Index

Symbols

.rhosts, Restricting User Logins , Optional Configuration Settings, Configuration files missing for host-based authentication , .rhosts file ownership or permissions invalid in host-based authentication
.shosts, Restricting User Logins , Optional Configuration Settings, Configuration files missing for host-based authentication
.ssh2, User's .ssh2 directory is missing in host-based authentication
/opt/tectia/etc, Server Configuration Files
/opt/tectia/etc/, Defining Server Host Key

A

address space, System Limit Requirements

ADDSSHD2, Creating the SSHD2 User

AF_UNIX socket, System Limit Requirements

agent forwarding, Agent Forwarding

agent forwarding log messages, Agent Forwarding

AllowedAuthentications, User Authentication with Passwords , Enabling Public-Key Authentication, Certificates Stored in File, Certificates Stored in SAF, Certificates Stored in File, Certificates Stored in SAF

AllowGroups, Restricting User Logins

AllowHosts, Restricting User Logins , Restricting Connections, Authentication not allowed, host is not on the AllowHosts list

AllowSHosts, Optional Configuration Settings

AllowUsers, Restricting User Logins , Authentication failed, username not on AllowUsers list

AnyCipher, Configuring Ciphers

AnyHostKeyAlgorithm, Configuring Host Key Signature Algorithms

AnyKEX, Configuring KEXs

AnyMac, Configuring MACs

AnyPublicKeyAlgorithm, Configuring Public Key Signature Algorithms

AnyStdCipher, Configuring Ciphers

AnyStdHostKeyAlgorithm, Configuring Host Key Signature Algorithms

AnyStdKEX, Configuring KEXs

AnyStdMac, Configuring MACs

AnyStdPublicKeyAlgorithm, Configuring Public Key Signature Algorithms

application tunneling, Tunneling

auditing, Auditing, Logging, Log Messages

authentication, Authentication

certificate, User Authentication with Certificates
host-based, Host-Based User Authentication , Server Configuration
host-based with certificates, Certificates Stored in File
host-based with SAF keys, Certificates Stored in SAF
Keyboard-Interactive, User Authentication with Keyboard-Interactive
password, User Authentication with Passwords , User Authentication with Keyboard-Interactive
public-key, Server Authentication with Public Keys in File, User Authentication with Public Keys in File, Enabling Public-Key Authentication
SAF key, Certificates Stored in SAF

authentication log messages, User Authentication - Common , User Authentication - Host-Based , User Authentication - Keyboard-Interactive Password, User Authentication - Keyboard-Interactive, User Authentication - Password , User Authentication - Public Key

authentication methods, Authentication

authentication-method, Traditional Public Keys Stored in File, Certificates Stored in File

authentication:

host-based with certificates, Certificates Stored in File
SAF key, Certificates Stored in SAF

authentication: public-key, Using Public-Key Authentication

authentication:password, Using Password Authentication

authentication:public-key, Authenticating Remote Server Hosts

AuthHostbased.Cert.Required, Certificates Stored in File, Certificates Stored in SAF

AuthHostbased.Cert.ValidationMethods, Certificates Stored in SAF

authorization, Authorization File Options

AuthorizationEkProvider, Certificates Stored in SAF

AuthorizationFile, Using Keys Generated with OpenSSH

AuthorizedKeysFile, Using Keys Generated with OpenSSH

AuthPublicKey.Cert.Required, Certificates Stored in File, Certificates Stored in SAF

AuthPublicKey.Cert.ValidationMethods, Certificates Stored in SAF

auxiliary storage shortage, Auxiliary Storage Shortage

B

banner message, Notification
basic configuration, Configuring the Server

C

C-API, Component Terminology

CA certificate, Certificates Stored in File

certificate

enrolling, Certificates Stored in File

certificate authentication

user, User Authentication with Certificates

certificate revocation list (CRL), Certificates Stored in File, Certificates Stored in SAF, Certificates Stored in File, Certificates Stored in SAF

