SSH

Index

A

address space, System Limits and Requirements
ADDSSHD2, Creating the SSHD2 User
AF_UNIX socket, System Limits and Requirements
agent forwarding, Agent Forwarding
agent forwarding log messages, Agent Forwarding
AllowAgentForwarding, Agent Forwarding
AllowedAuthentications, User Authentication with Passwords , Enabling Public-Key Authentication, Certificates Stored in File, Certificates Stored in SAF, Certificates Stored in File, Certificates Stored in SAF
AllowGroups, Restricting User Logins
AllowHosts, Restricting User Logins , Restricting Connections, Authentication not allowed, host is not on the AllowHosts list
AllowSHosts, Optional Configuration Settings
AllowUsers, Restricting User Logins , Authentication failed, username not on AllowUsers list
AnyCipher, Configuring Ciphers
AnyHostKeyAlgorithm, Configuring Host Key Signature Algorithms
AnyKEX, Configuring KEXs
AnyMac, Configuring MACs
AnyPublicKeyAlgorithm, Configuring Public Key Signature Algorithms
AnyStdCipher, Configuring Ciphers
AnyStdHostKeyAlgorithm, Configuring Host Key Signature Algorithms
AnyStdKEX, Configuring KEXs
AnyStdMac, Configuring MACs
AnyStdPublicKeyAlgorithm, Configuring Public Key Signature Algorithms
application tunneling, Tunneling
auditing, Auditing, Logging, Log Messages
auth directory, From Tectia Server for IBM z/OS Version 5.x
auth-hostbased, Traditional Public Keys Stored in File, Certificates Stored in File
authentication, Authentication
certificate, User Authentication with Certificates
host-based, Host-Based User Authentication , Server Configuration
host-based with certificates, Certificates Stored in File, Certificates Stored in File
host-based with SAF keys, Certificates Stored in SAF
Keyboard-Interactive, User Authentication with Keyboard-Interactive
password, Using Password Authentication, User Authentication with Passwords , User Authentication with Keyboard-Interactive
public-key
server, Authenticating Remote Server Hosts, Server Authentication with Public Keys in File
user, Using Public-Key Authentication, User Authentication with Public Keys in File, Enabling Public-Key Authentication, User Authentication - Public Key
SAF key, Certificates Stored in SAF, Certificates Stored in SAF
authentication log messages, User Authentication - Common , User Authentication - Host-Based , User Authentication - Keyboard-Interactive Password, User Authentication - Keyboard-Interactive, User Authentication - Password , User Authentication - Public Key
authentication methods, Authentication
authentication-methods, Traditional Public Keys Stored in File, Certificates Stored in File
AuthHostbased.Cert.Required, Certificates Stored in File, Certificates Stored in SAF
AuthHostbased.Cert.ValidationMethods, Certificates Stored in SAF
authorization, Authorization File Options
AuthorizationEkProvider, Certificates Stored in SAF
AuthorizationFile, Using Keys Generated with OpenSSH
AuthorizedKeysFile, Using Keys Generated with OpenSSH
AuthPublicKey.Cert.Required, Certificates Stored in File, Certificates Stored in SAF
AuthPublicKey.Cert.ValidationMethods, Certificates Stored in SAF
auxiliary storage shortage, Auxiliary Storage Shortage

B

banner message, Notification
basic configuration, Configuring the Server
batch file transfers, Creating a User for Batch File Transfers

