication method If KERBVA4 or you omit the value uses Kerberos v4 authentication If NULL or you omit the qualifier uses standard authentication EIGHTBIT Accepts eight bit data from the terminal and sends it to the remote system The default is that only seven bit data is sent 8 3 PART II User Functions RLOGIN 8 4 ES
344. ntil a PROTECTION PRIVATE command has been issued VMS default NOVMS VMS negotiates for VMS file structure NOVMS does not If omitted SET VMS or SET NOVMS determines the outcome see the SET VMS command for details Note The OPEN VMS and OPEN NOVMS settings override SET VMS and SET NOVMS Examples 1 The following opens a connection to SYS1 If successful you have to enter a username and password FTP gt OPEN SYS1 2 The following DCL level command opens a connection to SYS1 The line includes the username and password so that you can use the command procedure interactively or in batch processing FTP OPEN SYS1 smith opensesame OPEN FTP Transferring Files 3 The following DCL level command opens a connection to SYS1 but uses a Token Authentication PASSCODE derived from the SecurID card instead of the password FTP OPEN SYS1 smith 1234987654 3 57 PART II User Functions PROTECTION PROTECTION Set the protection for the data port after doing TLS authentication RFC 2228 defines CLEAR PRIVATE SAFE and CONFIDENTIAL but RFC 4217 specifies that only CLEAR and PRIVATE can be used with TLS The PROTECTION command does an FTP PBSZ protection buffer size command followed by an FTP PROT command The PROTECTION should be specified before returning the command channel to clear text mode as the RFCs specify Format PROTECTION level Parameters CLEAR Data transfers take place in the clear as
345. o be used when building To addresses on outgoing messages For example to have messages sent to SMTP Joe construction to be delivered to SMTP Joe construction bedrock com TCPWARE LOCALDOMAIN would be defined as bedrock com TCPWARE_NAMESERVERS List of IP addresses for DNS lookups TCPWARE SMTP A1 NAME Used in forming the username portion of return addresses for ALL IN 1 users TCPWARE SMTP ACCEPT UNIX LF Tells the SMTP agents to accept lines sent by some UNIX systems that are terminated with a linefeed only instead of the proper carriage return linefeed combination TCPWARE SMTP ALLOW USER FROM Allows users to override their From address on outgoing mail by specifying FROM xxx yyy as the first line of outgoing mail messages TCPWARE SMTP ALLOW VIRTUAL DOMAIN Allows the use of virtual domains in TCPware SMTP environment Without this logical defined incoming aliases are assumed to be local addresses only If your system supports multiple virtual domains and uses in the alias file to reroute traffic based on those domains you must define this logical TCPWARE SMTP AM DOMAIN Domain name used when forming return addresses for ALL IN 1 users TCPWARE SMTP AM NAME Used in forming the username portion of return addresses for ALL IN 1 users TCPWARE SMTP APPEND FORWARDER TO MX Specifies that the default SMTP forwarder if defined is appended to the end of an MX list for
346. ob classification is the domain name of the local host PARAMETERS parameter I parameter 8 Allows you to specify UNIX LPR command options that do not have OpenVMS equivalents If you enter only parameter 1 you can omit the parentheses You can enter up to eight parameters parameter 1 sends jobs to a specific remote printer Enter either a system logical name or printer host This parameter overrides the printer defined by the TCPWARE LPR qnrame PRINTER DEFAULT logical If you choose to use the default printer and want to enter subsequent parameters in the same command line you must enter double quotation marks in place of parameter parameter 2through specify the following LPR UNIX options c d g i 1 m n parameter 8 p t T v x Z 1 2 3 4 You can use leading hyphens but they are not required Enclose the option in quotation marks for example t The option is unnecessary the OpenVMS process that controls OpenVMS print queues automatically specifies this filter for FORTRAN carriage control files Each parameter can include more than one option However you must enclose all options within the same set of quotation marks for example m g i Note Some LPD servers that reside on non UNIX hosts such as the one provided by TCPware do not support the following LPR UNIX options p t n d g v c i w z 1 2 3 4 PASSALL NOPAGE Uses a transpa
347. ocal VMS Mail users without using EXQUOTA TCPWARE VMSMAIL REPLY CONTROL Specifies which header to use to determine the sender of a message Reply To or From TCPWARE VMSMAIL USE RFC822 TO HEADER Sets the maximum length of the RFC822 To header line when sending outgoing mail The default is 1024 The range can be set from 256 to 65535 TCPWARE TCLB BIAS Define this logical with a multiplier and an addend as two values of the logical Both are real numbers You can use these values to bias a load offered to the host For example the following command doubles the observed load and adds 1 5 users DEFINE SYSTEM TCPWARE TCLB BIAS 2 0 1 5 TCPware re translates this logical before it sends each response This means that some other process can change it dynamically or you can set it statically TCPWARE TELNET WINDOW Specifies the window size that the TELNET server offers to the peer The default value is 4096 If the value is less than 512 TELNET uses 4096 TCPWARE TELNETD DEFCHAR Sets up the default terminal characteristics for TELNET sessions You can avoid having to change the SYSGEN TTY DEFCHAR and TTY DEFCHARO2 fields system wide This logical forces the hangup bit set To prevent the forcing of the hangup bit set use the TCPWARE TELNETD NO FORCED HANGUP logical TCPWARE TELNETD FLAGS Setting either bit 0 or 1 can improve server performance and reduce system processing overhead The d
348. oe ar do aedium PODER 13 1 Invoking TETP RE E RE R aie ER e 13 1 xiv Contents Command Reference RR 13 1 Chapter 14 Token Authentication Protecting Logins IntroductiOD ca 5 estote a te cet Lei d cies LM LO EM EIS 14 1 What Ts the ACE Chent ettet Ie E Ha e Re et ect RR 14 1 NA 14 2 Identifying the SecurID Token Type sees enne nenne 14 2 Login Interfaces pd el b IER Se actin 14 3 Logging In with a SecurID Token essere enne nennen enne ener 14 4 User Responsibilities iiec eH ge e Gade IR ed de e E Eee E tae 14 4 Before You sse unos etn eet ite teneis tenet 14 5 Receiving a System Generated PIN sess enne 14 6 Creating Your Own PIN e Hoe a e e E EE CE ESO 14 6 Login Steps 2 rt ta vU eem a T tus 14 8 Next Gode oett te En aed ene ttd 14 8 Using Duress BIN e eet Re ORDRE GE RS OE 14 8 Chapter 15 WHOIS Username Directory Services Chapter 16 Accessing Remote Systems with the Secure Shell SSH Utilities SSH Protocol Spp Tte a teat rede e e oi e Dee ES deett us 16 1 Secure Shell Client remote login program ccccssessecsscesecesceseeecesceeeesceeeeeeeeseeeaeeaeenseeeeaees 16 3 Initial Server System Authentication eene ene 16 3 Hostbased Authentication 16
349. ollowing in your LOGIN COM file ASSIGN SYSSLOGIN NETCUSTART COM NETCU STARTUP When you start NETCU NETCU STARTUP points to the specified file SYSSLOGIN NETCUSTART COM for example and processes all the commands Note The system ignores all commands following an EXIT or QUIT command in the file NETCU ignores any commented out command lines in files such as SERVICES COM that are used as input to NETCU The commented out line in the file should begin with the the or the character NETCU does not execute the command line until you remove the character SSH DIR Points to the directory where SSH s master server log file is kept Normally this 1s TCPWARE COMMON TCPWARE B 1 PART III Appendixes Table B 1 TCPware Logicals Continued SSH2 DIR Points to the directory where the SSH master server log file is kept Normally this is TCPWARE COMMON TCPWARE SSH2 SSH EXE Points to the directory where SSH executables are kept Normally this is TCPWARE COMMON TCPWARE It is defined through TCPWARE CNFNET SSH The configuration procedure should write these to the common configuration file and check the values at start up and delete them at shutdown SSH LOG Points to the directory where the log files are kept Normally this is TCPWARE COMMON TCPWARE LOG It is defined through TCPWARE CNFNET SSH The configuration procedure writes these to the common configuration file and check the v
350. ommands in the Command Reference Graphical user interface method See Figure 3 7 1 To close an FTP connection from the TCPware FTP OpenVMS File Transfers window click the Connections option on the menu bar and click the Close option The information in the Remote part of the screen disappears To reopen a connection click the Connection option on the menu bar and click the Open option Open is initially greyed out To exit from FTP entirely from any of the DECwindows screens click the File option on the menu bar and click the Exit option Figure3 5 Closing from the Command Line Eta FTP FTP gt OPEN THETA _Username smith REMOTE_SMITH _Password FTP gt FTP gt GETTEST TXT 1 FTP gt CLOSE 2 FTP gt EXIT Eta Checking Directories After you establish an FTP connection you can check the directories on the remote or local host to locate the file s you want To check remote directories and determine the file format type when in FTP see Figure 3 7 1 Open the FTP connection and enter FTP gt DIRECTORY e Use the CD or SET DEFAULT REMOTE command to move to other directories on the remote host e Ifyou use the menu driven method see the Remote part of the FTP for TCPware for OpenVMS screen see Figure 3 3 You can double click any of the listed directories change the pathname in the Current Remote Directory field or use the Go Up button in the middle of the screen 3 9 PAR
351. on 12 10 PASSCODE 14 2 PASSIVE 3 78 passphrase 16 32 16 33 forgotten 16 27 lost 16 27 PDP 11 operating systems 1 8 TCPware for IAS 1 8 RSX 1 8 RT 11 1 8 TSX 1 8 PIN 14 2 creating your own 14 6 port forwarding definition 16 21 PRINT 5 14 qualifiers 5 4 print queues 5 21 public key cryptography 16 4 PUT 3 13 pwdlifetime B 27 online help 1 OpenVMS character sets 12 16 mail addresses specifying 10 1 host alias specifying 10 3 individual aliases specifying 10 3 to folders delivering 10 4 under ALL IN 1 using 10 4 user defined headers 10 4 using across network 10 1 Index 6 R RCD client 6 1 RCD RMT command RMTSETUP 6 3 RCP command RCP 7 3 reader s comments 1 xxi RekeylntervalSeconds 16 12 remote filesystem access 2 1 hosts logging in to 2 5 system commands CD 3 23 DELETE 3 23 DIR 3 23 Is 3 23 LIST 3 23 MKDIR 3 23 PWD 3 23 QUOTE 3 23 REMOTEHELP 3 23 RENAME 3 23 SITE 3 23 USER 3 23 remote login program host based authentication 16 3 password authentication 16 5 public key authentication 16 4 Index RemoteForward 16 12 Requests for Comments RFCs A 1 RFCs implemented by TCPware for OpenVMS 2 RLOGIN 8 3 commands 8 3 RMT client 6 1 RSA authentication 16 32 RSA authentication identity 16 33 RSA based authentication 16 4 RSA based host authentication 16 4 RSH command RSH 9 2 S SCP qualifiers 17 3 17 11 SCP switch BATCH 17 3 CIPHER 17 3 COMPRESS
352. onverted to lowercase unless you enclose them in quotes Command Reference A description of each Kerberos user command follows 4 2 GET TGT Kerberos User Commands GET TGT For Kerberos users Gets the ticket granting ticket TGT that allows you to get application service tickets This process authenticates you to the Kerberos Server which is considered to be a trusted secure machine TGTs are required to obtain an application service ticket from the Kerberos Server The name of the ticket file is determined by the TCPWARE KERBVA4 TKFILE logical usually set to SYSSLOGIN KERBVA TICKET You must enter your Kerberos password with this command Your OpenVMS login name is used for the Kerberos username unless the USERNAME qualifier specifies otherwise GET TGT is equivalent to the UNIX command kinit Format GET Password password Parameter password User s Kerberos password that authenticates the user to the Kerberos Server Converted to lowercase unless you enclose it in double quotes Qualifiers INSTANCE instance Usually omitted for a general Kerberos user admin for an administrative user See your Kerberos administrator to determine your Kerberos instance name Converted to lowercase unless you enclose it in double quotes LIFETIME minutes Lifetime of the TGT in minutes ranging from 5 to 1275 minutes The default lifetime is 480 minutes 8 hours REALM realm Optional Kerberos realm to
353. or a new tokencode to appear The stack of countdown indicators on the left side of the LCD lets you know how soon the code will be changing If the system displays the message Access denied instead you may have typed in your PASSCODE incorrectly Try again If you are repeatedly denied access even though you are typing your PASSCODE correctly contact your system administrator Next Code Prompt Usi 14 8 On the third attempt to log in with a valid PIN but with an invalid tokencode the system asks you to enter the next code that appears Please enter the next code from your token Wait until the stack of countdown indicators on the left side of the LCD tokencode goes down and the code changes then go ahead and carefully type the new one followed by Return If you are not granted access after correctly entering the next code contact your system administrator ng a Duress PIN If your system has the duress PIN option installed you have two PINs a regular PIN and a duress PIN Use your regular PIN for normal logins Use the duress PIN if you are ever forced to log in by an unauthorized person attempting to gain system access If you use your duress PIN you are granted access and you will see no difference in operation However the system notifies administrators that you were forced by an intruder to log in Token Authentication Protecting Logins Your duress PIN is your regular PIN with 1 added to it but with no carrying
354. or example ASCII or image In VMS Plus mode file transfers use File Descriptor Language FDL information to create output files Format ENABLE VMS PLUS DISABLE VMS PLUS 3 46 ERROR EXIT FTP Transferring Files ERROR EXIT Exits FTP with a specified status 1f an error occurs in the previous FTP command This feature is useful when running FTP from a command procedure Note that you exit FTP OpenVMS if you try to use this command interactively Format ERROR EXIT status Parameter status Optional status value the DCL STATUS symbol returns if FTP exits Specifies which command or sequence of commands failed If omitted Client FTP uses the status value of the last error Note Client FTP reports the STATUS as the status value ORd with x10000000 Example The following example is part of a DCL command procedure SET NOON FTP OPEN LILAC SMITH PASSWORD ERROR EXIT X10000010 PUT DATA FILE1 TXT ERROR EXIT X10000020 PUT DATA FILE1 IMG ERROR EXIT X10000030 PUT DATA FILE1 DES ERROR EXIT X10000040 EXIT FTP EXIT STATUS SSTATUS SET ON IF FTP EXIT STATUS EQ X10000010 THEN GOTO LOGIN FAILED IF FTP EXIT STATUS EQ X10000020 THEN GOTO TRANSFER 1 FAILED This command procedure transfers several files and uses ERROR EXIT to detect if any of the transfers fail EXIT STATUS returns the following values X10000010 if the connection or login to LILAC fails x100000
355. or message is included in the MESSAGES help it identifies the TCPware component and provides a meaning and user action See the Instructions under MESSAGES Obtaining Customer Support XX You can use the following customer support services for information and help about TCPware and other Process Software products if you subscribe to our Product Support Services If you bought TCPware products through an authorized TCPware reseller contact your reseller for technical support Contact Technical Support directly using the following methods Electronic Mail E mail relays your question to us quickly and allows us to respond as soon as we have information for you Send e mail to support process com Be sure to include your Name Telephone number Company name Process Software product name and version number Operating system name and version number Describe the problem in as much detail as possible You should receive an immediate automated response telling you that your call was logged Telephone If calling within the continental United States or Canada call Process Software Technical Support toll free at 1 800 394 8700 If calling from outside the continental United States or Canada dial 1 508 628 5074 Please be ready to provide your name company name and telephone number World Wide Web There is a variety of useful technical information available on our World Wide Web home page http