Certificate Validator: restarting, Restarting and Stopping ssh-certd

Certificate Validator: stopping, Restarting and Stopping ssh-certd

certificate-specific log messages, Certificate-Specific Code

certificates in host-based authentication, Certificates Stored in File, Certificates Stored in File

certification authority (CA), Server Authentication with Certificates

changing host key, Notifying the Users of the Host Key Change

character set, Shell Access and Remote Commands

chcp command, Supporting the chcp Command

Ciphers, Configuring Ciphers

code page, Configuring Code Pages, Shell Access and Remote Commands

command-line options: certd, Starting ssh-certd Manually under USS

command-line options: server, Command-Line Options

common code log messages, Common Code

conddisp, Handling Prematurely Ending File Transfers

configuration

root logins, Configuring Root Logins

configuration files

SOCKS Proxy, Configuring SOCKS Proxy

configuration files: server, Server Configuration Files

configuration: cipher, Configuring Ciphers

configuration: host key signature algorithm, Configuring Host Key Signature Algorithms

configuration: KEX, Configuring KEXs

configuration: MAC, Configuring MACs

configuration: public key signature algorithm, Configuring Public Key Signature Algorithms

configuration: subconfigurations, Defining Subconfigurations

controlling file transfer, Controlling File Transfer

CPU time, Exceeding Maximum CPU Time

CREAHFS, Option 1

creating file transfer user, Creating a User for Batch File Transfers

creating SSHD2 user, Creating the SSHD2 User

creating SSHSP user, Creating the SSHSP User

cryptographic algorithms, Configuring Cryptographic Algorithms

customer support, Customer Support

file transfer: controlling, Controlling File Transfer

fingerprint, Notifying the Users of the Host Key Change

firewall, Certificates Stored in File, Certificates Stored in SAF, Certificates Stored in File, Certificates Stored in SAF

ForwardACL, Restrictions to Tunneling

forwarding

agent, Agent Forwarding
local, Local Tunnels
remote, Remote Tunnels

FTP tunneling, Secure File Transfer Using Transparent FTP Security

FTP-SFTP conversion, Secure File Transfer Using Transparent FTP Security

fully qualified domain name (FQDN), Certificates Stored in File, Traditional Public Keys Stored in File

G

general server log messages, General Server Log Messages
generating host key, Generating the Server Host Key Pair

H

home directory, Permission Requirements

host certificate

enrolling, Certificates Stored in File

host key

multiple, Defining Server Host Key

host key generation, Generating the Server Host Key Pair

host key I/O log messages, Host Key I/O

host key: changing, Notifying the Users of the Host Key Change

host restrictions, Restricting User Logins

host-based authentication, Host-Based User Authentication , Server Configuration, User Authentication - Host-Based

host-based authentication with certificates, Certificates Stored in File, Certificates Stored in File

host-based authentication with SAF keys, Certificates Stored in SAF

HostbasedAuthForceClientHostnameDNSMatch, Traditional Public Keys Stored in File

HostCA, Certificates Stored in File

HostCAEkProvider, Certificates Stored in SAF

HostCertificateFile, Certificates Stored in File

hostkey, Server Configuration Files, Defining Server Host Key

HostKey.Cert.Required, Certificates Stored in File, Certificates Stored in SAF

hostkey.pub, Server Configuration Files, Defining Server Host Key

HostKeyEkInitString, Certificates Stored in SAF

HostKeyEkProvider, Certificates Stored in SAF

HostKeyFile, Defining Server Host Key, Certificates Stored in File

hosts.equiv, Optional Configuration Settings

HostSpecificConfig, Host-Specific Subconfiguration

I

IETF-SecSh-draft, Configuring Ciphers, Configuring MACs, Configuring KEXs, Configuring Host Key Signature Algorithms, Configuring Public Key Signature Algorithms
incoming tunnel, Tunneling, Remote Tunnels
inetd, Server starting in inetd mode
INIT, Got wrong message before receiving INIT
installing Tectia Server for IBM z/OS, Installing the Tectia Server for IBM z/OS Software

J

Java API, Component Terminology

K

KEXs, Configuring KEXs
key exchange (KEX), Configuring KEXs
key fingerprint, Notifying the Users of the Host Key Change
key generation, Generating the Server Host Key Pair
Keyboard-Interactive authentication, User Authentication with Keyboard-Interactive, User Authentication - Keyboard-Interactive Password, User Authentication - Keyboard-Interactive
KnownHostsEkProvider, Certificates Stored in SAF

