Your browser does not allow this site to store cookies and other data. Some functionality on this site may not work without them. See Privacy Policy for details on how we would use cookies.

SSH Tectia 
PreviousNextUp[Contents] [Index]

    About This Document >>
    Installing SSH Tectia Server for IBM z/OS >>
    Using SSH Tectia Server for IBM z/OS >>
        Configuration Files>>
        Running the Server >>
        Setting Up a Shell User
            Authenticating Remote Server Hosts
            Using Password Authentication
            Using Public-Key Authentication
        Running Client Programs>>
        Handling MVS Datasets and HFS File System Access>>
        Listing Datasets with SFTP Clients>>
    Configuring the Server >>
    Configuring the Client >>
    Authentication >>
    Troubleshooting SSH Tectia Server for IBM z/OS >>
    Examples of Use >>
    Man Pages >>
    Log Messages >>

Setting Up a Shell User

Users that will use SSH Tectia Server for IBM z/OS from a remote host must have an OMVS segment in their RACF profile. In addition a user must have a home directory in the USS file hierarchy if he is going to access the USS shell or execute USS shell commands or run SSH Tectia Server for IBM z/OS client programs on the mainframe. The requirements are the same as for accessing USS with Telnet on port 1023.

z/OS users that will use the SSH Tectia Server for IBM z/OS client programs to access remote hosts need the same OMVS environment.

The ADDUSER job located in SAMPLIB creates a new user profile and a home directory (shown below).

ADDUSER:

//*
//* Define a new user in RACF. The user will be able to use
//* TSO and USS.
//*
//* Change
//*   - the user id (do ===> change PREVUSR JOHND,all)
//*   - the user name
//*   - the UID (unique for a typical user, 0 for sysadms)
//*   - the home directory (may be lower case)
//*
//*
//ADDUSR  EXEC PGM=IKJEFT01,DYNAMNBR=75,TIME=100,REGION=6M
//SYSPRINT DD  SYSOUT=*
//SYSTSPRT DD  SYSOUT=*
//SYSTERM  DD  DUMMY
//SYSTSIN  DD *
  DELUSER PREVUSR
  ADDUSER PREVUSR +
    NAME('Previous User') +
    OWNER(IBMUSER) +
    PASSWORD(INITPW) +
    TSO( +
      ACCTNUM(ACCT#) +
      PROC(ISPFPROC) +
      COMMAND(ISPF) +
      JOBCLASS(A) +
      MSGCLASS(X) +
      HOLDCLASS(X) +
      SYSOUTCLASS(X) +
      SIZE(40000) +
      MAXSIZE(0) ) +
    OMVS(HOME('/home/prevusr') +
      PROGRAM('/bin/sh') +
      UID(512) )
  PERMIT   JCL      CLASS(TSOAUTH) ID(PREVUSR) ACCESS(READ)
  PERMIT   OPER     CLASS(TSOAUTH) ID(PREVUSR) ACCESS(READ)
  PERMIT   ACCT#    CLASS(ACCTNUM) ID(PREVUSR) ACCESS(READ)
  PERMIT   ISPFPROC CLASS(TSOPROC) ID(PREVUSR) ACCESS(READ)
  SETROPTS REFRESH  RACLIST(TSOPROC)
  SETROPTS REFRESH  RACLIST(TSOAUTH)
  SETROPTS REFRESH  RACLIST(ACCTNUM)
/*

Note: The job deletes any existing profiles.

Note: See the Section File Transfer Environment Variables on how to control file transfer.

Authenticating Remote Server Hosts

Using Password Authentication

Using Public-Key Authentication

PreviousNextUp[Contents] [Index]


[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]

Copyright © 2006 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Copyright Notice

===AUTO_SCHEMA_MARKUP===