356. originated the connection If this process takes a long time it can stall all other connections both active and new To adjust how long the FTP server is allowed to take to look up the host name set the logical TCPWARE FTP GETHOST MAX TIME to the VMS delta time that can elapse before it gives up The default value 10 seconds 0 0 0 10 TCPWARE FTP IDLE TIMEOUT Changes the timeout for FTP connection attempts to something other than the default of 10 minutes The FTP server checks the timeout when you enter and complete a command You can set this logical any time and it effectively changes the idle timeout for open non idling connections as well as for any future ones Make sure to use delta time for the time syntax DEFINE SYSTEM EXECUTIVE TCPWARE FTP IDLE TIMEOUT 0 00 20 00 This example changes the idle timeout to 20 minutes The default is 10 minutes if no time is specified Setting the value to 0 disables idle timeout B 7 PART III Appendixes Table B 1 TCPware Logicals Continued TCPWARE FTP KEEP DIR EXT Sometimes the FTP server strips the DIR extension from the file name of a directory when the NLST function is requested The FTP server looks for TCPWARE FTPD KEEP DIR EXT and if defined does not remove the DIR extension DEFINE SYSTEM EXECUTIVE TCPWARE FTPD KEEP DIR EXT TRUE To return to the default behavior remove this logical TCPWARE FTP NOKEEPALIVES When TCPWARE FTP NOKEEP
357. osed The default 15 NOT to close the TCP connection Use with the PERMANENT keyword only INTERVAL seconds Connection retry interval the minimum time to wait until another connect is attempted The default is 120 seconds two minutes Use with the PERMANENT keyword only KEEPALIVE or Controls whether keepalive segments are sent to the remote port NOKEEPALIVE The default is KEEPALIVE Also applies to non permanent NTA devices when using OPEN CREATE without the PERMANENT keyword NOOPCOM Specifies that no OPCOM messages are used when a permanent NTA device fails to reconnect or reconnects after an initial failure OPCOM messages are sent by default 12 31 PART II User Functions OPEN NOTCONNECTED OK A permanent NTA device is created even if a TCP connection cannot initially be set up RETRIES number Number of times to try to reconnect after a connection breaks the default is 1 handled as an unsigned number and thus actually 4 294 967 295 which is in effect infinite Use with the PERMANENT keyword only SHUT ABORT Specifies that a permanent NTA device will do extra TCP device cleanup after the underlying TCP connection is shutdown This is similar to doing NETCU gt KILL CONNECTION for a closed TCP device Setting RETRIES to 0 means that when either end closes the TCP connection no reconnects automatically occur However a reconnection attempt is made without delay when a
358. ote system VMS file specifications may be used when operating in VMS mode A logical name must include the trailing colon so that it can be recognized as such SFTP from other vendors cannot use VMS specifications due to the way that SFTP works CHMOD R lt mode gt file file Change the protection on a file or directory to the specified octal mode Unix values R recurses over directories CLOSE Closes connection to the remote server DEBUG disable no debug level Sets the debug level for SFTP2 It does not change the current debug level for SSH2 for an existing connection but will be used with SSH2 for a new connection With disable or no this disables all debugging current sessions for SFTP2 DELETE lt file specification Removes the specified file from the remote system DIRECTORY lt file directory specification Displays the contents of the current directory or specified directory in VMS format when the transfer mode is VMS File names are displayed as they would be with a DIRECTORY command from DCL EXIT Exits SFTP client 17 14 Secure File Transfer Table 17 3 SFTP2 Commands GET preserve attributes p lt file1 gt Retrieves the specified file s from the lt file2 gt remote system and stores it in the current working directory on the local system File names are case sensitive and in UNIX format When operating in VMS mo
359. ote host is currently open FTP gt COPY DATA1 TXT DATA2 TXT REMOTE FTP gt GET DATA1 TXT DATA2 TXT 3 Each of the following commands copies all BAS files from a remote OpenVMS host to the local host The MULTIPLE qualifier and the asterisk wildcard are used in the COPY command and they are omitted in the equivalent MGET command FTP gt COPY BAS REMOTE MULTIPLE FTP gt MGET BAS 4 The issuer of the following command wants to copy all local SQL type files into multiple files in the remote UNIX system s directory FTP gt COPY SQL LOCAL MULTIPLE usr users sql To accomplish this the issuer uses an asterisk wildcard in the output filespec as in Example 3 However the result is not as intended Because the asterisk is part of a quoted string the command actually copies the files into a single file literally named on the remote host To avoid this set the remote default directory to the full pathname You do not have to specify the quoted pathname in the COPY command gt SET DEFAULT REMOTE usr users sql gt COPY SQL LOCAL MULTIPLE The asterisk now acts as a true wildcard with the intended result CREATE DIRECTORY FTP Transferring Files CREATE DIRECTORY Creates a directory on the remote host The DIRECTORY qualifier is required as part of the command Some remote hosts might not support directory creation operations Graphical User Interface Equivalent TCPware FTP OpenVMS File Tra
360. ote system DEBUG no debug level Sets debug level like in SFTP2 DELETE key finger print Deletes the key that matches the fingerprint specified It is necessary to do a LIST command before this to get a list of the finger prints and for the program to build its internal database mapping fingerprints to keys 16 39 Accessing Remote Systems with the Secure Shell SSH Utilities EXIT Exits the program HELP Displays a summary of the commands available LIST Displays the fingerprint and attributes of keys stored on the remote system The attributes that are listed will vary with key Example Output Fingerprint xozil bemup favug fimid tohuk kybic huloz fukuc kuril gezah loxex key type ssh dss Comment 1024 bit dsa user simple example com Wed Jun 05 2007 21 05 40 OPEN user host port Opens a connection to a remote publickey subsystem QUIT Quits the program UPLOAD key file name Transfers the key file name to the remote system The file name specified is expected to be in the SSH2_CONFIG directory from the user s login directory e g ADD ID DSA 1024 A PUB will transfer the public key in ID DSA 1024 A PUB to the remote system and updates the AUTHORIZATION file on the remote system to include this key name VERSION protocol version Displays or sets the protocol version to use The protocol version can only be set before the OPEN command is used The default version is 1 Publickey Assistant Qualifie
361. ou want to connect Respond to the login prompts if any of the remote host After a successful login the FTP gt prompt appears where you enter the FTP commands described in the following sections If TLS is included on the command line then TLS authentication will be used before user authentication is entered FTP TLS host username password Enter the host to which you want to connect the username of the account on the remote host and the password PASSCODE if using Token Authentication ofthe account on the remote host as part of the command After a successful login the FTP gt prompt appears where you enter the FTP commands described in the following sections See the OPEN command if you are using a SecureID card for password authentication 2 Atthe end of your FTP session use the CLOSE command to close the connection and exit FTP See Closing and Exiting for the different close options Graphical user interface method You can use the graphical user interface method if you have a DECwindows host running DECwindows with Motif Version 1 1 or later see Figure 3 2 1 At the DCL prompt enter SET DISPLAY CREATE NODE display node TRANSPORT TCPIP DECW FTP FTP Transferring Files 2 When the TCPware FTP OpenVMS Connections window appears enter at the Remote Host field tab to the Username field and enter at it and tab to the Password field and enter at it Then click the OPEN button A TCPware FTP OpenVMS Messa
362. out including the space between the file specification and the qualifier To disable this requirement define the following logical DEFINE SYSTEM EXECUTIVE MODE TCPWARE FTPD NOUNIX SYNTAX TRUE ubleshooting Access error messages help by entering HELP TCPWARE MESSAGES identifier or connect to web site http www process com select Customer Support followed by the Error Messages button ACCOUNT FTP Transferring Files ACCOUNT Specifies the user s account if the remote server requires it Format ACCOUNT account Parameter account User s account Enclose in quotes if it contains special characters or embedded spaces or contains mixed case characters Example The following specifies account Smith on the remote system Use quotes around the mixed case account name FTP gt ACCOUNT Smith 3 27 PART II User Functions CCC CCC For Change the control port to clear text after performing RFC 4217 encrypted authentication Clear text may be desired for the control port when NAT or firewalls are being used that expect to examine and or alter commands and responses dealing with the data port PORT PASV EPRT EPSV and the respective replies The PROTECTION command should be used before the CCC command as it is not allowed after the command channel has returned to clear text mode mat CCC Example 3 28 The following closes the current connection gt CCC CLOSE Transf
363. over DECnet Send IP datagrams over DECnet links to connect separate DECnet over IP TCP IP LANs over WANs IP over X 25 Send IP datagrams as data packets over X 25 enabling reliable world wide communication Point to Point Protocol PPP Send multiprotocol datagrams over serial point to point links PPP is common with line speeds from 14 4 to 28 8 kilobits per second Kbps Implemented through pppd command line options proNET Supports the proNET 10 and proNET 80 token ring controllers provided by Proteon Inc Serial Line IP SLIP Send IP datagrams over serial lines instead of Ethernet cable Supports both dedicated hard wired and dialup SLIP lines TCPware also supports Compressed SLIP CSLIP HP Wide Area Network WAN Device Drivers Supports the VAX WAN Device Drivers synchronous interfaces that form a link between the hardware devices and TCPware Multicasting Supports full IP multicasting letting you send and receive datagrams addressed to IP multicast Class D addresses Implements the Internet Group Management Protocol IGMP Introducing TCPware for OpenVMS Table 1 2 TCP IP Services Continued This Service Provides Network Management Network management and control functions include Domain Name Services DNS Guarantee host connections using a distributed database Supports Berkeley Internet Domain Server BIND Release 4 9 4 Name Server Dynamic
364. overed source file as you received it when compiled would normally produce executable code that would print a copyright message followed by a message referring to an ISC web page or other ISC documentation you may not modify the file in such a way that when compiled it no longer produces executable code to print such a message 9 Any source file covered by this license will specify within the Bootstrap License the name of the ISC distribution from which it came as well as a list of associated documentation files The associated documentation for a binary file is the same as the associated documentation for the source file or files from which it was derived Associated documentation files contain human readable documentation which the ISC intends to accompany any distribution If you produce a distribution then for every covered file in that distribution you must include all of the associated documentation files for that file You need only include one copy of each such documentation file in such distributions Absence of required documentation files from a distribution you receive or absence of the list of documentation files from a source file covered by this license does not excuse you from this from this requirement If the distribution you receive does not contain these files you must obtain them from the ISC and include them in any redistribution of any work covered by this license For information on how to obtain required documentation not
365. ow PF23 Ctrl F 2 3 or PF2 KP3 12 13 PART II User Functions Table 12 2 IBM to OpenVMS Keyboard Map Continued IBM Function OpenVMS Keys IBM Function OpenVMS Keys Home KP keypad period PF24 Ctrl F 2 4 or PF2 KP4 Delete DEL or Remove PAI Ctrl P 1 ESC PF1 PF4 Erase to EOF Ctrl E PA2 Ctrl P 2 ESC PF2 KP keypad dash Erase input Ctrl W PA3 Ctrl P 3 ESC PF3 KP keypad comma Insert Ctrl space ESC space Escape to Ctrl C or Insert Here TELNET command PFI or 1 Master reset Ctrl G PF2 ESC 2 or KP2 Set tab ESC PF3 ESC 3 or KP3 Delete tab ESC PF4 ESC 4 or KP4 Clear tabs ESC PFS ESC 5 or KP5 Set margin ESC PF6 ESC 6 or KP6 Set home PF7 ESC 7 or KP7 Column tab ESCA PF8 ESC 8 or KP8 Column back tab ESC T PF9 ESC 9 or KP9 Indent ESC gt PF10 ESC 0 or Unindent ESC lt 11 PF1 KP1 Indent ESC gt PF12 ESC or PF1 KP2 Indent ESC gt PF13 Ctrl F 1 3 or PFI KP3 Indent ESC gt 14 Ctrl F 1 4 or 1 4 Indent ESC gt TN3270 Internationalization International character set support adds functionality to convert the Western European EBCDIC character set to the corresponding terminal character sets multinational or national replacement 12 14 TELNET Connecting to Remote Terminals Since current TCPware TN3270 does not support the structured field of the
366. password part of the format This syntax is optional If you omit the parameter and a connection is open Client FTP uses the current default directory The directory part of the format is any valid remote directory specification Enclose the specification in quotes if it contains special characters or embedded spaces or is case sensitive Use the node directory syntax for access to an anonymous user directory The ANONYMOUS qualifier is implicit Qualifiers ANONYMOUS NOANONYMOUS Enables ANONYMOUS or denies NOANONYMOUS anonymous user access to remote resources You can omit ANONY MOUS if using the directory syntax node directory See Anonymous Users BRIEF NAME LIST Returns a list of filenames instead of a normal directory listing equivalent to LS Uses the FTP NLST command BRIEF and NAME LIST are synonyms 3 43 PART II User Functions DIRECTORY OUTPUT file Filespec for a local file to receive the directory listing If omitted the directory is displayed on your terminal Examples 1 The following returns a listing for the remote usr src UNIX directory assuming that a connection to the remote host is open FTP gt DIRECTORY usr src 2 The following returns a listing for the remote SYS SYSTEM directory assuming that a connection to the remote host is open gt DIRECTORY SYSSSYSTEM 3 44 DISPLAY FTP Transferring Files DISPLAY Displays a remote file on the scre
