[Contents] [Index]

About This Document >>     Installing SSH Tectia Server for IBM z/OS >>     Getting Started with SSH Tectia Server for IBM z/OS >>     Configuring the Server >>     Configuring the Client >>     Authentication >>         Using the z/OS System Authorization Facility         Server Authentication with Public Keys in File >>         Server Authentication with Certificates >>         User Authentication with Passwords         User Authentication with Public Keys in File >>         User Authentication with Certificates >>         Host-Based User Authentication >>         User Authentication with Keyboard-Interactive >>         Distributing Public Keys Using the Key Distribution Tool >>     Transferring Files >>     Tunneling >>     Troubleshooting SSH Tectia Server for IBM z/OS >>     Advanced Information >>     Man Pages >>     Log Messages >>

User Authentication with Passwords

The password authentication method is the easiest to implement, as it is enabled by default. Password authentication uses the RACF system password of the user.

To enable password authentication, make sure that the AllowedAuthentications keyword of the /etc/ssh2/sshd2_config configuration file on the server and /etc/ssh2/ssh2_config (or $HOME/.ssh2/ssh2_config) configuration file on the client contain the argument password:

AllowedAuthentications password

Other authentication methods can be listed in the configuration files as well.

To allow the users to change expired passwords, uncomment the following line in the /etc/ssh2/sshd2_config file:

AuthPassword.ChangePlugin ssh-passwd-plugin

If you want an authentication during which the password has been changed to count as a successful authentication, specify yes as the value for this /etc/ssh2/sshd2_config option:

IgnoreLoginRestrictions.PasswordExpiration yes

Note: With passwords, it is also possible to use Keyboard-Interactive authentication. See Section Keyboard-Interactive Authentication for more information.