SSH Tectia  
Previous Next Up [Contents] [Index]

    About This Document >>
    Installing SSH Tectia Server for IBM z/OS >>
    Getting Started with SSH Tectia Server for IBM z/OS >>
    Configuring the Server >>
        Server Configuration Files >>
        Subconfigurations >>
        Ciphers and MACs >>
        Configuring Root Logins
        Restricting User Logins
        Subsystems
        Auditing >>
        Securing the Server >>
            System Administration
            File Transfer
            Tunneling
        Default sshd2_config Configuration File
        Default ssh_certd_config Configuration File
    Configuring the Client >>
    Authentication >>
    File Transfer Using SFTP >>
    File Transfer Using Transparent FTP Tunneling >>
    Tunneling on the Command Line >>
    Troubleshooting SSH Tectia Server for IBM z/OS >>
    Advanced Information >>
    Man Pages >>
    Log Messages >>

File Transfer

If SSH Tectia Server for IBM z/OS is used for file transfer only, it is advisable to disable tunneling and terminal access to the server.

Enabling the SFTP Subsystem

To allow the users to connect with SFTP to SSH Tectia Server for IBM z/OS, the secure file transfer subsystem has to be defined in the sshd2_config file:

subsystem-sftp      /usr/lpp/ssh2/libexec/sft-server-g3

To disable listing of the MVS master catalog, use the following subsystem definition in the sshd2_config file:

subsystem-sftp      /usr/lpp/ssh2/libexec/sft-server-g3 --disable-mmclist

Disabling Tunneling

If you are sure you or your users do not need to create tunnels (possibly going around firewall restrictions or such), you can disable tunneling (port forwarding) altogether by adding the following to your sshd2_config:

AllowTcpForwarding       no

Disabling Terminal Access

The following configuration option of SSH Tectia Server for IBM z/OS will deny the group sftpusers terminal access.

Terminal.DenyGroups       sftpusers

Previous Next Up [Contents] [Index]


[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]

Copyright © 2007 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Copyright Notice