367. pe also indicates user input where the case of the entry should be preserved italic type Variable value in commands and examples For example username indicates that you must substitute your actual username Italic text also identifies documentation references directory Directory name in an OpenVMS file specification Include the brackets in the specification optional text Italicized text and square brackets Enclosed information is optional Do not include the brackets when entering the information Example START IP line address info This command indicates that the info parameter is optional value value Denotes that you should use only one of the given values Do not include the braces or vertical bars when entering the value Note Information that follows is particularly noteworthy CAUTION Information that follows is critical in preventing a system interruption or security breach key Press the specified key on your keyboard Ctrl key Press the control key and the other specified key simultaneously Return Press the Return or Enter key on your keyboard xxiii PART Introduction Chapter 1 Introducing TCPware for OpenVMS Chapter 2 Functional Overview 1 Introducing TCPware for OpenVMS Introduction TCPware for OpenVMS is a software product that provides TCP IP standard networking services for HP s OpenVMS VAX Alpha and 164 computers
368. perating system for those architectures Table 1 1 lists the members of the TCPware for OpenVMS family and the features of each Table1 1 TCPware for OpenVMS Family Members Component Features FTP OpenVMS File transfer service that lets you transfer files to or from remote hosts Provides a File Transfer Protocol FTP client and server Includes the Remote Copy Program RCP which includes optional Kerberos authentication Also includes a Subroutine Library to develop FTP application programs Token Authentication is also available for FTP OpenVMS NFS OpenVMS Client Network File System NFS service that lets you access NFS filesystems and store data on NFS systems Provides an NFS client NFS OpenVMS Server NFS service that lets remote NFS users access OpenVMS filesystems and use them for storage Provides an NFS server and supports a PC NFS Server PCNFSD SMTP OpenVMS Mail transfer service that lets you send mail to or receive mail from remote hosts Provides a Simple Mail Transfer Protocol SMTP client and server The additional Internet Message Access Protocol IMAP and Post Office Protocol Version 3 POP3 servers provide a way for remote PCs to retrieve OpenVMS incoming mail SSH OpenVMS Secure Shell provides encrypted remote access to this system and other systems with SSH software Commands may be executed remotely or remote interactive sessions may be used Files may be transferred
369. ple FTP OpenVMS Session BETA FTP FTP gt OPEN THETA 1 _Usemame smith SMITH _Password FTP gt PUT SYS EXE FTP GET SYS EXE 2 3 FTP gt DIR total4 DWXT Xr x smith 340 Oct WXT Xr x smith 138 Oct drwxr xr x smith 512 Oct Du r r smith 46080 Oct FTP gt DELETE SYS EXE 5 FTP gt DIR total3 DWXr xr x 1 smth users 340 Oct DWXT Xr x 1 smth uses 138 Oct drwxr xr x 2 smth uses 512 FTP gt LDIR 7 Directory DOCSDISK DOC ENG ANDY THT CYN PS2 DO HELP TXT 1 GLOSSARY TAT HELP DIR KIT INFO PS 1 PERSONAL LINKBASET SYS EXEA Total of 8 fies FTP gt OPEN ALPHA _Usemame smith USER 8 _Password FTP gt DIR 9 GLOSSARY TXT 1 DIR KIT BUILD HLB 1 LivK_PERSONAL LINKBASE SCREEN FTP TXT SEND NORM BIN 1 SEND NORM OBJ 1 SEND ORJT FTP gt GET SCREEN FTP TXT 10 11 FTP SET DEFAULT IMAGE 11 FTP GET SEND NORM BIN SEND NORM OB SEND OBJ FTP gt LDIR 1 Directory DOCSDISK DOC ENG ANDY TT CYN PS2 DO HELP TXT GLOSSARY TXT4 HELP DIR 1 KIT INFO PS LWK_ PERSONAL LINKBAGET SCREEN FTP TXT1 SEND NORMBINi SEND NORM OBJ i SENDOBJI SYS EXE Total of 12 fies FTP EXIT 14 Command Reference The following pages describe the FTP OpenVMS commands Table 3 3 contains command synonyms you can use interchangeably with FTP OpenVMS commands Table 3 4 shows commands you can use to do various tasks Each command includes the graphical user interface equivalent
370. ple removes the previous escape attention character definition if any TELNET gt SET NOESCAPE 12 51 PART II User Functions SET NO FLUSH SET NOJFLUSH Defines changes or disables the flush character If you enter the defined flush character during a TELNET session Client TELNET discards all characters currently in the output stream from the server Client TELNET uses the TELNET timing mark option to accomplish this a TELNET server need not support this option for this feature to work Note Client TELNET ignores SET FLUSH when TN3270 mode is active If a Server fails to respond properly to the timing mark option Client TELNET may continue to discard all output from the server In this case use the FLUSH command to resume normal operation Format SET FLUSH char SET NOFLUSH Parameter char When entered this character discards all characters currently in the output stream from the server You can specify this character in either of the following formats Numeric ASCII value of the character String Character string enclosed in quotes Specify control characters by typing a caret before the character There is no default flush character Define the initial flush character using the TCPWARE TELNET FLUSH logical name in the process job group or system logical name tables To define the logical use one of the following formats DEFINE PROCESS TCPWARE TELNET FLUSH 15 DEFIN
371. ppearing in two parts of a split screen What you type appears on the top half and what the other person types is on the bottom half of the screen To signal that you are expecting a response it is customary to leave a blank line after your last line of text You can use a convention such as over and out to signal that your part of the correspondence is over Type Ctr1 1 to reprint the screen You can also use the erase kill and word kill Ctr1 K characters To exit type the interrupt character Ctr1 C Ctr1 Y Ctr1 z TALK moves the cursor to the bottom of the screen and restores the terminal to its previous state Example 11 1 shows a sample exchange between user BART on host BART ZOZO COM an OpenVMS system and user MARGE on host MARGE NENE COM TALK Exchanging Terminal Messages Example 11 1 Sample TALK Message Exchange On Bart Bart 5 TALK TCPWARE TALK EXE Bart TALK MARGEGMARGE NENE COM On Marge Marge Message from Talk DaemonGBART ZOZO COM at 11 23 talk connection requested by bart bart zozo com talk respond with talk bartebart ZOZO com Marge TALK BARTGBART ZOZO COM Connection established bartGbart zozo com On Bart Hi there Connection established marge marge nene com On Marge Good to hear from you Connection established bart bart zozo com Hi there On Bart Hi there See
372. pt for any input during session Ciphers Cipher list None Supported encryption ciphers ClearAllForwardings Y N Ignore any specified forwardings Compression Y N Enable data compression DebugLogFile Filename None Specify the file to hold debug information If used with the QuietMode keyword turned on as well only the first part of the log information will be written to SYSSERROR until the DebugLogFile keyword is parsed If QuietMode is not used all debug output will go to both SYSSERROR and the log file DefaultDomain Domain Specify domain name EscapeChar Character 99 Set escape character ctrl key ForwardA gent Y N Enable agent forwarding ForwardX11 Y N Enable X11 forwarding GatewayPorts Y N Gateway locally forwarded ports Host Pattern Begin section for this host 16 9 Accessing Remote Systems with the Secure Shell SSH Utilities Table 16 2 SSH2 CONFIG File Configuration Keywords Continued Keyword Value Default Description HostCA Certificate None Specifies the CA certificate in binary or PEM base64 format to be used when authenticating remote hosts The certificate received from the host must be issued by the specified CA and must contain a correct alternate name of type DNS FQDN If the remote host name is not fully qualified the domain spe
373. purpose with or without fee is hereby granted provided that the above copyright notice and this permission notice appear in all copies and that the name of Hewlett Packard Corporation not be used in advertising or publicity pertaining to distribution of the document or software without specific written prior permission THE SOFTWARE IS PROVIDED AS IS AND HEWLETT PACKARD CORP DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS IN NO EVENT SHALL HEWLETT PACKARD CORPORATION BE LIABLE FOR ANY SPECIAL DIRECT INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE DATA OR PROFITS WHETHER IN AN ACTION OF CONTRACT NEGLIGENCE OR OTHER TORTIOUS ACTION ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE Portions Copyright O 1995 by International Business Machines Inc International Business Machines Inc hereinafter called IBM grants permission under its copyrights to use copy modify and distribute this Software with or without fee provided that the above copyright notice and all paragraphs of this notice appear in all copies and that the name of IBM not be used in connection with the marketing of any product incorporating the Software or modifications thereof without specific written prior permission To the extent it has a right to do so IBM grants an immunity from suit under its patents if any for the use sale o
374. r see the User 5 Guide Chapter 3 FTP Transferring Files As a system manager see the Management Guide Chapter 12 Managing FTP OpenVMS As a system programmer see the Programmer 5 Guide Chapter 7 FTP Library remote systems Because TFTP is more primitive than FTP you can mainly use TFTP to allow remote diskless systems to read bootstrap images over the network Authentication RCP Use a UNIX like command to The server must support equivalents of copy files to and from remote the UNIX she11 and exec services systems right on the system You must register the other hosts in your command line HOSTS EQUIV or RHOSTS files TCPware also provides the As a user see the User 5 Guide RCP server so that remote Chapter 7 RCP Copying Files pae EA Dies oor tom As a system manager see the y y Management Guide Chapter 16 Managing R Commands TFTP Transfer files to and from The remote system must support TFTP As a user see the User 5 Guide Chapter 13 TFTP Trivial File Transfers AS a system manager see the Management Guide Chapter 16 Managing R Commands 2 3 PART I Introduction Printing Files You can print files over the network using the Line Printer Services or Terminal Server Print Services Print files over the network using the TCPware for OpenVMS components in Table 2 3 Table2 3 TCPware Components for Network Printing This To use it you As a system compo
375. r colored Specifies the North American letter colored medium na letter transparent Specifies the North American letter transparent medium na legal white Specifies the North American legal white medium na legal colored Specifies the North American legal colored medium na 9x12 envelope Specifies the North American 9x12 envelope medium monarch envelope Specifies the Monarch envelope na number 10 envelope Specifies the North American number 10 business envelope medium na 7x9 envelope Specifies the North American 7x9 inch envelope na 9x11 envelope Specifies the North American 9x11 inch envelope na 10x14 envelope Specifies the North American 10x14 inch envelope na number 9 envelope Specifies the North American number 9 business envelope na 6x9 envelope Specifies the North American 6x9 inch envelope na 10x15 envelope Specifies the North American 10x15 inch envelope executive white Specifies the white executive medium folio white Specifies the folio white medium invoice white Specifies the white invoice medium ledger white Specifies the white ledger medium quarto white Specified the white quarto medium iso a0 white Specifies the ISO AO white medium iso al white Specifies the ISO Al white medium a Specifies the engineering A size medium b Specifies the engineering B size medium Spec
376. r manufacture of products to the extent that such products are used for performing Domain Name System dynamic updates in TCP IP networks by means of the Software No immunity is granted for any product per se or for any other function of any product THE SOFTWARE IS PROVIDED AS IS AND IBM DISCLAIMS ALL WARRANTIES INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL DIRECT INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE EVEN IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES Portions Copyright O 1995 1996 1997 1998 1999 2000 by Internet Software Consortium All Rights Reserved Permission to use copy modify and distribute this software for any purpose with or without fee is hereby granted provided that the above copyright notice and this permission notice appear in all copies THE SOFTWARE IS PROVIDED AS IS AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS IN NO EVENT SHALL INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL DIRECT INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE DATA OR PROFITS WHETHER IN AN ACTION OF CONTRACT NEGLIGENCE OR OTHER TORTIOUS ACTION ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORM
377. r selection Restrictions This version of TALK is incompatible with versions of ULTRIX earlier than v3 0 Starting with ULTRIX v3 0 TALK communicates with other machines running ULTRIX v3 0 and later and machines running 4 3BSD or versions of UNIX based on 4 3BSD TALK is not eight bit clean Typing in DEC Multinational Characters ISO 8859 1 causes the characters to echo as a sequence of carets followed by the character represented with its high bit cleared This limitation makes TALK unusable if you want to communicate using a language that has ISO 8859 1 characters in its alphabet Example systeml gt talk user2 system2 The following message appears on the screen of user2 Message from Talk Daemon system2 at 12 37 talk connection requested by userleGsysteml 11 4 TALK TALK Exchanging Terminal Messages talk respond with talk userl system1l To establish the connection user2 follows the instructions from the 1 Daemon and types the following at the system prompt system2 gt talk userlGsysteml Troubleshooting The Your party is refusing messages message may come up if the remote terminal is set up with messages off such as the first terminal tt y5 in the following example Bart FINGER MARGEGMARGE ZOZO COM Login name marge messages off In real life Marge Simpson Directory home spectre Shell usr local bin tcsh On since Nov 3 10 06 48 on ttyp5 from bart nene com 59 minutes Idle Time No
378. ration file SSH2_DIR SSH2_CONFIG or the user s configuration file SYS LOGIN SSH2 SSH2_CONFIG can be used to specify the following parameters The user s configuration file takes precedence over the system configuration file Table 17 1 SFTP SCP2 user configuration parameters FilecopyMaxBuffers This is equivalent to the CONCURRENT REQUEST qualifier on the SFTP2 or SCP2 command line The command line qualifier will supercede any value in the configuration file FilecopyMaxBuffersize This is equivalent to the SFTP2 BUFFERSIZE command or the SCP2 BUFFER SIZE qualifier The command or qualifier takes precedence FTP over SSH SSH2 can be used to set up port forwarding that can be used for FTP This allows users to use the richness of the FTP command set to access files on a remote system and have their control and data information encrypted The command format to set up the SSH port forwarding 15 ssh remote host name local forward ftp forwarded port number localhost 21 gt 22 The usual SSH authentication mechanisms come into play so there may be a request for password and a terminal session is established to the remote host As long as this terminal session is alive other users on the local system can use FTP to access the remote system over an encrypted channel 17 20 Secure File Transfer The location of the quotes is important as it is necessary to prevent DCL from interpreting the in
