Your browser does not allow storing cookies. We recommend enabling them.
SSH.COM uses cookies to give you the best experience and most relevant marketing. More info
DECLINE Warning: Some functionality on this site will not work without cookies and our advertising will be less relevant!GOT IT!

SSH Tectia 
PreviousNextUp[Contents] [Index]

    About This Document >>
    Installing SSH Tectia Server for IBM z/OS >>
    Using SSH Tectia Server for IBM z/OS >>
        Running the Server >>
        Setting Up a Shell User
            Authenticating Remote Server Hosts
            Using Password Authentication
            Using Public-Key Authentication
        Running Client Programs>>
        Handling MVS Datasets and HFS File System Access>>
        Listing Datasets with SFTP Clients>>
    Configuring the Server >>
    Configuring the Client >>
    Authentication >>
    Troubleshooting SSH Tectia Server for IBM z/OS >>
    Examples of Use >>
    Man Pages >>
    Log Messages >>

Setting Up a Shell User

Users that are going to use SSH Tectia Server for IBM z/OS from a remote host must have an OMVS segment in their RACF profile. In addition, if a user is going to access the USS shell or execute USS shell commands or run SSH Tectia Server for IBM z/OS client programs on the mainframe, the user must have a home directory in the USS file hierarchy. The requirements are the same as for accessing USS with Telnet on port 1023.

z/OS users that are going to use the SSH Tectia Server for IBM z/OS client programs to access remote hosts need the same OMVS environment.

The ADDUSER job located in SAMPLIB creates a new user profile and a home directory (shown below).

ADDUSER:

//*
//* Define a new user in RACF. The user will be able to use
//* TSO and USS.
//*
//* Change
//*   - the user id (do ===> change PREVUSR JOHND,all)
//*   - the user name
//*   - the UID (unique for a typical user, 0 for sysadms)
//*   - the home directory (may be lower case)
//*
//*
//ADDUSR  EXEC PGM=IKJEFT01,DYNAMNBR=75,TIME=100,REGION=6M
//SYSPRINT DD  SYSOUT=*
//SYSTSPRT DD  SYSOUT=*
//SYSTERM  DD  DUMMY
//SYSTSIN  DD *
  DELUSER PREVUSR
  ADDUSER PREVUSR +
    NAME('Previous User') +
    OWNER(IBMUSER) +
    PASSWORD(INITPW) +
    TSO( +
      ACCTNUM(ACCT#) +
      PROC(ISPFPROC) +
      COMMAND(ISPF) +
      JOBCLASS(A) +
      MSGCLASS(X) +
      HOLDCLASS(X) +
      SYSOUTCLASS(X) +
      SIZE(40000) +
      MAXSIZE(0) ) +
    OMVS(HOME('/home/prevusr') +
      PROGRAM('/bin/sh') +
      UID(512) )
  PERMIT   JCL      CLASS(TSOAUTH) ID(PREVUSR) ACCESS(READ)
  PERMIT   OPER     CLASS(TSOAUTH) ID(PREVUSR) ACCESS(READ)
  PERMIT   ACCT#    CLASS(ACCTNUM) ID(PREVUSR) ACCESS(READ)
  PERMIT   ISPFPROC CLASS(TSOPROC) ID(PREVUSR) ACCESS(READ)
  SETROPTS REFRESH  RACLIST(TSOPROC)
  SETROPTS REFRESH  RACLIST(TSOAUTH)
  SETROPTS REFRESH  RACLIST(ACCTNUM)
/*

Note: The job deletes any existing profiles.

Note: See the Section File Transfer Environment Variables on how to control file transfer.

Authenticating Remote Server Hosts

Using Password Authentication

Using Public-Key Authentication

PreviousNextUp[Contents] [Index]

[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]

Copyright © 2006 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Copyright Notice


 

 
What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.



    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now

  • ISACA Practitioner Guide for SSH



    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now