C

C-API, Component Terminology
CA certificate, Certificates Stored in File
certificate authentication
user, User Authentication with Certificates
certificate revocation list (CRL), Certificates Stored in File, Certificates Stored in SAF, Certificates Stored in File, Certificates Stored in SAF
Certificate Validator
restarting, Restarting and Stopping ssh-certd
stopping, Restarting and Stopping ssh-certd
certificate-specific log messages, Certificate-Specific Code
certificates
enrolling, Certificates Stored in File
certificates in host-based authentication, Certificates Stored in File, Certificates Stored in File
certification authority (CA), Server Authentication with Certificates
changing host key, Notifying the Users of the Host Key Change
character set, Shell Access and Remote Commands
chcp command, Supporting the chcp Command
Ciphers, Configuring Ciphers
code page, Shell Access and Remote Commands
code pages, Configuring Code Pages
coded character set conversion, Environment Variables for Server and Client Applications
command-line options
server, Command-Line Options
ssh-certd, Starting ssh-certd Manually under USS
common code log messages, Common Code
conddisp, Handling Prematurely Ending File Transfers
configuration
cipher, Configuring Ciphers
host key signature algorithms, Configuring Host Key Signature Algorithms
KEX, Configuring KEXs
MAC, Configuring MACs
public key signature algorithms, Configuring Public Key Signature Algorithms
root logins, Configuring Root Logins
subconfigurations, Defining Subconfigurations
configuration files
server, Server Configuration Files
SOCKS Proxy, Configuring SOCKS Proxy
controlling file transfer, Controlling File Transfer
CPU time, Exceeding Maximum CPU Time
CREAHFS, Option 1
creating file transfer user, Creating a User for Batch File Transfers
creating SSHD2 user, Creating the SSHD2 User
creating SSHSP user, Creating the SSHSP User
CREAZFS, Option 1
cryptographic algorithms, Configuring Cryptographic Algorithms
cryptographic hardware support, Cryptographic Hardware Support
customer support, Customer Support

G

general server log messages, General Server Log Messages
generating host key, Generating the Server Host Key Pair

N

Network Address Translation (NAT), Optional Configuration Settings
network interface binding, Restricting Connections

R

RACFPC, Preparing the System
random_seed, From Tectia Server for IBM z/OS Version 5.x
reconfiguring the SOCKS Proxy, Reconfiguring ssh-socks-proxy
regular expressions (regex)
syntax, Restricting User Logins
related documents, About This Document
remote command, System Administration
remote port forwarding, Remote Tunnels
remote tunnels, Remote Tunnels
removing old versions, Upgrading Previously Installed Secure Shell Software
removing Tectia Server for IBM z/OS, Removing the Tectia Server for IBM z/OS Software
RequireReverseMapping, Authentication not allowed, unable to reverse map hostname
restarting SOCKS Proxy, Reconfiguring ssh-socks-proxy
restarting the Certificate Validator, Restarting and Stopping ssh-certd
restarting the server, Restarting and Stopping sshd2
restoring archived data sets, Restoring Archived Data Sets
restricting SFTP access, Restricting Access to User's MVS User Catalog
restricting tunneling, Restrictions to Tunneling
restricting user login, Restricting User Logins
reverse DNS mapping, Authentication not allowed, unable to reverse map hostname
rhosts, Restricting User Logins
root login, Configuring Root Logins