379. re secure than rhosts authentication The most convenient way to use RSA authentication may be with an authentication agent See Publickey Authentication for more information For SSH2 When the user logs in 1 The client reads possible keys to be used for authentication from its IDENTIFICATION file Note that this file does not contain the actual keys rather it contains the name of the key files The client sends to the server its list of keys The server compares each key that it received to see if it can match this key with one of those specified in the AUTHORIZATION file 4 The server tells the client the key that was accepted The client then signs the key with a digital signature that only the server with the proper key could verify and sends the signature to the server The server verifies the signature Password Authentication The password is sent to the remote host for checking The password cannot be seen on the network because all communications are encrypted When the server accepts the user s identity 1t either executes the given command or logs into the system and gives the user a normal shell on the remote system All communication with the remote command or shell will be encrypted automatically Break in and Intrusion Detection Care must be exercised when configuring the client to minimize problems due to intrusion records created by OpenVMS security auditing The SSH user should consult
380. reconnected If no reconnection is being done then one is set up Data sent at the time of the broken connection may be lost The client attempts to reconnect to the remote port as described in the OPEN CREATE PERMANENT command section The permanent NTA handles reconnects internally instead of allowing the program to issue the LAT SYS QIOW with IOSTTY PORT 10 LT CONNECT Closing the Connection After a Deassign You can use the CLOSE DASSGN keyword to the CREATE PERMANENT qualifier to close the underlying TCP connection when the last channel assigned to the NTA device is dropped using SYSSDASSGN The default is not to close the TCP connection Startup Command File You can have a startup file executed each time you invoke Client TELNET The TELNET STARTUP logical specifies a file that contains commands you want performed at the 12 10 TELNET Connecting to Remote Terminals beginning of each TELNET session To set up and run a startup command file see Example 12 7 1 Create a TELNET STARTUP COM file in your login directory 2 In the file include the TELNET command or commands you want executed each time you start Client TELNET 3 Edit your LOGIN COM file and define the TELNET STARTUP logical name to point to the startup file For example add the following line to your login file DEFINE PROCESS TELNET STARTUP SYSSLOGIN TELNET STARTUP COM 4 Rerun LOGIN and run TELNET Whenever you run TELNET OpenVMS i
381. rent filter so that you can send data to the printer unchanged Note that this command qualifier DOES NOT convert the file to STREAM LF format This qualifier is equivalent to the 1 option used with the LPR command When using to OpenVMS printing the PASSALL qualifier prints text files without carriage 5 15 PART II User Functions PRINT returns CRs Use this option mainly with BINARY data or a file that contains all of the characters including CRs that you want sent to the printer If you use LPS and issue the PRINT command the printing process ignores the BURST CHARACTERISTIC HEADER PAGES SETUP SPACE and TRAILER OpenVMS PRINT qualifiers All other OpenVMS PRINT qualifiers work the same as they normally do with OpenVMS QUEUE qname Specifies a print queue that can send the job to a local or remote printer If you omit this parameter with Line Printer Services the job goes to the SYS PRINT queue The QUEUE parameter is necessary when generating a print request on a remote printer attached to a terminal server when using the Terminal Server Print Services Once the server initializes and starts the print queue for a terminal server print Job you can generate a print request on the terminal printer as follows PRINT QUEUE qname filename The qname parameter 1s the name of the print queue and the filename parameter specifies the data file or files you want used The standard OpenVMS qualifiers are available
382. resent multiple files to FTP use the MGET MPUT or MDELETE commands or specify the MULTIPLE qualifier with the GET PUT COPY or DELETE command These two examples produce identical results FTP gt MGET TXT FTP gt COPY TXT MULTIPLE REMOTE Note You do not require the asterisk for the destination with MGET but you do require it with COPY If enclosed in a quoted string wildcard symbols no longer act as wildcards Note Note You can customize the appearance of your graphical user interface by using Motif resources in a resource file This file is called DECW FTP DAT and is in your login directory The most important resource is the one that sets your application window to fit the screen If you run your application from a PC with a small 14 inch monitor for example you might want to use the following resource DXmfitToScreenPolicy AS NEEDED If the window size is bigger than the screen can handle scroll bars appear in the windows so that you can scroll to parts of the window Other examples of using resources include DECW FTP background gray DECW FTP foreground black These set the screen background color to gray and the foreground color to black See your Motif documentation for other possible resource settings Wherever possible the procedural descriptions that follow cover the command line and graphical user interface execution methods If you prefer the graphical user interface method you c
383. resses with names that are meaningful to you Per user mail aliases are kept in the file SMTP_ALIASES in your login directory The format for alias entries is alias real address where alias is an alphanumeric string and real address is an electronic mail address You can specify multiple addresses by separating them with commas The alias definition may span multiple lines if needed and must always be terminated with a semicolon For example a local user may have a user name of JB134A but you want to send mail to him as john Add the following line to your SMTP ALIASES file john jb134A Aliases are repeatedly translated until no more translations are found You can circumvent the repeated translations by including a leading underscore _ in the rea address For example this 10 3 PART II User Functions Usi Del definition causes mail to be forwarded and delivered locally fnord fnord somewhere else edu fnord ng Mail Under ALL IN 1 This section explains how to use the mail subsystem under ALL IN 1 to send mail to and receive mail from users on remote systems To send mail to a user on a remote system specify an ALL IN 1 e mail address in the format recipient destination SMTP SMTP indicates to ALL IN 1 mail subsystem that the message should be given to the SMTP MR gateway facility for eventual handling by the TCPware SMTP mail system Note that the string SMTP and the destinat
384. rint requests to printers attached to TCP IP based terminal servers Subroutine Libraries Facilitate application development using the Socket Library Services FTP Subroutine Library TELNET Subroutine Library and SNMP Extendible Agent Application Program Interface API routines TCPDRIVER UDPDRIVER IPDRIVER and INETDRIVER Programming Services and UCX Compatibility Services BGDRIVER Use QIO interfaces to develop network applications UCX Compatibility allows applications such as PATHWORKS to work with TCPware ONC RPC Services Build distributed applications using Remote Procedure Calls RPCs Introducing TCPware for OpenVMS TCP IP Services TCPware for OpenVMS TCP IP Services are fully integrated The services range from the upper layer Network Application Services to the lower level components These lower level components handle the network controllers included in the TCP IP Services core component TCP OpenVMS The TCPware for OpenVMS components use the Transmission Control Protocol TCP User Datagram Protocol UDP and Internet Protocol IP The Department of Defense DoD adopted the IP and TCP protocols as standards for all packet networks TCP and IP provide a reliable and efficient means for moving information between computer systems TCPware supports Path MTU discovery to provide a performance improvement when large packets of data are sent over TCP Table 1 2 describes some of the TC
385. rithm NoDelay Y N Disable Nagle TCP_NODELAY NumberOfPasswordPrompts Number Number of times the user is prompted for a password before the connection is dropped PasswordPrompt String 0078 password Password prompt U insert current username 96H insert current hostname Port Port 22 Server port number QuietMode Y N Quiet mode only fatal errors are displayed 16 11 Accessing Remote Systems with the Secure Shell SSH Utilities Table 16 2 SSH2 CONFIG File Configuration Keywords Continued Keyword Value Default Description RandomSeedFile Filename Random_seed Random seed file RekeyIntervalSeconds Seconds 3600 Number of seconds between doing key exchanges during a session 0 disable RemoteForward Port Remote port forwarding Socket SendNOOPPackets Y N N Send NOOP packets through the connection Used typically to prevent a firewall from closing an interactive session StrictHostKeyChecking Y N Ask Y Behavior on host key mismatch TryEmptyPassword Y N N Attempt an empty password first when doing password authentication Note Doing so may result in an extra intrusion being logged User Username Remote username VerboseMode Y N N Verbose mode Notes Regarding SSH2 CONFIG The user may specify default configuration options called stanzas systems The format of this within the co
386. roviding a service in a relationship between two cooperating processes Simple Mail Transfer Protocol SMTP Application layer protocol that provides an electronic mail facility to an internet Glossary 12 Glossary Glossary of Terms Continued Simple Network Management Protocol SNMP Allows network management stations to obtain timely information about the network activities of OpenVMS server hosts The information describes such things as routing line status the volume of network traffic and error conditions sliding window Characteristic of protocols that allow the sender to transmit up to n packets before an acknowledgment arrives After the system receives an acknowledgment for the first packet the sending protocol slides the packet window along the stream and sends another packet socket Abstraction first provided by Berkeley BSD UNIX that allows a process to have access to the Internet A process opens a socket specifies the desired service reliable stream delivery datagram delivery IP connects the socket to a specified destination and then sends or receives data Socket Library Collection of VAX C on VAX machines and DEC C on Alpha and 164 machines subroutines that closely emulates the UNIX socket functions SSH Abbreviation for Secure Shell See Accessing Remote Systems with the Secure Shell SSH Utilities statelessness Ability not to have to mai
387. row gt indicates the current session The list of supported terminal types 1f no remote connection is open The terminal type used if a remote connection is open and Client TELNET negotiated for the terminal type Whether local flow control is ON or OFF Name of the log file if one is open Name of the host character set Name of the terminal character set The current abort output AO are you there AYT backward break BRK erase character EC erase line EL escape forward flush interrupt process IP and go ahead GA characters if defined Format SHOW STATUS Synonym STATUS Example TELNET gt SHOW STATUS Client TELNET V5 9 1 Copyright c 2007 Process Software Connected sessions 1 bart nene com telnet 192 168 1 92 23 gt 2 marge nene com telnet 192 168 1 91 23 N is the escape attention character Current session is operating in 3270 mode Terminal type IBM 3278 2 Local flow control ON Keyboard Map File TCPWARE MAP3270 DAT Host Character Set CANADIAN Terminal Character Set LATIN1 C is the escape attention character 12 64 SHOW TRANSLATION TELNET Connecting to Remote Terminals SHOW TRANSLATION Displays the current translation settings made using SET TRANSLATION Both the received and sent translations appear Format SHOW TRANSLATION Example TELNET gt SHOW TRANSLATION No characters are translated to CRLF when received
388. rs BATCHFILE Provides file with publickey assistant commands to be executed Starts SSH2 in batch mode Authentication must not require user interaction CIPHER Selects encryption algorithm s COMPRESS Enables SSH data compression DEBUG Sets debug level 0 99 HELP Displays a summary of the qualifiers available MAC Selects MAC algorithm s MAC mac 1 mac n PORT Tells sftp2 which port sshd2 listens to on the remote machine VERBOSE Enables verbose mode debugging messages Equal to debug 2 You can disable verbose mode by using debug disable VERSION Displays version number only Other Implementations VanDyke includes this in their SecureFX and VShell products VanDyke also has a patch available for a server for OpenSSH 16 40 Accessing Remote Systems with the Secure Shell SSH Utilities 16 41 Accessing Remote Systems with the Secure Shell SSH Utilities 16 42 Chapter 17 Secure File Transfer There are three methods to do secure file transfer SCP2 SFTP2 and FTP over SSH2 SCP2 and SFTP2 communicate with SSH2 for authentication and data transport which includes encryption to remote systems and to activate the SFTP SERVER2 image An SCPI server is provided for compatibility with OpenSSH SCP The following diagram illustrates the relationship among the client and server portions of an SCP2 or SFTP2 file transfer
389. s VMS is the default PUT FTP Transferring Files Examples 1 The following copies the STUFF TXT file from your local host to the remote host the receiving system stores the file under the same filename in the default directory FTP gt PUT STUFF TXT 2 The following copies the local STUFF TXT file to DELTA s anonymous directory It is equivalent to having used ANONYMOUS sending the ANONYMOUS user email address username and password with the command FTP gt SEND DELTA STUFF TXT PART II User Functions PWD PWD Prints the name of the current working directory on the remote host Useful for determining the default directory when not specifying a full pathname Format PWD Equivalent SHOW DEFAULT QUOTE Transferring Files QUOTE Sends an FTP command to the remote server Note Do not use QUOTE to initiate a file transfer operation Format QUOTE command Equivalents QUOTE HELP SITE SITE HELP HELP REMOTE SITE REMOTEHELP SITE Parameter command FTP command string sent to the remote FTP server FTP commands are not the same as Client FTP commands Enclose the command in quotes if it contains special characters or embedded spaces or is case sensitive Example The following sends the SYST command to the remote FTP server If implemented by the remote server it returns the type of operating system running on the remote server FTP gt QUOTE SYST 3 65 PART II User Functio
390. s CLOSE DASSGN INTERVAL seconds NOJKEEPALIVE NOOPCOM NOTCONNECTED RETRIES number SHUT ABORT Associates the local client end of the TELNET connection to an NTA device Lets you use the connection for terminal activities such as printing or running applications Supports RAW LOGICAL and TIMEOUT The CREATE keyword creates the NTA device as preallocated so that it is not deleted when exiting TELNET However deallocating the device deletes it automatically when there are no process channels assigned to it the reference count drops to zero The PERMANENT keyword causes the client NTA device NOT to be deleted automatically when there are no process channels assigned to it thus creating a permanent connection similar to an application LTA device for LAT As with LAT if the TELNET connection is broken the Client TELNET device tries to reconnect to the specified host and port Further parameters control the broken connection and reconnection algorithms BROKE_TIMO seconds Used to determine when a connection is broken Note that the OPEN TIMEOUT qualifier value is used in establishing the connection and another timeout of eight minutes is used when sending data If omitted the TIMEOUT value is used Also applies to non permanent NTA devices when using OPEN CREATE without the PERMANENT keyword CLOSE DASSGN Specifies that when the last channel is deassigned from the NTA device the underlying TCP connection is cl
