File Transfer
If SSH Tectia Server for IBM z/OS is used for file transfer only, it is advisable to disable
tunneling and terminal access to the server.
Enabling the SFTP Subsystem
To allow the users to connect with SFTP to SSH Tectia Server for IBM z/OS, the secure file
transfer subsystem has to be defined in the sshd2_config
file:
subsystem-sftp /usr/lpp/ssh2/libexec/sft-server-g3
|
To disable listing of the MVS master catalog, use the following
subsystem definition in the sshd2_config
file:
subsystem-sftp /usr/lpp/ssh2/libexec/sft-server-g3 --disable-mmclist
|
Disabling Tunneling
If you are sure you or your users do not need to create tunnels
(possibly going around firewall restrictions or such), you can disable
tunneling (port forwarding) altogether by adding the following to your
sshd2_config
:
Disabling Terminal Access
The following configuration option of SSH Tectia Server for IBM z/OS will deny the group
sftpusers
terminal access.
Terminal.DenyGroups sftpusers
|