L

LDAPServers, Certificates Stored in File, Certificates Stored in SAF, Certificates Stored in File, Certificates Stored in SAF

legal disclaimer, Notification

listen address, Restricting Connections

listen port, Restricting Connections

ListenAddress, Restricting Connections

local port forwarding, Local Tunnels

log messages

agent forwarding, Agent Forwarding
certificates, Certificate-Specific Code
common code, Common Code
host key, Host Key I/O
Keyboard-Interactive, User Authentication - Keyboard-Interactive Password, User Authentication - Keyboard-Interactive
password authentication, User Authentication - Password
public-key authentication, User Authentication - Public Key
server, General Server Log Messages
session channel, Session Channels
SFTP, SFTP
SSH1 agent, SSH1 Agent Forwarding
tunneling, Port Forwarding
user authentication, User Authentication - Common

logging, Auditing, Logging, File Transfer Server Log Messages with Wrong Timestamps, Log Messages

login

restricting, Restricting User Logins
root, Configuring Root Logins

LoginGraceTime, Login grace time exceeded

logmessages

host-based authentication, User Authentication - Host-Based

M

MACs, Configuring MACs
man pages, Man Pages and Default Configuration Files
man-in-the-middle attack, Notifying the Users of the Host Key Change
MapFile, Certificates Stored in File, Certificates Stored in SAF
Message Authentication Code (MAC), Configuring MACs
message before login, Notification
migrated datasets, Setting Up Security for Processing Offline Datasets
modifying configuration files, Editing Configuration Files
MOUNHFS, Option 1
multiple host keys, Defining Server Host Key

N

Network Address Translation (NAT), Optional Configuration Settings
network interface binding, Restricting Connections

O

OMVS segment, Permission Requirements
OpenSSH, Running Tectia and OpenSSH on the Same Host
OpenSSH host key, Using an OpenSSH Server Host Key
OSS licences, Open Source Software License Acknowledgements
outgoing tunnel, Tunneling, Local Tunnels

P

password authentication, Using Password Authentication, User Authentication with Passwords , User Authentication with Keyboard-Interactive, User Authentication - Keyboard-Interactive Password, User Authentication - Password

pattern matching syntax, Restricting User Logins

permission requirements, Permission Requirements

PermitRootLogin, Configuring Root Logins

permitting root logins, Configuring Root Logins

PKCS #7 package, Certificates Stored in File

Pki, Certificates Stored in File

PkiEkProvider, Certificates Stored in SAF

Port, Restricting Connections

port forwarding, Tunneling

local, Local Tunnels
remote, Remote Tunnels

port forwarding log messages, Port Forwarding

private key

host, Defining Server Host Key

private key: host, Certificates Stored in File

problem situations, Solving Problem Situations

pseudo-volume, Restoring Archived Datasets

public-key authentication

server, Server Authentication with Public Keys in File
user, User Authentication with Public Keys in File, Enabling Public-Key Authentication, User Authentication - Public Key

public-key authentication: server, Authenticating Remote Server Hosts

public-key authentication: user, Using Public-Key Authentication

PublicHostKeyFile, Defining Server Host Key

R

RACFPC, Preparing the System
reconfiguring the SOCKS Proxy, Reconfiguring ssh-socks-proxy
regex, Restricting User Logins
regular expressions, Restricting User Logins
related documents, About This Document
remote command, System Administration
remote port forwarding, Remote Tunnels
removing old versions, Upgrading Previously Installed Secure Shell Software
removing Tectia Server for IBM z/OS, Removing the Tectia Server for IBM z/OS Software
RequireReverseMapping, Authentication not allowed, unable to reverse map hostname
restarting SOCKS Proxy, Reconfiguring ssh-socks-proxy
restarting the Certificate Validator, Restarting and Stopping ssh-certd
restarting the server, Restarting and Stopping sshd2
restoring archived datasets, Restoring Archived Datasets
restricting SFTP access, Restricting Access to User's MVS User Catalog
restricting tunneling, Restrictions to Tunneling
restricting user login, Restricting User Logins
reverse DNS mapping, Authentication not allowed, unable to reverse map hostname
rhosts, Restricting User Logins
root login, Configuring Root Logins

S

SAF authentication

server, Certificates Stored in SAF

SAF authentication:

user, Certificates Stored in SAF

SAF keys in host-based authentication, Certificates Stored in SAF

secure application connectivity, Tunneling

secure configuration, Securing the Server

Secure File Transfer Protocol (SFTP), File Transfer Using SFTP

SerialAndIssuer, Certificate User Mapping File

server authentication methods, Authentication

server authentication with public key, Server Authentication with Public Keys in File

server authentication with SAF keys, Certificates Stored in SAF

server banner message, Notification

server certificate, Server Authentication with Certificates

server configuration, Configuring the Server, Shell Access and Remote Commands

server listen address, Restricting Connections

server listen port, Restricting Connections

server log messages, General Server Log Messages

server: restarting, Restarting and Stopping sshd2

server: starting, Starting sshd2 Manually under USS

server: stopping, Restarting and Stopping sshd2

session channel related log messages, Session Channels

setsid, Setsid failed

setting up a shell user, Setting Up a Shell User

sft-server-g3, Defining Subsystems, Logging SFTP Transactions , Enabling the SFTP Subsystem, File Transfer Server Log Messages with Wrong Timestamps

