Users that are going to use SSH Tectia Server for IBM z/OS from a remote host must have an OMVS segment in their RACF profile. In addition, if a user is going to access the USS shell or execute USS shell commands or run SSH Tectia Server for IBM z/OS client programs on the mainframe, the user must have a home directory in the USS file hierarchy. The requirements are the same as for accessing USS with Telnet on port 1023.
z/OS users that are going to use the SSH Tectia Server for IBM z/OS client programs to access remote hosts need the same OMVS environment.
The ADDUSER job located in SAMPLIB creates a new user profile and a home directory (shown below).
ADDUSER:
//*
//* Define a new user in RACF. The user will be able to use
//* TSO and USS.
//*
//* Change
//* - the user id (do ===> change PREVUSR JOHND,all)
//* - the user name
//* - the UID (unique for a typical user, 0 for sysadms)
//* - the home directory (may be lower case)
//*
//*
//ADDUSR EXEC PGM=IKJEFT01,DYNAMNBR=75,TIME=100,REGION=6M
//SYSPRINT DD SYSOUT=*
//SYSTSPRT DD SYSOUT=*
//SYSTERM DD DUMMY
//SYSTSIN DD *
DELUSER PREVUSR
ADDUSER PREVUSR +
NAME('Previous User') +
OWNER(IBMUSER) +
PASSWORD(INITPW) +
TSO( +
ACCTNUM(ACCT#) +
PROC(ISPFPROC) +
COMMAND(ISPF) +
JOBCLASS(A) +
MSGCLASS(X) +
HOLDCLASS(X) +
SYSOUTCLASS(X) +
SIZE(40000) +
MAXSIZE(0) ) +
OMVS(HOME('/home/prevusr') +
PROGRAM('/bin/sh') +
UID(512) )
PERMIT JCL CLASS(TSOAUTH) ID(PREVUSR) ACCESS(READ)
PERMIT OPER CLASS(TSOAUTH) ID(PREVUSR) ACCESS(READ)
PERMIT ACCT# CLASS(ACCTNUM) ID(PREVUSR) ACCESS(READ)
PERMIT ISPFPROC CLASS(TSOPROC) ID(PREVUSR) ACCESS(READ)
SETROPTS REFRESH RACLIST(TSOPROC)
SETROPTS REFRESH RACLIST(TSOAUTH)
SETROPTS REFRESH RACLIST(ACCTNUM)
/*
Reduce Secure Shell risk. Get to know the NIST 7966.
The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government. Download now
ISACA Practitioner Guide for SSH
With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community. Download now