Your browser does not allow storing cookies. We recommend enabling them.


Installing the Tectia SSH Assistant ISPF Application

The Tectia SSH Assistant (SSZASST) ISPF application provides an interface for installing and configuring Tectia Server for IBM z/OS and its client tools. It is designed to simplify the process of installing the product tar archive appropriately and performing the multiple configuration tasks required using traditional MVS tools (ISPF and JCL), without requiring the use of the Unix shell.

  1. If you have not yet done so, transfer the Tectia SSH Assistant application XMIT file and the Tectia Server for IBM z/OS product tar archive in binary mode to your z/OS system. For instructions, see Uploading Files Required for Installation.

  2. On the z/OS host, receive the Tectia SSH Assistant data set via the following command (replace dataset.xmit with the actual name of the uploaded XMIT data set, if needed):


    In response to the RECEIVE prompt, you may enter the usual parameters to control the creation of the received data set, or just press enter to take the defaults and create a data set called prefix.SSZASST.PDS.

  3. Inside the restored data set you will find a Rexx script called $RECEIVE. EXEC the script to set up the application libraries:


    (Alternatively, you can simply type EXEC next to $RECEIVE in a member list.)

    This Rexx will prompt for the HLQ under which the application libraries are to be set up, as well as optional VOLSER, if needed.

  4. Press Enter repeatedly to page through the command output.

    The following libraries will be created, assuming default names:

  5. The Tectia SSH Assistant application requires the Rexx runtime or Rexx alternate libraries to execute. The Rexx Alternate Library SEAGALT (for example, FAN140.SEAGALT or IBM.REXX.SEAGALT, etc.), which is shipped as part of z/OS since version 1.9, may be used to satisfy this requirement. Make sure that SEAGALT is available in the linklist or in a STEPLIB allocated to your TSO session.

    The following message indicates that a suitable Rexx runtime was not found:

    IRX0159E The run time processor EAGRTPRC is not available

    To solve the issue, add a line to the appropriate PARMLIB(PROGxx) member such as:

  6. Set up the Tectia SSH Assistant application to be invoked. The simplest way to do this is to EXEC prefix.SSZASST.CEXEC(SSZ) directly, which will use LIBDEF to allocate the panel and skeleton libraries, assuming they share the same qualifiers as the Rexx library:


    Alternatively, you can concatenate the libraries to the appropriate DDs in your TSO logon procedure, or copy their contents to allocated user ISPF data sets.

    Tectia SSH Assistant main menu

    Figure 2.1. Tectia SSH Assistant main menu

The mode of operation of Tectia SSH Assistant follows a probably familiar approach of collecting settings, generating JCL jobs and configuration files, and then executing those jobs. Since there are many steps which must be run by a privileged user, such as granting RACF permissions, defining file systems, etc., the install jobs may be run by other users than the one who generated them.

Table 2.1. ISPF Tectia SSH Assistant Menu Structure

Menu itemDescription
0 SETMInstallation settings and defaults submenu
0.1 SETI Define settings for installation input
0.2 SETO Define settings for installation output
0.3 SETLLoad settings profile from logged definition
1 GENJGenerate installation jobs
1.1 INSTUSER Grant permissions to user doing install
1.2 CPGMCTL Ensure C library program-controlled
1.3 ADDSSHDU Set up SSH Server user
1.4 ADDSOXPU Set up SOCKS Proxy Server user
1.5 CSFSERV ICSF permissions
1.6 SERVAUTH Port 22 control
1.7 SAVE (Save previous installation key data)
1.8 ZFS Define installation ZFS
1.9 LOAD Load installation ZFS
1.10 RESTORE (Restore previous installation key data)
1.11 SYMLINK Create /opt/tectia symlink
1.12 SSZLIBS Sample JCL and PARM libraries
1.13 PROCLIB Set up started task procedures
1.14 LICENCE Install licenses from supplied tarball
1.15 KEYGEN Generate server host keys
99 GENALLGenerate all jobs
2 INSTPerform the step-by-step installation
2.1 JOBSMember list of generated installation jobs (prefix.SSZ.INSTALL.CNTL)
2.2 LOGBrowse log of settings and executed jobs (prefix.SSZ.INSTALL.LOG)
3 CONFManage configuration files
3.1 ETCDView the installation etc directory
3.2 SSHD2SSHD2 server configuration file (/opt/tectia/etc/sshd2_config)
3.3 CERTCertificate Validator configuration file (/opt/tectia/etc/ssh_certd_config)
3.4 SOXPSOCKS Proxy configuration file (/opt/tectia/etc/ssh-socks-proxy-config.xml)
4 TASKStart/stop/modify started tasks
4.1 TSRVControl the SSH server
4.2 TCRTControl the certificate server
4.3 TSXPControl the Socks proxy server




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now