SSH

From Tectia Server for IBM z/OS Version 5.x

The product structure and the installation directory of Tectia Server for IBM z/OS has changed in version 6.0. If you have an earlier version of Tectia Server for IBM z/OS installed, it can coexist with version 6.0, as can the 5.x version.

The upgrade procedure will migrate your 5.x configuration and the keys automatically to the 6.4 version.

The upgrade procedure consists of the following steps:

  1. Stop the server.

  2. Do the installation as described in Installing the Tectia Server for IBM z/OS Software.

  3. Copy the SSHD2 and SSHCERTD JCLs from /opt/tectia/doc/zOS/SAMPLIB to your system procedure library as instructed in Running sshd2 as a Started Task and Running ssh-certd as a Started Task.

Before proceeding with the installation, consider the following issues.

When you run setup.sh for upgrading from version 5.x you must choose whether you want to uninstall all 5.x files or keep the old 5.x installation intact. You must run setup.sh either with

./setup.sh --uninstall-old

or

./setup.sh --keep-old

If you choose to uninstall 5.x, please note that the directories /etc/ssh2 and /usr/lpp/ssh2 will get unconditionally removed after the upgrade procedure has successfully completed. Make sure that those directories do not contain any files you want to keep for reference (ad-hoc configuration backups, notes etc.) before running setup.sh.

If you choose to keep the 5.x installation, nothing from the old 5.x will be uninstalled by the setup.sh script. In case you want to have both the 5.x and the 6.4 servers running simultaneously, you must change the TCP port of either one of them, because otherwise the two installed servers will compete for default port 22.

To avoid conflicts at the next IPL please check and update:

When upgrading from 5.x to 6.4, these files/directories under /etc/ssh2/ are copied from the 5.x installation to your new installation at /opt/tectia/ and they continue to be used with Tectia Server 6.4 for IBM z/OS:

hostkey
hostkey.pub
sshd2_config
ssh_certd_config
ssh_ftadv_config
random_seed
ssh_banner_message
ssh-socks-proxy-config.xml
upgrade_history
auth/
hostkeys/
subconfig/
knownhosts/

If you are using the SOCKS proxy functionality, you must review and update your ssh-socks-proxy-config.xml configuration file after setup.sh has finished.

The existing /etc/ssh2/ssh2_config or $HOME/.ssh2/ssh2_config configuration files are not used by Tectia Server 6.4 for IBM z/OS client components. You have to create new files /opt/tectia/etc/ssh-broker-config.xml (for global configuration) and $HOME/.ssh2/ssh-broker-config.xml (for user-specific configuration).