Your browser does not allow storing cookies. We recommend enabling them.

SSH Tectia 
PreviousNextUp[Contents] [Index]

    About This Document >>
    Installing SSH Tectia Server for IBM z/OS >>
    Getting Started with SSH Tectia Server for IBM z/OS >>
    Configuring the Server >>
        Server Configuration Files >>
        Subconfigurations >>
        Ciphers and MACs >>
        Configuring Root Logins
        Restricting User Logins
        Subsystems
        Auditing >>
        Securing the Server >>
            System Administration
            File Transfer
            Tunneling
        Default sshd2_config Configuration File
        Default ssh_certd_config Configuration File
    Configuring the Client >>
    Authentication >>
    Transferring Files >>
    Tunneling >>
    Troubleshooting SSH Tectia Server for IBM z/OS >>
    Advanced Information >>
    Man Pages >>
    Log Messages >>

File Transfer

If SSH Tectia Server for IBM z/OS is used for file transfer only, it is advisable to disable tunneling and terminal access to the server.

Enabling the SFTP Subsystem

To allow the users to connect with SFTP to SSH Tectia Server for IBM z/OS, the secure file transfer subsystem has to be defined in the sshd2_config file:

subsystem-sftp      /usr/lpp/ssh2/libexec/sft-server-g3

Disabling Tunneling

If you are sure you or your users do not need to create tunnels (possibly going around firewall restrictions or such), you can disable tunneling (port forwarding) altogether by adding the following to your sshd2_config:

AllowTcpForwarding       no

Disabling Terminal Access

The following configuration option of SSH Tectia Server for IBM z/OS will deny the group sftpusers terminal access.

Terminal.DenyGroups       sftpusers

PreviousNextUp[Contents] [Index]


[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]

Copyright © 2007 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Copyright Notice


 

 
Highlights from the SSH.COM blog:

  • Cryptomining with the SSH protocol: what big enterprises need to know about it

    Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency.
    Read more
  • SLAM the door shut on traditional privileged access management

    Did you know that something as trivial-sounding as granting access for your developers or third parties to a product development environment can throw a gorilla-sized monkey wrench into your operations and productivity?
    Read more
  • We broke the IT security perimeter

    Everyone understands the concept of a security perimeter. You only gain access if you are identified and authorized to do so.
    Read more