SFTP log messages, SFTP

SFTP subsystem, Enabling the SFTP Subsystem

shell access, System Administration

shell user, Setting Up a Shell User

shosts, Restricting User Logins

shosts.equiv, Optional Configuration Settings, Configuration files missing for host-based authentication

SIGHUP, SIGHUP handler received an invalid signal

signal 29, Exceeding Maximum CPU Time

signature algorithm

host key, Configuring Host Key Signature Algorithms
public key, Configuring Public Key Signature Algorithms

SIGXCPU, Exceeding Maximum CPU Time

socket, System Limit Requirements

SOCKS Proxy, Configuring SOCKS Proxy, Running SOCKS Proxy, Starting ssh-socks-proxy Manually under USS

reconfiguring, Reconfiguring ssh-socks-proxy
stopping, Stopping ssh-socks-proxy

SocksServer, Certificates Stored in File, Certificates Stored in SAF, Certificates Stored in File, Certificates Stored in SAF

SSH Tectia Connector, Tunneling TN3270

ssh-broker-config.xml, Notifying the Users of the Host Key Change

ssh-certd, Starting ssh-certd Manually under USS, ssh-certd

ssh-cmpclient-g3, Certificates Stored in File

ssh-dummy-shell, ssh-dummy-shell

ssh-externalkeys, ssh-externalkeys

ssh-keygen-g3, Using Public-Key Authentication, Generating the Server Host Key Pair

ssh-scepclient-g3, Certificates Stored in File

ssh-socks-proxy, Running SOCKS Proxy

ssh-socks-proxy-config.xml, Configuring SOCKS Proxy

ssh-socks-proxy-ctl, Running SOCKS Proxy

SSH1 agent forwarding log messages, SSH1 Agent Forwarding

ssh2_config, User Authentication with Passwords

SSHCERTD, Running ssh-certd as a Started Task

sshd-check-conf, sshd-check-conf

SSHD2, Running sshd2 as a Started Task

sshd2, sshd2

sshd2_config, Server Configuration Files, Configuring Ciphers, Configuring MACs, Configuring KEXs, Configuring Host Key Signature Algorithms, Configuring Public Key Signature Algorithms, Configuring Root Logins , Restricting User Logins , Defining Subsystems, Defining Server Host Key, Certificates Stored in File, Certificates Stored in SAF, User Authentication with Passwords , Enabling Public-Key Authentication, Certificates Stored in File, Certificates Stored in SAF, Certificates Stored in File, Certificates Stored in File, Certificates Stored in SAF, Optional Configuration Settings, sshd2_config, Default sshd2_config Configuration File

sshd2_subconfig, sshd2_subconfig

SSHENV, Environment Variables for Server and Client Applications

sshregex, sshregex

sshsetenv, Environment Variables for Server and Client Applications

SSHSP, Running ssh-socks-proxy as a Started Task

ssh_certd_config, Server Configuration Files, Restricting User Logins , Certificates Stored in File, Certificates Stored in SAF, Certificates Stored in File, ssh_certd_config, Default ssh_certd_config Configuration File

