Your browser does not allow storing cookies. We recommend enabling them.

Tectia

Creating a User for Batch File Transfers

You can create users specifically for running Tectia Server for IBM z/OS file transfer batch jobs. Batch users need only an OMVS segment. They do not need TSO or passwords.

To create a user, for example SFTUSER, for running batch file transfers, do the following steps:

  1. Create a user, for example using RACF:

    ADDUSER SFTUSER NAME('SSH Tectia Batch User) OWNER(IBMUSER) +
    NOPASSWORD NOOIDCARD +
    OMVS(HOME('/u/SFTUSER') PROGRAM( /nologin ) UID(12345))
    

    The home directory and UID must be unique for each user.

  2. Create the USS home directory /u/SFTUSER for the SFTUSER user. Under it, create the .ssh2 subdirectory for storing the remote server host keys (and optionally user keys and the user-specific ssh-broker- config.xml configuration file). Make SFTUSER the owner of these directories:

    # mkdir /u/SFTUSER
    # mkdir /u/SFTUSER/.ssh2
    # chown -R SFTUSER /u/SFTUSER
    # chmod 700 /u/SFTUSER/.ssh2
    
[Note]Note

If you use ACF2 for system security and have enabled the TSO Command Limiting list, the batch user must have BPXWRTCM permitted.


 

 
What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.



    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH



    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now