Your browser does not allow storing cookies. We recommend enabling them.

SSH Tectia 
PreviousNextUp[Contents] [Index]

    About This Document >>
    Installing SSH Tectia Server for IBM z/OS >>
    Getting Started with SSH Tectia Server for IBM z/OS >>
    Configuring the Server >>
    Configuring the Client >>
    Authentication >>
        Using the z/OS System Authorization Facility
        Server Authentication with Public Keys in File >>
        Server Authentication with Certificates >>
        User Authentication with Passwords
        User Authentication with Public Keys in File >>
            From SSH Tectia Client on z/OS
            From SSH Tectia Client on Windows to SSH Tectia Server on z/OS
            From SSH Tectia Client on Unix to SSH Tectia Server on z/OS
            From OpenSSH Client on Unix to SSH Tectia Server on z/OS
            Settings in SSH Tectia Server on z/OS
        User Authentication with Certificates >>
        Host-Based User Authentication >>
        User Authentication with Keyboard-Interactive >>
        Distributing Public Keys Using the Key Distribution Tool >>
    File Transfer Using SFTP >>
    File Transfer Using Transparent FTP Tunneling >>
    Tunneling on the Command Line >>
    Troubleshooting SSH Tectia Server for IBM z/OS >>
    Advanced Information >>
    Man Pages >>
    Log Messages >>

Settings in SSH Tectia Server on z/OS

To enable user public-key authentication on the SSH Tectia Server on z/OS (it is allowed by default), make sure the AllowedAuthentications keyword in the /etc/ssh2/sshd2_config file contains the argument publickey:

AllowedAuthentications   publickey 

Other authentication methods can be listed in the configuration file as well.

Optional Settings

The following configuration steps are optional:

  • It is possible to use different settings depending on which key is used in public-key authentication. Your authorization file could, for example, contain the following:
    Key master.pub
    Key maid.pub
    Options allow-from=".*\.example\.org"
    Key butler.pub
    Options deny-from=".*\.evil\.example",no-pty
    
    When someone now logs in using the master key, the connection is not limited in any way by the authorization file. However, if the maid key is used, only connections from certain hosts will be allowed. And if the butler key is used, connections are denied from certain hosts, and additionally the allocation of tty is prevented. More information on the options (and command) keywords is available in the ssh2 man page (Appendix ssh2).
  • The per-user configuration directory can be changed by setting the UserConfigDirectory keyword in the sshd2_config file and on the client settings.

Per-user configuration information and encryption keys are by default stored in the .ssh2 subdirectory of each user's home directory.

PreviousNextUp[Contents] [Index]


[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]

Copyright © 2007 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Copyright Notice


 

 
What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.



    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH



    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now