S

SAF authentication
server, Certificates Stored in SAF
user, Certificates Stored in SAF
SAF keys in host-based authentication, Certificates Stored in SAF
SAMPLIB, Creating the SAMPLIB and PARMLIB Data Sets
secure application connectivity, Tunneling
secure configuration, Securing the Server
Secure File Transfer Protocol (SFTP), File Transfer Using SFTP
SerialAndIssuer, Certificate User Mapping File
server
restarting, Restarting and Stopping sshd2
starting, Starting sshd2 Manually under USS
stopping, Restarting and Stopping sshd2
server authentication
with public key, Server Authentication with Public Keys in File
with SAF keys, Certificates Stored in SAF
server authentication methods, Authentication
server banner message, Notification
server certificate, Server Authentication with Certificates
server configuration, Configuring the Server, Shell Access and Remote Commands
server configuration files, Server Configuration Files
server listen address, Restricting Connections
server listen port, Restricting Connections
server log messages, General Server Log Messages
session channel related log messages, Session Channels
setsid, Setsid failed
setting up a shell user, Setting Up a Shell User
sft-server-g3, Defining Subsystems, Logging SFTP Transactions , Enabling the SFTP Subsystem, File Transfer Server Log Messages with Wrong Timestamps
SFTP log messages, SFTP
SFTP subsystem, Enabling the SFTP Subsystem
shell access, System Administration
shell user, Setting Up a Shell User
ShellAccountCodeset, Configuring Terminal Data Conversion
ShellAccountLineDelimiter, Configuring Terminal Data Conversion
ShellConvert, Configuring Terminal Data Conversion
ShellTransferCodeset, Configuring Terminal Data Conversion
ShellTransferLineDelimiter, Configuring Terminal Data Conversion
ShellTranslateTable, Configuring Terminal Data Conversion
shosts, Restricting User Logins
shosts.equiv, Optional Configuration Settings, Configuration files missing for host-based authentication
SIGHUP, SIGHUP handler received an invalid signal
signal 29, Exceeding Maximum CPU Time
signature algorithms
host key, Configuring Host Key Signature Algorithms
public key, Configuring Public Key Signature Algorithms
SIGXCPU, Exceeding Maximum CPU Time
SMF Auditing, SMF Auditing
socket, System Limits and Requirements
SOCKS Proxy, Transparent FTP Tunneling, Running SOCKS Proxy
configuring, Configuring SOCKS Proxy
reconfiguring, Reconfiguring ssh-socks-proxy
running as started task, Creating the SSHSP User, Running ssh-socks-proxy as a Started Task
starting manually, Starting ssh-socks-proxy Manually under USS
stopping, Stopping ssh-socks-proxy
SocksServer, Certificates Stored in File, Certificates Stored in SAF, Certificates Stored in File, Certificates Stored in SAF
ssh-broker-config.xml, Notifying the Users of the Host Key Change
auth-hostbased, Traditional Public Keys Stored in File, Certificates Stored in File
authentication-methods, Traditional Public Keys Stored in File, Certificates Stored in File
ssh-certd, ssh-certd
restarting and stopping, Restarting and Stopping ssh-certd
running as a started task, Running ssh-certd as a Started Task
starting manually under USS, Starting ssh-certd Manually under USS
ssh-cmpclient-g3, Certificates Stored in File
ssh-dummy-shell, ssh-dummy-shell
ssh-externalkeys, ssh-externalkeys
ssh-keydist-g3, Storing Remote Server Host Keys
ssh-keygen-g3, Using Public-Key Authentication, Generating the Server Host Key Pair
ssh-scepclient-g3, Certificates Stored in File
ssh-socks-proxy, Running SOCKS Proxy
ssh-socks-proxy-config.xml, From Tectia Server for IBM z/OS Version 5.x, Summary of Configuration Steps, Configuring SOCKS Proxy
default-settings, The ssh-socks-proxy-config.xml configuration file
filter-engine, The ssh-socks-proxy-config.xml configuration file
profiles, The ssh-socks-proxy-config.xml configuration file
static-tunnels, The ssh-socks-proxy-config.xml configuration file
ssh-socks-proxy-ctl, Running SOCKS Proxy
SSH1 agent forwarding log messages, SSH1 Agent Forwarding
ssh2_config, Certificates Stored in File
SSHCERTD, Running ssh-certd as a Started Task
sshd-check-conf, sshd-check-conf
SSHD2, Running sshd2 as a Started Task
sshd2, sshd2
sshd2_config, From Tectia Server for IBM z/OS Version 5.x, Server Configuration Files, Configuring Ciphers, Configuring MACs, Configuring KEXs, Configuring Host Key Signature Algorithms, Configuring Public Key Signature Algorithms, Restricting User Logins , Defining Subsystems, Defining Server Host Key, Certificates Stored in File, Certificates Stored in SAF, User Authentication with Passwords , Enabling Public-Key Authentication, Certificates Stored in File, Certificates Stored in SAF, Certificates Stored in File, Certificates Stored in SAF, Optional Configuration Settings, sshd2_config, Default sshd2_config Configuration File
sshd2_subconfig, sshd2_subconfig
SSHENV, Environment Variables for Server and Client Applications
sshregex, sshregex
sshsetenv, Environment Variables for Server and Client Applications
SSHSP, Running ssh-socks-proxy as a Started Task
SSHSP user, creating, Creating the SSHSP User
ssh_banner_message, From Tectia Server for IBM z/OS Version 5.x
ssh_certd_config, From Tectia Server for IBM z/OS Version 5.x, Server Configuration Files, Restricting User Logins , Certificates Stored in File, Certificates Stored in SAF, Certificates Stored in File, ssh_certd_config, Default ssh_certd_config Configuration File
ssh_channel_request_env, Bad data received in environment variable setting
ssh_ftadv_config, From Tectia Server for IBM z/OS Version 5.x
SSH_FXP_CLOSE, Received SSH_FXP_CLOSE
SSH_FXP_EXTENDED, Received SSH_FXP_EXTENDED
SSH_FXP_FSETSTAT, Received SSH_FXP_FSETSTAT
SSH_FXP_FSTAT, Received SSH_FXP_FSTAT
SSH_FXP_INIT, Received SSH_FXP_INIT , Received bad SSH_FXP_INIT
SSH_FXP_LSTAT, Received SSH_FXP_LSTAT
SSH_FXP_MKDIR, Received SSH_FXP_MKDIR
SSH_FXP_OPEN, Received SSH_FXP_OPEN
SSH_FXP_OPENDIR, Received SSH_FXP_OPENDIR
SSH_FXP_READDIR, Received SSH_FXP_READDIR
SSH_FXP_READLINK, Received SSH_FXP_READLINK
SSH_FXP_REALPATH, Received SSH_FXP_REALPATH
SSH_FXP_REMOVE, Received SSH_FXP_REMOVE
SSH_FXP_RENAME, Received SSH_FXP_RENAME
SSH_FXP_RMDIR, Received SSH_FXP_RMDIR
SSH_FXP_SETSTAT, Received SSH_FXP_SETSTAT
SSH_FXP_STAT, Received SSH_FXP_STAT
SSH_FXP_SYMLINK, Received SSH_FXP_SYMLINK
SSH_MVS_CONSOLE, Running SOCKS Proxy
SSH_SFT_PSEUDOVOLUME_VOLSERS, Restoring Archived Data Sets
staging, Controlling Staging during File Transfers
starting the server, Starting sshd2 Manually under USS
starting the SOCKS Proxy, Starting ssh-socks-proxy Manually under USS
stopping the Certificate Validator, Restarting and Stopping ssh-certd
stopping the server, Restarting and Stopping sshd2
stopping the SOCKS Proxy, Stopping ssh-socks-proxy
storing remote host keys, Storing Remote Server Host Keys
strict-host-key-checking, Notifying the Users of the Host Key Change
StrictModes, Home directory ownership or permissions invalid in host-based authentication , .rhosts file ownership or permissions invalid in host-based authentication
subconfig directory, From Tectia Server for IBM z/OS Version 5.x
subconfigurations, Defining Subconfigurations
Subject, Certificate User Mapping File
SubjectRegex, Certificate User Mapping File
subsystem, Defining Subsystems
subsystem-sftp, Enabling the SFTP Subsystem, Handling Prematurely Ending File Transfers , Controlling Staging during File Transfers
support, Customer Support
symmetric encryption, Configuring Ciphers
syslog, Auditing, Logging, File Transfer Server Log Messages with Wrong Timestamps
system configuration, Configuring the Server
system log, Logging
System Management Facilities (SMF), SMF Auditing
system requirements, System Requirements

