The available SSH channel types and their functionalities are described below. For details on configuring Channel Policies, see Creating and editing channel policies. For a list of supported client applications, see Supported protocols and client applications.
Agent: Forwards the SSH authentication agent from the client to the server.
X11 Forward: Forwards the graphical X-server session from the server to the client. Enter the address of the client into the Details > Target address field to permit X11-forwarding only to the specified clients. Specify IP addresses or networks (in IP address/Prefix format).
|
NOTE:
Certain client applications send the Target address as a hostname, while others as an IP address. If you are using a mix of different client applications, you might have to duplicate the channel rules and create IP-address and hostname versions of the same rule. |
Local Forward: Forwards traffic arriving to a local port of the client to a remote host. To enable forwarding only between selected hosts, enter their IP addresses into the Details field. If the Details field is empty, local forwarding is enabled without restriction, the client may forward any traffic to the remote host. Enter the source of the forwarded traffic into the Originator, the target of the traffic into the Target field. Specify IP addresses or networks (in IP address/Prefix format). These parameters are the end-points of the forwarded traffic (that is, the local host that sends data to the remote host), and not the SSH server or the client.
For example, to enable forwarding from the 192.168.20.20 host to the remote host 192.168.50.50, enter 192.168.20.20 into the Originator, and 192.168.50.50 into the Target field.
Figure 188: Local TCP forwarding
|
NOTE:
Certain client applications send the Originator and Target addresses as hostnames, while others as IP addresses. If you are using a mix of different client applications, you might have to duplicate the channel rules and create IP-address and hostname versions of the same rule. |
Remote Forward: Forwards traffic arriving a remote port of the server to the client. To enable forwarding only between selected hosts, enter their IP addresses into the Details field. If the Details field is empty, remote forwarding is enabled without restriction, the SSH server may forward any traffic to the client. Enter the source of the forwarded traffic into the Originator, the target of the traffic into the Target field. Specify IP addresses or networks (in IP address/Prefix format). These parameters are the end-points of the forwarded traffic (that is, the remote host that sends data to the client), and not the SSH server.
For example, to enable forwarding from the 192.168.20.20 remote host to the client 192.168.50.50, enter 192.168.20.20 into the Originator, and 192.168.50.50 into the Target field.
Figure 189: Remote TCP forwarding
|
NOTE:
Certain client applications send the Originator and Target addresses as hostnames, while others as IP addresses. If you are using a mix of different client applications, you might have to duplicate the channel rules and create IP-address and hostname versions of the same rule. |
Session Exec: Execute a remote command (for example rsync) without opening a session shell. Enter the permitted command into the Permitted commands field. You can use regular expressions to specify the commands. This field can contain only letters (a-z, A-Z), numbers (0-9), and the following special characters ({}()*?\\|[]).
|
Caution:
Restricting the commands available in Session Exec channels does not guarantee that no other commands can be executed. Commands can be renamed, or executed from shell scripts to circumvent such restrictions. |
Session Exec SCP: Transfers files using the Secure Copy (SCP) protocol.
To make the list of file operations available in the File operations column of the Search page, navigate to the Channel Policies page of the protocol, and enable the Log file transfers to database option. This option is disabled by default.
To send the file operations into the system log, enable the Log file transfers to syslog option. This option is disabled by default.
|
NOTE:
Turning logging on might result in a slight performance penalty. If traffic load slows processes down, disable the option. |
|
Caution:
The WinSCP application does not follow the RFC of the SCP protocol properly, but transfers files in a Session Shell channel instead of a Session Exec SCP channel. This has the following results:
|
Session Subsystem: Use a subsystem. Enter the name of the permitted subsystem into the Details field.
Session SFTP: Transfers files using the Secure File Transfer Protocol (SFTP).
To make the list of file operations available in the File operations column of the Search page, navigate to the Channel Policies page of the protocol, and enable the Log file transfers to database option. This option is disabled by default.
To send the file operations into the system log, enable the Log file transfers to syslog option. This option is disabled by default.
|
NOTE:
Turning logging on might result in a slight performance penalty. If traffic load slows processes down, disable the option. |
Session Shell: The traditional remote terminal session.
|
Caution:
The WinSCP application does not follow the RFC of the SCP protocol properly, but transfers files in a Session Shell channel instead of a Session Exec SCP channel. This has the following results:
|
© ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center