SSH

Running SOCKS Proxy

The SOCKS Proxy component consists of two processes:

ssh-socks-proxy

The Tectia SOCKS Proxy process that needs to be running before transparent tunneling connections can be made. The Tectia SOCKS Proxy started task can be controlled with the Tectia SSH Assistant ISPF application. The process can also be started under USS or by using a JCL script.

For more information on the command-line options of ssh-socks-proxy, see the description of ssh-broker-g3 in Tectia Server 6.5 for IBM z/OS User Manual Appendix Command-Line Tools and Man Pages. (Running ssh-socks-proxy will actually run ssh-broker-g3 in the SOCKS Proxy mode, using the ssh-socks-proxyconfig.xml configuration files and with connection caching disabled.)

ssh-socks-proxy-ctl

Control process for the SOCKS Proxy. It can be used, for example, to view the status of the SOCKS Proxy, to reconfigure or stop the SOCKS Proxy, or to load private keys to memory.

For more information on the ssh-socks-proxy-ctl options and commands, see the description of ssh-broker-ctl in Tectia Server 6.5 for IBM z/OS User Manual Appendix Command-Line Tools and Man Pages.

In addition to the processes, there is an init script /opt/tectia/etc/init.d/ssh-socks-proxy for re/starting and stopping the ssh-socks-proxy process. The script takes commands start, restart, stop and version.

Once the script is defined in the JCL procedure for SSHSP (see Running ssh-socks-proxy as a Started Task), you can run it with operator commands. For example to query the version of the SOCKS Proxy, you can run command:

===> s SSHSP, f=version 

Note that if you want error messages to be logged to the console, in addition to stdout, you must set the environment variable SSH_MVS_CONSOLE=YES in either

  • the environment that the SOCKS proxy command is issued, if running it from the USS shell, or

  • the data set allocated to the SSHENV DD in the JCL for the SOCKS proxy started task.