391. s in step 1 7 If the prompt reads Enter your new PIN containing 4 to 8 characters or Ctrl D to cancel the New PIN procedure then you have to create your own PIN You cannot have the system generate one for you If anyone else can see your screen press Ctr1 D to cancel the operation and leave your token in New PIN mode Otherwise type in the PIN you would like to use again remembering the guidelines in Step 1 8 Memorize your new PIN Do not write it down 14 7 PART II User Functions 9 You are now ready to log in Wait for the next tokencode then follow the instructions in the following Login Steps section Login Steps Use the following two steps to log in 1 Initiate a login session After you respond to the usual prompt for your login name you may get your usual password prompt Ifyou are using TELNET RLOGIN or SET HOST enter your usual password at the password prompt and press Return Then go to Step 2 e Ifyou are using FTP the password prompt is your PASSCODE prompt Enter your PIN immediately followed by the code currently displaying on your token without any separating space and press Return 2 Atthe Enter PASSCODE prompt enter your PIN immediately followed by the code currently displaying on your token without any separating space If you entered a valid PASSCODE the system displays the message PASSCODE accepted Once accepted a SecurID PASSCODE cannot be used again To log in again you must wait f
392. s no error response present at that point in the protocol the program hangs To prevent it from hanging forever the logical TCPWARE SCP2 CONNECT TIMEOUT is checked to see how long SCP2 should wait for a response when establishing the connection The format for this logical is a VMS delta time The default value is 2 minutes If SCP2 times out before a connection is established with SFTP SERVER2 and VMS or TRANSLATE VMS were specified a warning message is displayed and the initialization is tried again without the request for VMS information or TRANSLATE_ VMS This retry is also subject to the timeout and if the timeout happens again then SCP2 exits This helps for implementations that ignore the initialization message when information they do not recognize is present implementations that abort will cause SCP2 to exit immediately Logicals For the following logicals all that start TCPWARE SFTP apply to the SCP2 client SFTP2 client and SFTP2 server TCPWARE_SFTP_FALLBACK_TO_CBT When defined to TRUE YES or 1 and a VMS file transfer is being performed this logical creates a Contiguous file if that file has Contiguous characteristics The file will be created as Contiguous Best Try if there is insufficient space to create it as Contiguous 17 7 Secure File Transfer 17 8 TCPWARE SFTP TRANSLATE VMS FILE TYPES This is a bit mask that determines which VMS file types should be translated when not operating in VMS mode
393. se TELNET ask your system manager if the TELNET OpenVMS software was installed configured and started on your system To use TELNET with Kerberos version 4 authentication your system manager must have configured TCPware s Kerberos Services Before you can connect to a remote host you need to know The name of the remote host to which you want to connect The username and password for each account on the remote host If the remote host does not support multiuser protection features you may not need a username and password If you are using TCPware s Token Authentication you also need to enter the additional PASSCODE from your SecurID token see the OPEN command for details How to use the operating system of the remote host 12 1 PART II User Functions Note Client TELNET does not restrict the ASCII character set to seven bit ASCII as the TELNET standard implies Client TELNET supports the full eight bit multinational character set To use the multinational character set you must configure your terminal to support eight bit characters The peer TELNET implementation must also support the same Opening a TELNET Session 12 2 Run the Client TELNET utility to connect to a remote host Client TELNET supports as many as 10 connected sessions at any one time However of these ten sessions only one can be a TN3270 session To open a TELNET session see Example 12 1 1 At the DCL prompt enter TELNET 2 Use t
394. se it includes slashes OpenVMS normally interprets as qualifier delimiters ALPHA smithabcd usr bin projl txt The remote filespec must conform to the filenaming conventions of the remote host In OpenVMS to OpenVMS file transfers the ocal file and remote filename specification formats are the same See the ocal file parameter To obtain the same version number in the destination file as in the source file instead of creating a newer one wildcard the destination file version using Note that if the server is not an OpenVMS host the version number is included in the filename You do not get a warning if the server host already has a higher numbered version Also if the server host already has the version specified the old file with that version is overwritten Qualifiers If you omit one of the file type qualifiers ASCII BINARY FORTRAN IMAGE or VMS Client FTP transfers the file based on either The current default setting for example ASCII or IMAGE The extension type of the file you want copied see Table 3 2 Setting a file type qualifier with the PUT command overrides the default transfer format for this PUT only See also the SET DEFAULT command ANONYMOUS NOANONYMOUS Enables k amp NONYMOUS or denies NOANONY MOUS anonymous user access to remote resources You can omit ANONYMOUS if using the file syntax node path See Anonymous Users APPEND Appends the ocal file file to t
395. seconds Max timeout 20 seconds tftp timeout 40 tftp stat Connected to spica nene com Mode netascii Tracing on Rexmt interval 4 seconds Max timeout 40 seconds tftp timeout 30 tftp stat Connected to spica nene com Mode netascii Tracing on Rexmt interval 4 seconds Max timeout 28 seconds The retransmit timer and number of tries are both set to 5 by default so that initially the Max 13 11 PART II User Functions TIMEOUT timeout 15 25 With the retransmit timer rexmt reset to 4 the Max timeout changes to 4 x 5 20 Doubling the maximum timeout timeout 40 recalculates the number of retries to 40 4 10 Changing the maximum timeout to 30 with the rexmt still set to 4 recalculates the retries to 7 and adjusts the Max timeout to 4 x 7 28 13 12 TRACE TFTP Trivial File Transfers TRACE Toggles the packet trace flag Format TRACE Example This command enables packet tracing A GET operation shows a timeout on a file transfer read request tftp trace Packet tracing on tftp status Connected to SIRIUS nene com Mode octet Tracing on Rexmt interval tftp rqst rqst rqst rqst rqst rqst get sent sent sent sent sent sent 10 seconds Max timeout rfc999 txt pokertwo txt RRQ RRQ RRQ RRQ RRQ RRQ lt file rfc999 lt file rfc999 lt file rfc999 lt file rfc999 lt file rfc999 lt file rfc999 Receiv request timed
396. sing the TCPWARE TELNET GA logical name in the process job group or system logical name tables To define the logical use one of the following formats DEFINE PROCESS TCPWARE TELNET GA 9 DEFINE PROCESS TCPWARE TELNET GA nun yunn Both commands set the GA character to Ctr1 A ASCII 9 They are equivalent Examples 1 Each of these equivalent commands sets the GA character to Ctz1 A ASCII 9 TELNET gt SET GA I TELNET gt SET GA 9 2 This example removes the previous character definition 1f any for the GA control function TELNET gt SET NOGA 12 54 SET NO IP TELNET Connecting to Remote Terminals SET NOJIP Defines changes or disables the interrupt process IP character If you enter the defined IP character during a TELNET session Client TELNET sends the TELNET IP control function to the server instead of the actual character Ignored if TN3270 mode is active Format SET IP char SET NOIP Parameter char When entered this character sends the TELNET IP control function to the server You can specify this character in either of the following formats Numeric ASCII value of the character String Character string enclosed in quotes Specify control characters by typing a caret before the character There is no default IP character Define the initial IP character using the TCPWARE TELNET IP logical name in the process job group or system logical name tabl
397. source and binary forms are permitted provided that the above copyright notice and this paragraph are duplicated in all such forms and that any documentation advertising materials and other materials related to such distribution and use acknowledge that the software was developed by Carnegie Mellon University The name of the University may not be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED AS IS AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE RES RANDOM C Copyright 1997 by Niels Provos lt provos physnet uni hamburg de gt All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 advertising materials mentioning features or use of this software must display the following acknowledgement This product includes software developed by Niels Provos 4 The name of the author may not be used to endorse or promote pro
398. ss cc dddd is the number of days 0 9999 if less than one day specify zero 0 follow with a blank space hh is the number of hours 0 23 mm is the number of minutes 0 59 preceded by a colon ss is the number of seconds 0 59 preceded by a colon cc is the number of hundredths of a second 0 99 preceded by a period You can truncate a delta time on the right You can omit fields in the time format as long as you include the punctuation that separates the fields You must specify the days field even if you omit all time fields Glossary 3 PART II User Functions Glossary of Terms Continued domain namespace Naming hierarchy A domain name consists of a sequence of names labels separated by periods The following are examples of domain names NS NASA GOV C NYSER NET BBN COM Domain Name System System that allows access to a distributed hierarchical database of DNS internet addresses hostnames and other information throughout the Internet duress PIN Special PIN to use if you are being compromised during the login process Used with the token authentication system Dynamic Host DHCP Configuration Protocol Protocol that centralizes and automates TCP IP network configuration The DHCP Server dynamically allocates IP addresses for hosts on the network from an available pool of addresses In this way new hosts or hosts that are frequently relocated c
399. ssere 3 30 Graphical User Interface Equivalent essen enne 3 35 Graphical User Interface Equivalent sess 3 40 Graphical User Interface Equivalent essere ener 3 43 Graphical User Interface Equivalent esses eere ener 3 48 Graphical User Interface Equivalent essere enne 3 49 Graphical User Interface Equivalent essere nennen 3 54 Graphical User Interface Equivalent esses ener 3 55 Graphical User Interface Equivalent essere nennen nnne 3 67 Graphical User Interface Equivalent essere eene 3 78 Contents Chapter 4 Kerberos User Commands Introduction c s escena ted reed deri Pe tiunt eot tto oh ete te tt E d 4 1 Ticket File Location Logical ns ecien nnne nnne nennen enne 4 1 Kerberos User Commands eiie ERE eite Une da 4 1 Commiand Reference ote Eb ppt e enm deeds 4 2 Chapter 5 Network Printing Introd ction pre DU eme ree e pee erp 5 1 Network Print Serv1Cessiu c e n te te e MOT ate hee 5 2 5 4 PRINT Command Options oen m np eR ete UT UE Eee tX is DH e git 5 17 Submitting Jobs IPP Symbiont Print Queues essen 5 21 Printing a Single Text File to an IPP Queue sse eene 5 21 Specifying the Destination Printer on the Print Command
400. ssues a confirmation prompt before deleting a file Useful when source contains wildcards so that you can confirm each file copy Respond with v or N NOCONFIRM is the default If confirming multiple file deletions use with MDELETE or DELETE MULTIPLE with a wildcard value Position the qualifier immediately after the DELETE verb to relate to all files or after the particular filename to relate to that file only DIRECTORY Deletes a directory equivalent to RMDIR If omitted Client FTP deletes a file Do not use with MULTIPLE IGNORE NOIGNORE default IGNORE ignores errors so that deletion can continue with the next file when using MULTIPLE NOIGNORE terminates the deletion operation if an error occurs LOG NOLOG default LOG displays file specifications for each file deleted MULTIPLE Deletes multiple files equivalent to MDELETE You must include wildcards in the filespec MULTIPLE is necessary because other systems do not universally recognize the OpenVMS asterisk and percent characters as wildcards You do not need this qualifier with multiple deletes between OpenVMS systems The remote host s FTP server must support the FTP NLST command for remote wildcard operations to work Do not use with DIRECTORY Examples 1 The following deletes 1 file from the UNIX usr src directory gt DELETE usr src projl 3 41 PART II User Functions DELETE 3 42 2 The following deletes al
401. stallation Installation amp Configuration Guide For system managers and those installing the software The guide provides installation and configuration instructions for the TCPware for OpenVMS products User s Guide For all users This guide includes an introduction to TCPware for OpenVMS products as well as a reference for the user functions arranged alphabetically by product utility or service Management Guide For system managers This guide contains information on functions not normally available to the general network end user It also includes implementation notes and troubleshooting information Network Control Utility NETCU Command Reference For users and system managers This reference covers all the commands available with the Network Control Utility NETCU and contains troubleshooting information Programmer s Guide For network application programmers This guide gives application programmers information on the callable interfaces between TCPware for OpenVMS and application programs Online help Topical help using HELP TCPWARE topic Error messages help using HELP TCPWARE MESSAGES Conventions Used Convention Meaning host Any computer system on the network The local host is your computer A remote host is any other computer monospaced type System output or user input User input is in bold type Example Is this configuration correct YES Monospaced ty
402. stem or some ogin directory DST FILE if the remote host is OpenVMS RCP truncates the someone username to some In this case the remote host does not have a host equivalence file entry for the local host requiring USER and PASSWORD rcp user someone pass password truncate 4 src file host dst file Each command copies a UNIX system file to the local host s current directory The p switch in the first command precludes having to use double quotes around the UNIX system file specification The second command is the equivalent without the p switch rcp p unixhost usr users src file rcp unixhost usr users src file 10 This command copies a file from one remote host to another a third party copy 11 rcp remotehost1 filel remotehost2 file2 This command copies a remote UNIX system source file in its home directory to the DST FILE filename on the local host under the current directory Uses Kerberos V4 authentication The Kerberos Server and its database reside in the realm daisy com rcp auth kerbv4 realm daisy com unixhost src dir dst file 7 5 PART II User Functions RCP 7 6 12 This command copies all files under the local directory to a remote OpenVMS 13 14 host s destination directory while preserving the directory hierarchy Since the AUTHENTICATION qualifier appears without a value Kerberos V4 authenticates the user to the remote UNIX host Because REALM is omitted the TCPWARE KERBV
