Your browser does not allow storing cookies. We recommend enabling them.

Tectia

Running ssh-broker-g3 as a Started Task

If ssh-broker-g3 is going to be run as a started task, you need to assign a user for running it.

  1. Assign a user to the started task by defining the procedure in the STARTED class and entering the user ID in the STDATA segment, for example, for user SSHBRKR:

    RDEFINE STARTED SSHBRKR.* STDATA(USER(SSHBRKR)GROUP(SYS1))
    SETROPTS RACLIST(STARTED) REFRESH 
    
  2. Create the USS home directory /u/SSHBRKR for the user. Under it, create the .ssh2 subdirectory for storing the remote server host keys (and optionally user keys and the user-specific ssh-broker-config.xml configuration file). Make the user the owner of these directories, for example:

    # mkdir /u/SSHBRKR
    # mkdir /u/SSHBRKR/.ssh2
    # chown -R SSHBRKR /u/SSHBRKR
    # chmod 700 /u/SSHBRKR/.ssh2
    

To run the Connection Broker as a started task, you can use the JCL procedure SSHBRKR from SAMPLIB (shown below). The JCL must be installed in the procedure library.

[Note]Note

The directory /tmp/ssh-USER (for example, /tmp/ssh-SSHBRKR) should be owned by the USER and its permission bits should be set to 700. The files /tmp/ssh-USER/ssh-broker and /tmp/ssh-USER/ssh-broker-aa should be owned by the USER and their permission bits should be set to 600. These permissions are normally set automatically when ssh-broker-g3 is run for the first time and they should not be changed.

SSHBRKR:

//SSHBRKR PROC F=CONSOLE,OPTS=''
//SSHFTP  EXEC PGM=BPXBATSL,
//             REGION=0M,
//             TIME=NOLIMIT,
//             PARM='PGM /opt/tectia/bin/ssh-broker-g3 --&F &OPTS'
//STDENV   DD  DSN=&SYSUID..SSZ.SAMPLIB(SSHENV),
//             DISP=SHR
//STDOUT   DD  PATH='/u/&SYSUID./broker.stc.stdout',
//             PATHOPTS=(OWRONLY,OCREAT,OTRUNC),
//             PATHMODE=(SIRUSR,SIWUSR)
//STDERR   DD  PATH='/u/&SYSUID./broker.stc.stderr',
//             PATHOPTS=(OWRONLY,OCREAT,OTRUNC),
//             PATHMODE=(SIRUSR,SIWUSR)
//STDIN    DD  DUMMY
//        PEND

Start the Connection Broker with the following operator command:

== > s sshbrkr 

As an OPTS parameter, you can give parameters that the actual binary accepts, such as -D 2. For example:

== > S SSHBRKR,OPTS='-D 2'



Want to see how PrivX can help your organisation?

Are you a DEVELOPER accessing cloud hosts, are you a IT ADMIN managing access & credentials in your corporation, are you BUSINESS MANAGER and want to save money or are you responsible of IT SECURITY in DevOps