T

TCP permissions, Permission Requirements
TCP wrappers, Denied connection because of tcp_wrappers
technical support, Customer Support
Tectia Client, Component Terminology
Tectia ConnectSecure, Component Terminology
Tectia Server, Component Terminology
Tectia Server Configuration tool, Component Terminology
Tectia Server for IBM z/OS, Component Terminology
Tectia Server for Linux on IBM System z, Component Terminology
terminal data conversion, Configuring Terminal Data Conversion
Terminal.DenyGroups, Disabling Terminal Access
Terminal.DenyUsers, Disabling Terminal Access
terminology, Component Terminology
timestamp, File Transfer Server Log Messages with Wrong Timestamps
TN3270, Tunneling TN3270
transparent FTP tunneling, Secure File Transfer Using Transparent FTP Security
transparent TCP tunneling, Tunneling TN3270
troubleshooting, Troubleshooting Tectia Server for IBM z/OS
tunneling, Tunneling
access control, Restrictions to Tunneling
agent, Agent Forwarding
local, Local Tunnels
remote, Remote Tunnels
TN3270, Tunneling TN3270
transparent FTP, Secure File Transfer Using Transparent FTP Security
tunneling log messages, Port Forwarding
tunnels
local (outgoing), Local Tunnels
remote (incoming), Remote Tunnels
TZ, File Transfer Server Log Messages with Wrong Timestamps

V

virtual storage limit, Auxiliary Storage Shortage
volume serial number, Restoring Archived Data Sets

W

well-known port, Tunneling
Workload Manager (WLM), System Limits and Requirements