403. stem which doesn t require a server PUT preserve attributes p lt filel gt lt file2 gt Stores the specified file in the current working directory on the remote system File names are case sensitive and in UNIX format When operating in VMS mode either UNIX or VMS style file specifications can be used Directories are recursively copied with their contents Multiple files may be specified by separating the names with spaces If preserve attributes or p is specified then SFTP attempts to preserve timestamps and access permissions Note that a target filename cannot be provided 17 18 Secure File Transfer Table 17 3 SFTP2 Commands PWD Displays the current working directory on the remote system Displayed in VMS format when in VMS mode otherwise displayed in UNIX format QUIT Exits SFTP client READLINK lt targetpath gt lt linkpath gt Provided that lt path gt is a symbolic link shows where the link is pointing to Not valid for VMS systems as VMS does not have symbolic links RECORD Enters record transfer mode if the server supports Process Software s record open The direction in which record transfer mode is possible will be displayed in response to this command In record transfer mode the source file is opened as binary records and the destination file is opened as binary This produces the same effect as TCPware s FTP server BINARY transfer when a B
404. t HELP REMOTE topic Synonyms and Equivalents H REMOTEHELP HELP REMOTE topic HELP REMOTE SITE REMOTEHELP SITE SITE HELP QUOTE HELP SITE Parameter topic Optional allows you to specify the topic if known for which you want help Otherwise HELP offers you a list of topics from which to choose Qualifier REMOTE Equivalent to the REMOTEHELP command it accesses the remote FTP server s online help instead of the local Client FTP online help Position the qualifier directly after the HELP command If positioned after the topic you could get incorrect help or an error For example if you specify HELP LDIR REMOTE you get on line help for LDIR REMOTE which does not exist PART II User Functions LDIR LDIR Lists files in your local directory along with their creation date and size See DIRECTORY to list files on the remote host See SET DEFAULT LOCAL to set the default local directory Graphical User Interface Equivalent TCPware FTP OpenVMS File Transfers Enter directory path in Local Files Filter Format LDIR directory Equivalent SPAWN DIRECTORY directory Parameter directory Directory to list on your local host The asterisk wildcard is acceptable 3 54 OPEN FTP Transferring Files OPEN Opens a connection to a remote host The connection remains open until you exit FTP close the connection with the CLOSE command or open a new connection using the OP
405. t daisy and owned by user smith lp is ready and printing Rank Owner Job active smith 45 1st jones 46 2nd ross 47 and owned by user smith Files memol prog memo2 memo c letter txt 1 Psys printGdaisy smith lp is ready and printing smith active 3 copies of memo txt smith 1st prog c smith 3rd letter txt job 04 job 04 957 bytes 897 bytes job 04 432 bytes LSdaisy flower 6daisy flower L8daisy flower Total Size 3957 bytes 897 bytes 432 bytes This command displays in long form all jobs queued to the printer sys print on host daisy com com com 3 This command displays job 489 in the queue for the default remote printer LPQ 489 lp is ready and printing Rank Owner Job active gordon 489 Files aug txt sept txt Total Size 560 bytes 5 7 PART II User Functions LPR LPR Sends a file to a remote print queue If you omit a filespec the job consists of data you type from the keyboard The TCPWARE LPR PRINTER logical defines the default remote printer TCPware creates the LPR temporary file in SYS SCRATCH In this way if you have a limited disk quota you can print by redefining the SYS SCRATCH logical to point to a public scratch disk that has no disk quota limitations Format LPR option filespec Parameter filespec Name of the file s you want queued Use the asterisk or percent sign as
406. t first looks for the file to which the TELNET STARTUP logical points It then processes all the commands contained in that file until it processes the EXIT command or reaches the end of the file If the OPEN command appears in this file TELNET establishes the connection and all further input comes from the terminal When you return to command mode TELNET processes the rest of the commands in the startup file if any If the EXIT command appears in the startup file Client TELNET ignores all commands following the EXIT command and continues TELNET operations leaving the user at the TELNET prompt Example 12 7 Setting Up a Startup Command File CREATE TELNET STARTUP COM SET TRANSLATION SEND CR OPEN IRIS OPEN HOMER SHOW STATUS Ctrl Z EDIT SYS LOGIN LOGIN COM DEFINE PROCESS TELNET STARTUP SYSSLOGIN TELNET STARTUP COM Ctrl Z SYSS LOGIN LOGIN TELNET TELNET gt SET TRANSLATION SEND CR S TCPWARE TELNET I TRNSNEWLN will translate CR to CRLF when sent TELNET gt OPEN IRIS STCPWARE TELNET I TRYING trying IRIS plants com telnet 192 168 1 93 23 STCPWARE TELNET I ESCCHR escape attention character is n N M login procedure to IRIS IRIS Ctr1 N TELNET gt OPEN HOMER 12 11 PART II User Functions STCPWARE TELNET I TRYING trying HOMER illiad com telnet 192 168 1 90 23 TCPWARE TELNET I ESCCHR escape attention character is W login procedure to HOMER HOMER Ctr1 TELNET
407. t for this qualifier is the default for the queue Also if the queue configuration does not specify a default document format the hard coded default is text plain JOB PRIORITY integer Specifies the priority of the print job at the IPP server not to be confused with the OpenVMS queue priority 1 is the lowest 100 is the highest FINISHINGS keyword keyword Specifies finishing operations to be performed on the printed documents May or may not be supported by a given IPP server Any or all of the four available finishings may be specified Case is ignored BIND COVER PUNCH STAPLE MULTIPLE DOCUMENT HANDLING keyword Specifies how you want the printer to print your job The keyword 1s one of the following Single Document or 1Document Separate Documents Uncollated Copies or UncollatedSeparate PRINT Network Printing Separate Documents Collated Copies or CollatedSeparate Single Document New Sheet or NewSheet Case is ignored See MULTIPLE DOCUMENT HANDLING DEFAULT keyword in Chapter 15 of the TCPware Management Guide for information on single document separate documents uncollated copies separate documents collated copies and single document new sheet handling PAGE RANGES range range Specifies the page numbers to print range is either a single integer page number or a pair of page numbers separated by a hyphen Multiple range specifications are separated by commas and enclosed in
408. t involves minimal processing Very similar to image mode In OpenVMS to FTP IMAGE conversion and OpenVMS file is read using block I O mode without regard to record structure In FTP IMAGE to OpenVMS conversion an OpenVMS file is created with the STREAM recordformat and 1s written using block I O mode Note No padding of the last block of data occurs Block mode is particularly useful for files with a STREAM STREAM CR STREAM LF or UNDEFINED record format FORTRAN Like formatted ASCII except that first character of each line controls how to display each line Conversions are the same as for formatted ASCII Attributes for the output file reflect that the file has a FORTRAN carriage control format Some hosts do not distinguish between FORTRAN carriage control and ASCII files and might not support this transfer format IMAGE EXE OLB MLB SYS SML ULB Fixed length binary records transferred as IMAGE In OpenVMS to FTP IMAGE conversion records are read as is In FTP IMAGE to OpenVMS conversion records are written as fixed length If the last record 15 too short less than 512 bytes it is padded with binary zeros VMS Use for RMS file transfers between OpenVMS systems Systems that support this structure negotiate it automatically The VMS file structure types are richer than those of UNIX for which FTP is designed Thus VMS and VMS Plus modes were added to help in trans
409. t is SYSSCOMMON SYSSLDR The remote working directory is usr users Default qualifiers are VMS SITE FTP Transferring Files SITE Issues a site specific command to the remote server Format SITE command Equivalents SITE HELP HELP REMOTE SITE REMOTEHELP SITE QUOTE HELP SITE Parameter command Site specific command string to send to the remote host Enclose the command in quotes if it contains special characters or embedded spaces or is case sensitive Site specific commands can vary depending on the remote FTP server some servers do not support any This command is often useful in obtaining information about the site specific commands if any the remote FTP server supports Example The following sends a site specific command SITE SPAWN PRINT MYFILE TXT to the remote server With the FTP OpenVMS server requests printing of the MYFILE TXT file gt SITE SPAWN PRINT MYFILE TXT PART II User Functions SPAWN SPAWN Executes DCL commands without exiting FTP Note Spawning is not allowed for CAPTIVE accounts Format SPAWN command line Parameter command line DCL command line you want executed If omitted spawns an interactive subprocess To return from an interactive subprocess enter LOGOUT Synonym Z command line Examples 1 The following displays the time on your local host without leaving Client FT FTP gt SPAWN SHOW TIME 3 NOV 2001 14 02 48 2 The following initiat
410. tchMode 16 9 BELL 3 69 BINARY 12 21 12 43 Index BRK 12 21 12 44 CERTENROLL 16 33 class keyword ALL 3 70 COMMANDS 3 70 NONE 3 70 PERFORMANCE 3 70 REPLIES 3 70 ClearAllForwardings 16 9 client FTP file transfer formats 3 11 BLOCK 3 12 formatted ASCII 3 11 formatted binary 3 11 FORTRAN 3 12 IMAGE 3 12 VMS 3 12 command line method 3 4 3 8 command reference 3 20 ACCOUNT 3 21 CLOSE 3 21 COPY 3 21 CREATE DIR 3 21 DEFINE KEY 3 21 DELETE 3 21 DIRECTORY 3 21 DISPLAY 3 21 ENABLE VMS PL 3 21 ERROR EXIT 3 21 EXIT 3 21 GET 3 21 HELP 3 21 LDIR 3 21 OPEN 3 21 PUT 3 21 PWD 3 21 QUOTE 3 21 REMOTEHELP 3 21 Index 1 Index RENAME 3 21 SET BELL 3 21 SET DEBUG 3 21 SET DEFAULT 3 21 SET HASH 3 21 SETLOWERCASE 3 21 SET PASSIVE 3 21 SET STATUS 3 21 SET VMS 3 21 SITE 3 21 SPAWN 3 21 STRUCTURE 3 21 TYPE 3 21 USER 3 21 components for access to network filesystem NFS OpenVMS Client 2 2 NFS OpenVMS Server 2 2 accessing network tape drives RCD client 2 9 RMT client 2 8 RMT service 2 9 additional management Network Control Utility NETCU 2 10 Simple Network Management Protocol SN MP services 2 10 configuring hosts DHCP BOOTP 2 9 Domain Name Services 2 9 Point to Point Protocol PPP 2 10 Serial Line IP SLIP protocol 2 10 logging in to remote hosts RLOGIN 2 5 RSH 2 5 TELNET OpenVMS 2 6 network printing line printer services 2 4 terminal server print services 2 4 securing network resources incomin
411. ter 10 Guide over the SMTP Chapter 17 network using Transferring Managing Mail the Simple Mail Mail Services Transfer Protocol SMTP TCPware provides both an SMTP client and a server IMAP Server Provide a The remote see the service so that system must Management remote PCs support the Guide access mail in IMAP protocol Chapter 17 VMS MAIL Managing Mail mailboxes using Services the the Internet IMAP Server Message Access section Protocol IMAP Server POP3 Server Provide a The remote see the service so that system must Management remote PCs support the Guide retrieve mail in POP3 protocol Chapter 17 VMS MAIL in Managing Mail boxes using the Services the Post Office POP3 Server Protocol POP3 section Server 2 7 PART I Introduction Table 2 5 TCPware Components for Sending Network Mail Continued messages on a split screen This AS a system component Allows you to To use it AS user manager TALK Utility Exchange real The remote see the User 5 time messages system must Guide with another support the Chapter 11 hostonthelocal talk protocol TALK or remote Exchanging network Terminal Display Messages simultaneously sent and received Accessing Network Drives You can access remote tape or CD ROM drives or provide access locally to remote users by using the TCPware for OpenVMS components i
412. terials provided with the distribution 3 All advertising materials mentioning features or use of this software must display the following acknowledgment This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit http www openssl org 4 The names OpenSSL Toolkit and OpenSSL Project must not be used to endorse or promote products derived from this software without prior written permission For written permission please contact openssl core openssl org 5 Products derived from this software may not be called OpenSSL nor may OpenSSL appear in their names without prior written permission of the OpenSSL Project 6 Redistributions of any form whatsoever must retain the following acknowledgment This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit http www openssl org THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT IS AND ANY EXPRESSED OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STR
413. terisk after the semicolon in a destination parameter preserves the file version when copying to a remote host If the file version in the source parameter already exists at the destination that version is overwritten at the destination Also you do not get a warning if a higher numbered destination version already exists If a DECnet file use the full OpenVMS filespec At this point the file transfer format you determined is important See the GET PUT and COPY commands in the Command Reference The RCP command is also available at the DCL prompt for remote file copies see Chapter 7 RCP Copying Files for details on its use Note FTP OpenVMS does fast transfers between two OpenVMS systems using VMS file structure or VMS Plus Mode for HP TCP IP Services for OpenVMS UCX servers When FTP OpenVMS identifies file transfers between two OpenVMS hosts running TCPware it automatically transfers files in large blocks rather than small records These VMS modes greatly increase the transfer speed and preserve all Record Management Services RMS file attributes The VMS modes are disabled with non OpenVMS systems See Table 3 2 on the previous page for the file transfer format descriptions 3 13 PART II User Functions Graphical user interface method To transfer files From local click one or more files on the Local part ofthe File Transfers screen see to remote Figure 3 3 and click Copy gt To give the file
414. that can only be distributed under the terms of this license agreement The DNSsafe software cannot be used or distributed separately from the BIND software You only have the right to use it or distribute it as a bundled integrated product The DNSsafe software can ONLY be used to provide authentication for resource records in the Domain Name System as specified in RFC 2065 and successors You cannot modify the BIND software to use the DNSsafe software for other purposes or to make its cryptographic functions available to end users for other uses If you modify the DNSsafe software itself you cannot modify its documented API and you must grant RSA Data Security the right to use modify and distribute your modifications including the right to use any patents or other intellectual property that your modifications depend upon You must not remove alter or destroy any of RSA s copyright notices or license information When distributing the software to the Federal Government it must be licensed to them as commercial computer software protected under 48 CFR 12 212 of the FAR or 48 CFR 227 7202 1 of the DFARS You must not violate United States export control laws by distributing the DNSsafe software or information about it when such distribution is prohibited by law THE DNSSAFE SOFTWARE IS PROVIDED AS IS WITHOUT ANY WARRANTY WHATSOEVER RSA HAS NO OBLIGATION TO SUPPORT CORRECT UPDATE OR MAINTAIN THE RSA SOFTWARE RSA DISCLAIMS ALL W
415. the IBM 3278 3 terminal type If possible Client TELNET resizes the local window to accommodate a 32 x 80 screen size for model 3 see Table 12 1 TELNET gt SET TERMINAL TYPE IBM 3278 3 12 60 SET TRANSLATION TELNET Connecting to Remote Terminals SET TRANSLATION Sets the carriage return line feed CR LF character translation Does not apply to TN3270 mode Format SET TRANSLATION Qualifiers RECEIVE keyword Specifies the mapping for characters received from the server before they become output See Table 12 10 for the keywords and their meaning The default is RECEIVE NONE SEND keyword Specifies the mapping for characters entered at the keyboard before Client TELNET sends them to the server See Table 12 10 for the keywords and their meaning The default is SEND CR Table 12 10 SET TRANSLATION Keywords Keyword Translation CR Client TELNET translates the carriage return character to a CR LF sequence LF Client TELNET translates the line feed character to a CR LF sequence NONE Client TELNET does not translate characters to the CR LF sequence 12 61 PART II User Functions SET NO XDISPLOC SET NOJXDISPLOC Enables or disables setting your current X display location on the remote end when communicating with a remote TELNET server that also supports this option Client TELNET checks whether the logical DECW DISPLAY is defined If it is and if the remote server asks for the
