Your browser does not support HTML5 local storage or you have disabled it. Some functionality on this site, including saving your privacy settings and offering you special discounts, uses local storage and may not work with local storage disabled. We recommend allowing the use of local storage in your browser. In some browsers, it is the same setting used for disabling cookies.

SSH

Creating the SSHD2 User

The SSHD2 user is used to run the Tectia Server and Certificate Validator. SSHD2 must have an OMVS segment and the UID 0. Further, if the BPX.DAEMON FACILITY class profile is defined, the user must have read access to it.

[Caution]Caution

The SSHD2 user must not have SURROGATE rights. With those rights, the user could log in using an empty password, which is not desirable.

To create the SSHD2 user, use commands such as those in the ADDSSHD2 example located in the doc/zOS/SAMPLIB directory (shown below).

ADDSSHD2:

//ADDSSHD2 EXEC PGM=IKJEFT1A,DYNAMNBR=75,TIME=100,REGION=0M
//SYSPRINT DD  SYSOUT=*
//SYSTSPRT DD  SYSOUT=*
//SYSTERM  DD  DUMMY
//SYSTSIN  DD *
  ADDUSER SSHD2 +
    NAME('User SSHD2 for running SSH Tectia server') +
    OWNER(IBMUSER) +
    NOPASSWORD NOOIDCARD +
    OMVS(PROGRAM('/bin/false') UID(0) SHARED)
  PERMIT   BPX.DAEMON CLASS(FACILITY) ID(SSHD2) ACCESS(READ)
  SETROPTS REFRESH    RACLIST(FACILITY)
/*

===AUTO_SCHEMA_MARKUP===