SSH

Restricting User Logins

By default, Tectia Server does not impose any login restrictions in addition to those provided by the operating system. However, you can restrict connections based on host, user name, or group.

The restrictions are defined in the sshd2_config file using the following syntax:

keyword             pattern
[Note]Note

All the patterns used in the examples below are in accordance with the egrep syntax, which is the default regular expression syntax in Tectia Server for IBM z/OS.

Table 4.1. Examples of commonly used regular expressions and conventions with egrep syntax

RegexDescription
.*matches everything
.any character
\.literal .
[:alpha:]+any lower or uppercase alphabet character one or more times
(80|8080)either 80 or 8080

The regex syntax can be chosen by using the metaconfig block in the beginning of sshd2_config and ssh_certd_config files:

## SSH CONFIGURATION FILE FORMAT VERSION 1.1
## REGEX-SYNTAX egrep
## end of metaconfig

Possible values of REGEX-SYNTAX are ssh, egrep, zsh_fileglob and traditional. For more information, please see the sshregex man page (sshregex).

Previous versions of SSH Secure Shell (3.1 and earlier) always use the zsh_fileglob syntax.

Available keywords are the following:

For more information on keywords, see the sshd2_config man page (sshd2_config).