Using Secure Shell Session Rights

If your administrator has assigned you the sshd or ssh right, login-all right, or a custom PAM access right, you can use secure shell rights to perform specific operations on remote computers. The following are a list of predefined secure shell session-based rights that might be assigned to you:

• dzssh-all grants access to all available secure shell services.

• dzssh-direct-tcpip allows local and dynamic port forwarding (ssl-L, ssh -D).

• dzssh-exec allows command execution.

• dzssh-scp allows secure copy (scp) operations.

• dzsh-shell allows secure terminal (tty/pty) connections.

• dzssh-Subsystem allows external subsystems, with the exception of the sftp subsystem, which has its own right.

• dzssh-tcpip-forward allows remote port forwarding (ssh -R).

• dzssh-tunnel allows tunnel device forwarding.

• dzssh-x11-forwarding allows X11 forwarding.

• dzssh-sftp allows SSH File Transfer Protocol.

  Starting in the Verify Privilege Server Suite 2023.1 release, the scp command's default protocol is now the sftp protocol. When scp uses the sftp protocol it is required to assign dzssh-sftp to the user. When the scp protocol specifies the -O option, it is required to assign dzssh-scp to the user.