ssh_channel_request_env, Bad data received in environment variable setting

SSH_FXP_CLOSE, Received SSH_FXP_CLOSE

SSH_FXP_EXTENDED, Received SSH_FXP_EXTENDED

SSH_FXP_FSETSTAT, Received SSH_FXP_FSETSTAT

SSH_FXP_FSTAT, Received SSH_FXP_FSTAT

SSH_FXP_INIT, Received SSH_FXP_INIT , Received bad SSH_FXP_INIT

SSH_FXP_LSTAT, Received SSH_FXP_LSTAT

SSH_FXP_MKDIR, Received SSH_FXP_MKDIR

SSH_FXP_OPEN, Received SSH_FXP_OPEN

SSH_FXP_OPENDIR, Received SSH_FXP_OPENDIR

SSH_FXP_READDIR, Received SSH_FXP_READDIR

SSH_FXP_READLINK, Received SSH_FXP_READLINK

SSH_FXP_REALPATH, Received SSH_FXP_REALPATH

SSH_FXP_REMOVE, Received SSH_FXP_REMOVE

SSH_FXP_RENAME, Received SSH_FXP_RENAME

SSH_FXP_RMDIR, Received SSH_FXP_RMDIR

SSH_FXP_SETSTAT, Received SSH_FXP_SETSTAT

SSH_FXP_STAT, Received SSH_FXP_STAT

SSH_FXP_SYMLINK, Received SSH_FXP_SYMLINK

staging, Controlling Staging during File Transfers

starting the server, Starting sshd2 Manually under USS

starting the SOCKS Proxy, Starting ssh-socks-proxy Manually under USS

stopping the Certificate Validator, Restarting and Stopping ssh-certd

stopping the server, Restarting and Stopping sshd2

stopping the SOCKS Proxy, Stopping ssh-socks-proxy

strict-host-key-checking, Notifying the Users of the Host Key Change

StrictModes, Home directory ownership or permissions invalid in host-based authentication , .rhosts file ownership or permissions invalid in host-based authentication

subconfigurations, Defining Subconfigurations

Subject, Certificate User Mapping File

SubjectRegex, Certificate User Mapping File

subsystem, Defining Subsystems

subsystem-sftp, Enabling the SFTP Subsystem

support, Customer Support

symmetric encryption, Configuring Ciphers

syslog, Auditing, Logging, File Transfer Server Log Messages with Wrong Timestamps

system configuration, Configuring the Server

system log, Logging

System Management Facilities (SMF), SMF Auditing

system requirements, System Requirements

T

TCP permissions, Permission Requirements

TCP wrappers, Denied connection because of tcp_wrappers

technical support, Customer Support

Tectia Client, Component Terminology

Tectia ConnectSecure, Component Terminology

Tectia MFT Events, Component Terminology

Tectia Server, Component Terminology

Tectia Server for IBM z/OS, Component Terminology, Tunneling TN3270

Tectia Server for Linux on IBM System z, Component Terminology

terminal data conversion, Configuring Terminal Data Conversion

Terminal.DenyGroups, Disabling Terminal Access

Terminal.DenyUsers, Disabling Terminal Access

terminology, Component Terminology

timestamp, File Transfer Server Log Messages with Wrong Timestamps

TN3270, Tunneling TN3270

transparent FTP tunneling, Secure File Transfer Using Transparent FTP Security

transparent TCP tunneling, Tunneling TN3270

troubleshooting, Troubleshooting Tectia Server for IBM z/OS

tunnel

incoming, Remote Tunnels
outgoing, Local Tunnels

tunneling, Tunneling

access control, Restrictions to Tunneling
agent, Agent Forwarding
local, Local Tunnels
remote, Remote Tunnels
transparent, Secure File Transfer Using Transparent FTP Security

tunneling FTP, Secure File Transfer Using Transparent FTP Security

tunneling log messages, Port Forwarding

TZ, File Transfer Server Log Messages with Wrong Timestamps

U

uninstalling Tectia Server for IBM z/OS, Removing the Tectia Server for IBM z/OS Software

upgrading Tectia Server for IBM z/OS, Upgrading Previously Installed Secure Shell Software

UseCryptoHardware, Crypto Hardware Support

user authentication based on host, Host-Based User Authentication , Certificates Stored in File, Server Configuration, Certificates Stored in File, Certificates Stored in SAF

user authentication log messages, User Authentication - Common , User Authentication - Host-Based , User Authentication - Keyboard-Interactive Password, User Authentication - Keyboard-Interactive, User Authentication - Password , User Authentication - Public Key

user authentication methods, Authentication

user authentication with certificates, User Authentication with Certificates

user authentication with Keyboard-Interactive, User Authentication with Keyboard-Interactive

user authentication with password, Using Password Authentication, User Authentication with Passwords

user authentication with public key, Using Public-Key Authentication, User Authentication with Public Keys in File, Enabling Public-Key Authentication

user authentication with SAF keys, Certificates Stored in SAF

user login

restricting, Restricting User Logins

user requirements, Permission Requirements

user restrictions, Restricting User Logins

UserKnownHosts, Traditional Public Keys Stored in File

username, Restricting User Logins

UserSpecificConfig, User-Specific Subconfiguration

USS, Starting sshd2 Manually under USS

V

volser, Restoring Archived Datasets
volume serial number, Restoring Archived Datasets

W

well-known port, Tunneling

X

X.509 certificate, Certificates Stored in File, Certificates Stored in File

Z

zsh_fileglob syntax, Restricting User Logins