Your browser does not allow storing cookies. We recommend enabling them.

SSH

Creating the SSHSP User

If ssh-socks-proxy is going to be run as a started task, you need to create a user for running it.

To create a user, for example SSHSP, to run the Tectia SOCKS Proxy task, do the following steps:

  1. Create a user, for example using RACF:

    ADDUSER SSHSP NAME('SSH Tectia SOCKS Proxy') OWNER(IBMUSER) + 
    NOPASSWORD NOOIDCARD + 
    OMVS(HOME('/u/SSHSP') PROGRAM( /bin/false ) UID(50042))
    
  2. Assign the user SSHSP to the started task by defining the procedure in the STARTED class and entering the user ID in the STDATA segment, for example:

    RDEFINE STARTED SSHSP.* STDATA(USER(SSHSP)GROUP(SYS1))
    SETROPTS RACLIST(STARTED) REFRESH
    
  3. Enter the following commands:

    # mkdir /u/SSHSP             1
    # mkdir /u/SSHSP/.ssh2       2 
    # chown -R SSHSP /u/SSHSP    3
    # chmod 700 /u/SSHSP/.ssh2   4
    1

    Create the USS home directory /u/SSHSP for the SSHSP user.

    2

    Under the home directory, create the .ssh2 subdirectory for storing the remote server host keys (and optionally user keys and the user-specific ssh-socks-proxy-config.xml configuration file).

    3

    Make SSHSP the owner of these directories.

    4

    Give only SSHSP full (read, write and execute) permissions to the .ssh2 subdirectory.


 

 
PrivX
 

 

 
What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.



    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH



    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now