416. the TCPWARE KERBV4 REALM logical value determines the Kerberos realm RLOGIN AUTH IRIS 8 5 Chapter 9 RSH Issuing Commands on a Remote Host Introduction RSH is the Berkeley R Command utility you can use to execute a single command on a remote host without logging in This chapter is a summary of using the RSH command Before you use RSH make sure your host and or username is registered in the remote system s rhosts file if UNIX or SYSSLOGIN RHOSTS file if OpenVMS See the Management Guide Chapter 16 Managing R Commands for details on host equivalence files To use Kerberos version 4 authentication with the remote host make sure that your username and Kerberos realm are in the remote host s klogin file if UNIX or SYSSLOGIN KLOGIN file if OpenVMS To use Kerberos v4 authentication your system manager must configure TCPware s Kerberos Services You must also first get a ticket granting ticket TGT from the Kerberos Server See Chapter 4 Kerberos User Commands for details on getting a TGT If you request Kerberos authentication TCPware tests for it first If the test fails standard authentication is used instead With Kerberos v4 authentication you can specify the Kerberos realm using the REALM qualifier If omitted the TCPWARE KERBV4 REALM logical value determines the realm 9 1 PART II User Functions RSH RSH Executes a single command on a remote host The remote host must provide
417. the local forwarding information as the start of a new qualifier and SSH2 does not know or expect to find the around the forwarding information Note that the localhost inside of the forwarding string is important as it will make the connection to FTP on the remote system come from localhost which will then allow FTP to open the data port When a user desires to use an encrypted FTP connection the following sequence of commands would be issued PORT forward port number OPEN LOCALHOST Normal FTP authentication takes place and multiple FTP sessions may use a single forwarded port The FTP protocol filter in SSH2 scans the FTP command stream for the FTP PORT and PASV commands and their replies and makes substitutions in these commands and replies to use a secure data stream through the SSH2 session that has been set up This command will establish an encrypted FTP session with the remote host that the SSH connection is sent to To allow a single system to act as a gateway between two networks add ALLOW REMOTE CONNECT to the SSH command that initiates the connection 17 21 Secure File Transfer 17 22 Appendix References Introduction This appendix lists documentation to which you can refer for additional details about TCPware for OpenVMS TCP IP protocol suite networking concepts and related subjects TCPware for OpenVMS Documentation Be sure you have the following additional TCPware for OpenVMS docum
418. the system manager to determine the authentication methods offered by the SSH server Examples of such authentication methods include HostBased PublicKey and Password The client should be configured to not attempt any authentication method that is not offered by the server If a client attempts authentication methods not offered by the server the OpenVMS security auditing system may log several intrusion records for each attempt to create a session to that server The result being that the user could be locked out and prevented from accessing the server system 16 5 Accessing Remote Systems with the Secure Shell SSH Utilities without intervention from the server s system manager Session Termination The user can disconnect with All forwarded connections can be listed with All available escapes can be listed with A single tilde character can be sent as or by following the tilde with a character other than those described above The escape character must always follow a carriage return to be interpreted as special The escape character can be changed in configuration files or on the command line The session terminates when the command or shell on the remote system exits or when the user logs out of an interactive session and all X11 and TCP IP connections have been closed The exit status of the remote program is returned as the exit status of SSH X11 Forwarding With X11 in use t
419. they would with a traditional FTP session This is the default 1f no protection has been specified PRIVATE Data transfers are encrypted such that they cannot be read by an intermediate system and are integrity protected Example FTP gt PROTECTION CLEAR FTP gt PROTECTION PRIVATE 3 58 PUT FTP Transferring Files PUT Copies files to a remote host PUT supports full wildcard filespecs except wildcards enclosed in a quoted string Use the MULTIPLE qualifier for a wildcarded local file filespec PUT also supports use of asterisk wildcards after a semicolon in remote file specifications This creates the same version in the destination file as in the source file instead of creating a new version If the server is not OpenVMS the version number is part of the filename TCPware does not issue a warning if the server host already has a higher numbered version Graphical User Interface Equivalent TCPware FTP OpenVMS File Transfers Select file or files in Local Files Copy gt Give file new name if desired in New Remote File Dir Name Format PUT ocal file local file remote filename Synonyms and Equivalents COPY local file LOCAL remote filename MPUT wildcarded local files remote filename PUT local file MULTIPLE SEND local file local file remote filename Parameters local file Input filespec on the local host Must conform to OpenVMS filenaming rules Use a comma between multiple fil
420. time UT is for east of the central meridian is for west For example 04 00 00 is four hours east of the central meridian at Greenwich Another example eastern standard time EST is five hours west of UT so the offset is 0500 name an optional name for the time zone For example EDT for Eastern Daylight time Can be one of the following Universal Time UT UTC or GMT North American Time EST EDT CST CDT MST MDT PST PDT Military Time Any single uppercase letter A through Z except J this format is not recommended Any other character sequence The name is not validated and may be used by applications to report the local time zone B 29 PART III Appendixes Table B 1 TCPware Logicals Continued TCPWARE TSSYM qname Defines the parameters normally set with the ON qualifier Since you cannot use AUTOSTART ON together with the ON qualifier to initialize a terminal server print queue you need to define TCPWARE TSSYM qname for this purpose DEFINE SYSTEM TCPWARE TSSYM gname host port option TCPWARE TSSYM RETRY INTERVAL Defines the interval at which the symbiont retries to make a connection to a printer after an attempt fails The default 1s 0 15 15 seconds delta time TCPWARE TSSYM TIMEOUT Defines the time it takes for a print job to abort if the connection to the printer is never established The default timeout is infinite 1t never times out TCPWARE
421. tinuation line indicators Do not enter this option when you enter the job number or username parameters Examples 1 This command removes your currently active job from the default remote print queue LPRM 2 This command removes all jobs that belong to user smith from the Ip queue on host daisy LPRM P lp daisy SMITH 3 This command removes jobs 489 490 and 495 from the default remote print queue You can Issue this command if you own these jobs or you have OpenVMS OPER privilege on the remote host LPRM 489 490 495 4 If you have OpenVMS OPER privilege on the local host this command removes all jobs from the default remote print queue If you do not have this privilege this command removes only the jobs you own LPRM 5 13 PART II User Functions PRINT PRINT For Par Queues jobs for printing on a local or remote printer Useful for sending a print job to a printer attached to a terminal server For details on Terminal Server Print Services implementation see the QUEUE qualifier The OpenVMS process that controls OpenVMS queues determines the remote printer by checking the following items in this order 1 The TCPWARE LPR qname PRINTER system logical 2 The PARAMETERS qualifier 3 The TCPWARE LPR qname PRINTER DEFAULT system logical Information in this section applies only to using the TCPware for OpenVMS PRINT command with LPS and Terminal Server Print Services HP OpenVMS documentation provides complete
422. to Sending and Receiving Electronic Mail Bcc Sender X Department X Special user defined header Run the command procedure GTCPWARE CONFIG SMTP HEADERS The procedure checks for the TCPWARE SMTP USER HEADERS logical for header definitions If it does not find the logical it checks the SYSSLOGIN SMTP USER HEADERS COM file If it finds the file it comes back with the prompt SYSSLOGIN SMTP USER HEADERS COM Exists Load Yes If you want to accept the contents of the file press Return If the file did not load properly you can have it overwritten at the next prompt You then have the choice of adding to modifying or deleting the file exiting and saving or quitting without saving A dd Mlodify D elete e Xlit and Save or Q uit f you are adding a header the following prompt appears Add Header 1 Full Name 2 Comments 3 Reply To 4 Return Receipt To 5 Bcc 6 Sender 7 X Department 8 Other Which header would you like to add Enter the negative number value 1 Enter your full name 2 Enter a comments line 3 Enter a reply to name address 4 Enter a return receipt to name or address A return receipt to value is only valid if the system logical TCPWARE SMTP RETURN RECEIPT TO HEADER ENABLE is defined as 1 during configuration If this system logical is not defined or defined as 0 SMTP OpenVMS does not add the Return receipt to header to the mail message
423. tor QUIET Does not display any warning messages RECURSIVE Processes the entire directory tree 17 3 Secure File Transfer Table17 1 SCP Qualifiers Continued Qualifier Description REMOVE Removes the source files after copying TRANSLATE VMS Selects the VMS text files to be translated ALL NONE VARIABLE FIXED VFC default ALL Note that ASCII performs a similar function and may be supported in other SCP products VERBOSE Displays verbose debugging messages Equal to debug 2 VERSION Displays the version number only VMS Negotiates the ability to transfer VMS file information Note ASCII VMS and TRANSLATE_VMS are mutually exclusive File Specifications The source and destination strings are changed to lowercase unless they are enclosed in quotes in which case they are left the same File specification must be in UNIX format for remote systems unless the remote system is running TCPware 5 6 MultiNet v4 4 or higher or SSH for OpenVMS and VMS or TRANSLATE_VMS source files only are used UNIX format file specifications need to be enclosed in quotes if they contain the character to prevent the DCL parsing routines from interpreting the string as a qualifier Qualifiers ASClil newline convention Uses the newline convention specified if the server does not specify a newline convention Available conventions are dos r n mac r unix
424. tored at the destination Applies to local output image files only VMS Transfers the file in VMS file mode see Table 3 2 Allows you to transfer any type of RMS file between OpenVMS systems A positional qualifier If you use VMS Client FTP ignores APPEND ASCII BINARY BLOCK FORTRAN IMAGE and VARIABLE If you specify both RECORD and VMS Client FTP uses VMS Not all servers support VMS files If the server does and you do not specify another mode using a qualifier or the STRUCTURE or SET DEFAULT commands VMS is the default Examples 3 52 1 The following copies the DATA1 TXT and DATA2 TXT files from the remote host to the local system assuming that a connection to the remote host is currently open FTP gt GET DATA1 TXT DATA2 TXT 2 The following copies all remote files with extension BAS from a remote OpenVMS host to the local host gt MGET BAS 3 The following copies the STUFF TXT file from DELTA s anonymous directory It is equivalent to having used ANONYMOUS Sends the ANONYMOUS user email address username and password with the command FTP gt RECV DELTA STUFF TXT HELP FTP Transferring Files HELP Accesses the Client FTP online help Client FTP help uses the OpenVMS interactive help facility To exit the help facility press Return until you return to the FTP gt prompt See the REMOTEHELP command or the REMOTE qualifier for access to the remote server s online help Forma
425. tures for Securing Network Resources Continued This component Allows you to AS a system manager see the Management Guide AS user see the User s Guide OpenVMS Kerberos Use Kerberos V4 Chapter 23 Chapter 8 RLOGIN Authentication for authentication with Managing Kerberos Logging in to a RLOGIN the RLOGIN Remote Host Berkeley Command Kerberos Use Kerberos V4 Chapter 23 Chapter 9 RSH Authentication for authentication with Managing Kerberos Issuing Commands on RSH the RSH Berkeley R the Remote Host Command Kerberos Use Kerberos V4 Chapter 12 TELNET Authentication for authentication with Connecting to Remote TELNET TELNET Terminals IP Security Option Provide IP datagram Chapter 24 IP card token and TCPware s ACE Client and its use of the ACE Server to authenticate logins from FTP OpenVMS TELNET OpenVMS RLOGIN and SET HOST sessions Authentication IPSO protection using the Security Option IP Security Option IPSO IPSO protocol Token Use a Security Chapter 22 Chapter 14 Token Authentication Dynamics smart Managing Token Authentication Protecting Logins 2 14 Functional Overview Table 2 11 TCPware Features for Securing Network Resources Continued of the software that allows secure interactive connections to other computers in the manner of rlogin rshell telnet AS a system manager s
426. u type You can specify LOCK STATE only on the same command line as SET STATE DEFINE KEY FTP Transferring Files SET STATE state name NOSET STATE default SET STATE specifies the state name an alphanumeric string you want set for the key The default is NOSET STATE where the current state locked by LOCK STATE is in effect TERMINATE NOTERMINATE default TERMINATE specifies that Client FTP terminates effectively executes the current equivalence string when someone presses the defined key NOTERMINATE allows you to create key definitions that insert text into command lines after prompts or into other typed text Example The following sets the F1 key on the keyboard to the SMITH SECRET USERS string sets the state to 1 and locks the state for that definition FTP gt DEFINE KEY F1 SMITH SECRET USERS SET 1 LOCK PART II User Functions DELETE DELETE Deletes files or directories on the remote host Some remote hosts might not support file or directory deletion operations Graphical User Interface Equivalent TCPware FTP OpenVMS File Transfers Select file or files in Remote Files or directory or directories in Remote Directories Delete for files or Del Dir for directories The remote file listing displays version numbers of files Only the highest numbered version appears in the list Use Refresh gt to refresh the remote listing display Format DELETE file file
