You can create users specifically for running Tectia Server for IBM z/OS file transfer batch jobs. Batch users need only an OMVS segment. They do not need TSO or passwords.
To create a user, for example SFTUSER, for running batch file transfers, do the following steps:
Create the USS home directory /u/SFTUSER for the SFTUSER user.
Under the home directory, create the .ssh2 subdirectory for storing the remote server host keys (and optionally user keys and the user-specific ssh-broker-config.xml configuration file).
Make SFTUSER the owner of these directories.
Give only SFTUSER full (read, write and execute) permissions to the .ssh2 subdirectory.
Note
If you use ACF2 for system security and have enabled the TSO Command Limiting list, the batch user must have BPXWRTCM permitted.
What to read next:
Reduce Secure Shell risk. Get to know the NIST 7966.
The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government. Download now
ISACA Practitioner Guide for SSH
With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community. Download now