If SSH Tectia Server for IBM z/OS is used for file transfer only, it is advisable to disable tunneling and terminal access to the server.
Enabling the SFTP Subsystem
To allow the users to connect with SFTP to SSH Tectia Server for IBM z/OS, the secure file transfer subsystem has to be defined in the
To disable listing of the MVS master catalog, use the following subsystem definition in the
subsystem-sftp /usr/lpp/ssh2/libexec/sft-server-g3 --disable-mmclist
If you are sure you or your users do not need to create tunnels (possibly going around firewall restrictions or such), you can disable tunneling (port forwarding) altogether by adding the following to your
Disabling Terminal Access
The following configuration option of SSH Tectia Server for IBM z/OS will deny the group
sftpusers terminal access.