427. ular expressions e g subst emailregex a z foo com would be any trusted certificate having e mail alternative name of username ag foo com to login with userid lt username gt SerialAndIssuer is the serial number and DN of the issuer separated by whitespace DNs are used in reverse LDAP order e g c US o Foobar cn Dilbert Dogbert SSH2 Hostkey Authentication Using Certificates Server setup 1 2 3 Create a certificate for the server Host certificate must contain FODN as DNS alternative name Copy the private key and certificate into TCPWARE SSH2 HOSTKEY DIR directory Add the following entries into ssh2 dir sshd2 config file HostKeyFile tcpware ssh2 hostkey dir lt hostcert gt HostCertificateFile tcpware ssh2 hostkey dir hostcert crt Client setup 1 2 Note 16 20 Copy the CA certificate in TCPWARE SSH2 HOSTKEY DIR directory Add the following entries into ssh2 dir ssh2 config HostCA tcpware ssh2 hostkey dir CAcert crt DefaultDomain domain of the FQDN of the client For testing purposes you can use HostCANoCRLs instead of HostCA to disable CRL checking Accessing Remote Systems with the Secure Shell SSH Utilities Port Forwarding Port forwarding is a mechanism whereby programs that use known TCP IP ports can have encrypted data forwarded over unsecure connections This is also known as tunneling If the user is using an authentication agent the connection to the agent
428. uld not in SYSSLOGIN be readable by anyone but the user It 1s possible to specify a passphrase when generating the key That passphrase is used to encrypt the private part of this file This file is not used by SSHAGENT but is added to the agent using SSHADD at login SSHADD Adds identities for the authentication agent SSHADD OPTIONS FILE FILE FILE DESCRIPTION SSHADD adds identities to SSHAGENT the authentication agent When run without arguments SSHADD adds the file SSH IDENTITY Alternative file names can be given on the command line If any file requires a passphrase SSHADD asks for the passphrase from the user The authentication agent must be running and must have been executed by the user for SSHADD to work File is an identity or certificate file If no file is specified the files in the users SSH2 directory are used OPTIONS HELP Display help text LIST List all identities currently represented by the agent LOCK Lock the agent with a password NOSSHI Agent cannot use SSHI keys PURGE Remove all identities from the agent 16 32 Accessing Remote Systems with the Secure Shell SSH Utilities REMOVE Remove the identity from the agent In order to remove identities you must either issue the command from the subdirectory that the identities are located in or issue the command using the full path name of the identity as 15 seen in an SSHADD LIST co
429. ur application at the DCL prompt as with a non permanent NTA device The difference is that handing off the NTA device to another process and recovery of a broken connection are enhanced 12 9 PART II User Functions 3 In handing off the NTA device to another process you may wish to change its protection In VMS 5 use SET PROTECTION or SET DEVICE ACL VMS 6replaces these commands with SET SECURITY PROTECTION ACL Example 12 6 Setting up a Permanent NTA Device TELNET gt OPEN MARGE 7 LOGICAL MY PORT _TELNET gt CREATE PERMANENT INTERVAL 10 RETRIES 10 STCPWARE TELNET I CREATED NTA1 created GMY APPLICATION MY PORT Note For information on LOGICAL qualifier see 12 33 Handling a Broken Connection If the connection to the remote port is broken a temporary NTA device 15 reported as Offline with QIO s failing with a SS DEVOFFLINE status For a permanent NTA device however The NTA devchar is marked UNAVAILABLE which can be viewed by using SYS GETDVI to check if DVI DEVCHAR s DEV V_AVL 0 Ifa terminal Ctrl Y AST is set up the AST fires up Setup Disable Ctrl Y handling by DCL using LIBBDISABLE CTRL amp LIB M CLI CTRLY 0 and set up the AST using SYSSQIOW with IO SETMODE IO M_CTRLYAST Terminal I Os queued in the TTdriver are completed with the I O Status Block IOSB having a status of SS HANGUP A new write buffers the data so that it can be sent when
430. url gt Specify the URL of the Certification Authority DEBUG n Set debug to level n 0 60 ENROLLMENT_PROTOCOL Use specified enrollment protocol SCEP or CMP prot EXTENSIONS Enable extensions in the subject name GENERATE KEY Generate a new private key HELP Print this help text 16 37 Accessing Remote Systems with the Secure Shell SSH Utilities PROXY URL lt url gt Specify the URL of the HTTP proxy server URL to be used when connecting to the certification authority REFNUM refnum key Specify the CMP enrollment reference number and key SOCKS_SERVER lt url gt Specify the URL of the SOCKS server URL to be used when connecting to the certification authority SUBJECT lt subject gt Specifies the subject name for the certificate TYPE rsa dsa Specify the key type to generate default RSA USAGE_BITS n Specify the key usage bits VERSION Print the version information for this program 16 38 Accessing Remote Systems with the Secure Shell SSH Utilities Examples Enroll a certificate and generate a DSA private key cmpclient type dsa generate key base mykey refnum 12345 abcd ca url http www ca auth domain 8080 pkix subject c us o foobar cn Dilbert Dogbert ca certification crt This will generate a private key called mykey prv and a certificate called mykey 0 crt 2 Enroll a certificate
431. use instead of the one determined by the value of the logical TCPWARE KERBV4 REALM Converted to lowercase unless you enclose it in double quotes USERNAME login name Alternate login name Converted to lowercase unless you enclose it in double quotes 4 3 PART II User Functions GET TGT Example NETCU GET TGT Password Gets a ticket granting ticket for the logged in user If the user logged in as SYSTEM SYSTEM 15 used as the Kerberos username f the user logged in as FRED FRED is used as the Kerberos username 4 4 REMOVE TICKETS Kerberos User Commands REMOVE TICKETS For Kerberos users Removes your ticket granting ticket and application service tickets if any See the SHOW TICKETS command to view the user s ticket granting ticket and any application service tickets contained in the user s ticket file The name of the ticket file is determined by the value ofthe TCPWARE KERBV4_ TKFILE logical usually set to SYS SLOGIN KERBV4 TICKET REMOVE TICKETS is equivalent to the UNIX command kdestroy Format REMOVE TICKETS Qualifiers BELL NOBELL default Specifies whether the terminal bell should sound when an error occurs when trying to remove tickets The default is NOBELL STATUS default NOSTATUS Specifies whether to display a message when removing tickets The default is STATUS Example NETCU REMOVE TICKETS Removes the ticket granting ticket and application service tickets if any Trou
432. username and password The initialize command was unrecognized by the tape drive on the UNIX system and rejected The tar utility examines the contents of the tape which was written from the UNIX system tar is available over the network and is an alternative to the EXCHANGE utility rmtsetup sigma nene com dev rstO username system password Password for root on host SIGMA NENE COM 6 5 PART II User Functions RMTSETUP 6 6 initialize tcpware tape test INIT F UNSUPPORTED unsupported operation or function mount foreign record size 512 tcpware tape tar ftv tcpware tape 644 4069 Jun 1 16 29 21 2001 etc hosts End of Tar file found Do you wish to move past the EOF mark y n n dismount tcpware tape deallocate tcpware tape 3 This example requests access to CD ROM drive DKA100 onremote host roman mounts the CD ROM using MY CD as the logical name and requests a directory listing rmtsetup cd log roman 100 my cd Connecting to RCD server on host ROMAN through port 514 rsh Opening DKA100 _RCD1 created mount my cd override id MOUNT I WRITELOCK volume is write locked SMOUNT I MOUNTED OPENVMS062 mounted on ALTARFSRCDI1 dir my cd 0 0 Chapter 7 RCP Copying Files Introduction The Remote Copy Program RCP is a command you can use to copy files between your local OpenVMS host and a remote host TCPware provides RCP as part of the FTP OpenVMS product For
433. with the SCP command which uses SSH for access to the remote system TELNET OpenVMS Virtual terminal service that lets you have immediate access to remote systems Provides a Virtual Terminal Networking TELNET protocol client and server Kerberos authentication is also available Also includes a Subroutine Library to develop TELNET application programs Token Authentication is also available for TELNET OpenVMS 1 3 PART I Introduction 1 4 Table1 1 TCPware for OpenVMS Family Members Continued Component Features TCP OpenVMS TCP IP base component that includes protocols for the network layer IP ICMP ARP and RARP and transport layer TCP and UDP Provides utilities for network management and control For Domain Name Services DNS Simple Network Management Protocol SNMP Services Network Control Utility NETCU and Network Time Synchronization see the Network Management entry in Table 1 2 Berkeley R Commands Access hosts in a TCP IP network by logging in RLOGIN executing remote commands RSH and controlling remote tape drives RMT and CD ROM drives RCD Kerberos V4 authentication is also available for RLOGIN and RSH Token Authentication is also available for RLOGIN Line Printer Services Manipulate local or remote print queue functions based on the client and server ends of the BSD4 3 Line Printer Protocol Terminal Server Print Services Send p
434. would you like to remove The procedure asks for confirmation and returns to the above prompt unless you enter Return Removed files show up as being deleted in the Your Current Headers list until you add a new header or exit and reenter the procedure Chapter 11 TALK Exchanging Terminal Messages Introduction The TALK utility allows you to exchange messages you type at your terminal with another local or remote user You do not need to wait between sending your message and receiving one from your destination user TALK uses a split screen where what you type is on the top half and what the other person types is on the bottom This allows you to talk in real time Using TALK First make sure the OpenVMS Phone Utility 1s on If you show the broadcast status for your terminal and get something like the following SHOW BROADCAST Broadcasts are currently disabled for PHONE MAIL QUEUE SHUTDOWN Then you enable phone broadcasting as follows SET BROADCAST PHONE To set up and invoke TALK enter at the DCL prompt TALK TCPWARE TALK EXE TALK username host ttyname If you are communicating with another local user type the user s username If communicating with a user on another system use the username host syntax You can also include the terminal port t tyname as a parameter Most UNIX servers only ring one of and not all the remote user s terminals If the remote user is logged in many times and you would
435. ws source LOCAL is implicit for destination If REMOTE is omitted Client FTP searches for a node if found Client FTP assumes the file is remote Do not use for both source and destination See the destination parameter on how to preserve version numbers on a remote copy MULTIPLE Transfers multiple files Use after source only Include wildcards in source only because some remote hosts do not recognize the OpenVMS asterisk and percent characters as wildcards The remote host s server must support the FTP NLST command Not all servers support VMS files If the server does and you do not specify another mode using a qualifier or the STRUCTURE or SET PART II User Functions COPY DEFAULT commands VMS is the default File Type Qualifiers Positional If you omit one of the file type qualifiers Client FTP transfers the file based on either The current default setting for example ASCII or IMAGE The extension type of the file you want to copy see Table 3 2 Setting a file type qualifier overrides the default transfer format for this transaction only See also the SET DEFAULT command ASCII Transfers the preceding file in formatted ASCII format see Table 3 2 BINARY Transfers the preceding BIN LDA OBJ or STB file in formatted binary format BLOCK Transfers the preceding STREAM STREAM CR STREAM LF or UNDEFINED file in block mode see Table 3 2 FORTRAN Transfers the preceding file in F
436. xhost src file This command copies the complete remote UNIX system directory tree src dir to the local subdirectory DST DIR while logging the copy of each file rcp recursive log unixhost src dir dst dir The first of these two commands only copies the src dir subdirectory to a UNIX system The second command copies the whole subtree rcp recursive src dir unixhost dst dir rcp src dir unixhost dst dir This command copies the complete local subdirectory tree SRC DIR to a remote OpenVMS host s destination directory while preserving the directory hierarchy rcp sre dir vmshost dst dir This command copies all files under the local SRC_DIR directory to a remote OpenVMS host s destination directory This does not preserve the copied directory s hierarchy rcp sre dir vmshost dst dir This command copies all directories and files under the local DIR directory to a remote OpenVMS host user s login directory on the DKA300 device use the double quotes rcp src dir vmshost dka300 login This command copies the local SRC FILE on device 100 to dst file on a remote host Double quotes are needed to specify a device name The NOVMS qualifier allows RCP to copy compatibly to an OpenVMS host running HP TCP IP Services for OpenVMS UCX rcp novms dkal00 src dir src file host dst file This command copies the local SRC_FILE to some dst file if the remote host is a UNIX sy
437. xt file to a default printer on a queue but specify the document format and additional copies PRINT QUEUE iprinter queue PARAM document text plain copies 3 foo txt TCPWARE IPP SHOW Command 5 22 The TCPWARE IPP SHOW utility allows a user to learn the capabilities supported by an IPP server This utility queries the server and displays the supported attributes The program can be used to check on the capabilities of a given server When called from a DCL script or other program it can be used to gather information about a number of printers or used to match printer capabilities with the needs of a given print job For detailed information on the IPP SHOW command see Chapter 15 of the TCPware Management Guide Chapter 6 RCD and RMT Remote CD ROMs and Tapes Introduction The Remote Magnetic Tape RMT Client and Remote Compact Disc RCD Client provide access to tape drives and CD ROM drives respectively on remote TCP IP systems This chapter describes how to set up RMT and RCD on your OpenVMS system so that you can use the commands typically associated with tape and CD ROM drives such as BACKUP MOUNT COPY and EXCHANGE RMT Client and RCD Client To use a remote tape or CD ROM you must first connect to the server system with the RMTSETUP command which creates a pseudodevice You can then use OpenVMS commands such as BACKUP MOUNT COPY and EXCHANGE These are the same commands issued directly to the phys
438. y 2 Glossary Glossary of Terms Continued cluster alias failover System whereby a node in a VMScluster the alias can accept incoming connection requests for a server if the servicing node goes down Used primarily with the Network File System NFS Compressed SLIP CSLIP See Serial Line IP SLIP connectionless service Service that presents data complete with a destination address and the network delivers it on a best effort basis independent of other data exchanged between the same pair of users Examples include IP and UDP connection oriented service Service that implements a connection setup procedure before it can exchange data between two users Connection oriented services or protocols provide data transfer that is reliable ordered full duplex and flow controlled TCP is a connection oriented service data circuit terminating Term the X 25 protocol standards use that applies to switching equipment DCE equipment that forms a packet switched network to distinguish it from the computers or terminals that connect to the network datagram Single message unit IP uses over an internet and consisting of protocol headers and data data terminal equipment DTE Term X 25 protocol standards use that applies to computers and or terminals to distinguish them from the packet switching network to which they connect delta time The delta time syntax is dddd hh mm
Download Pdf Manuals
Related Search