Symbols

$HOME/.ssh2, USS, Running Tectia and OpenSSH on the Same Host

.rhosts, Restricting User Logins , Optional Configuration Settings, User Authentication - Host-Based

.shosts, Restricting User Logins , Traditional Public Keys Stored in File, Certificates Stored in File, Optional Configuration Settings, User Authentication - Host-Based

.ssh2, User Authentication - Host-Based

/opt, Permission Requirements

/opt/tectia, USS, Running Tectia and OpenSSH on the Same Host

/opt/tectia/etc, Server Configuration Files, Defining Server Host Key

/tmp, USS

, User Authentication - Host-Based , User Authentication - Keyboard-Interactive Password, User Authentication - Keyboard-Interactive

A

address space, System Limits and Requirements

AddressFamily, Configuration File

ADDSSHD2, Creating the SSHD2 User

AF_UNIX socket, System Limits and Requirements

agent forwarding, Agent Forwarding

agent forwarding log messages, Agent Forwarding

AllowAgentForwarding, Agent Forwarding, Configuration File

AllowedAuthentications, User Authentication with Passwords , Enabling Public-Key Authentication, Certificates Stored in File, Certificates Stored in SAF, Certificates Stored in File, Certificates Stored in SAF, Configuration File

AllowGroups, Restricting User Logins , Configuration File

AllowHosts, Restricting User Logins , Restricting Connections, Configuration File, User Authentication - Common

AllowSHosts, Optional Configuration Settings, Configuration File

AllowTcpForwarding, Configuration File

AllowTcpForwardingForGroups, Configuration File

AllowTcpForwardingForUsers, Configuration File

AllowUsers, Restricting User Logins , Configuration File, User Authentication - Common

AnyCipher, Configuring Ciphers

AnyHostKeyAlgorithm, Configuring Host Key Signature Algorithms

AnyKEX, Configuring KEXs

AnyMac, Configuring MACs

AnyPublicKeyAlgorithm, Configuring Public Key Signature Algorithms

AnyStdCipher, Configuring Ciphers

AnyStdHostKeyAlgorithm, Configuring Host Key Signature Algorithms

AnyStdKEX, Configuring KEXs

AnyStdMac, Configuring MACs

AnyStdPublicKeyAlgorithm, Configuring Public Key Signature Algorithms

application tunneling, Tunneling

auditing, Auditing, Logging, Log Messages

auth directory, From Tectia Server for IBM z/OS Version 5.x

auth-hostbased, Traditional Public Keys Stored in File, Certificates Stored in File

authentication, Authentication

certificate, User Authentication with Certificates

host-based, Host-Based User Authentication , Server Configuration

host-based with certificates, Certificates Stored in File, Certificates Stored in File

host-based with SAF keys, Certificates Stored in SAF

Keyboard-Interactive, User Authentication with Keyboard-Interactive

password, Using Password Authentication, User Authentication with Passwords , User Authentication with Keyboard-Interactive

public-key

server, Authenticating Remote Server Hosts, Server Authentication with Public Keys in File

user, Using Public-Key Authentication, User Authentication with Public Keys in File, Enabling Public-Key Authentication, User Authentication - Public Key

SAF key, Certificates Stored in SAF, Certificates Stored in SAF

authentication log messages, User Authentication - Common , User Authentication - Host-Based , User Authentication - Keyboard-Interactive Password, User Authentication - Keyboard-Interactive, User Authentication - Password , User Authentication - Public Key

authentication methods, Authentication

authentication-methods, Traditional Public Keys Stored in File, Certificates Stored in File

AuthHostbased.Cert.Required, Certificates Stored in File, Certificates Stored in SAF, Configuration File

AuthHostbased.Cert.ValidationMethods, Certificates Stored in SAF, Configuration File

AuthKbdInt.FailureTimeout, User Authentication with Keyboard-Interactive

AuthKbdInt.NumOptional, User Authentication with Keyboard-Interactive, Configuration File

AuthKbdInt.Optional, User Authentication with Keyboard-Interactive, Configuration File

AuthKbdInt.Plugin, Configuration File

AuthKbdInt.Required, User Authentication with Keyboard-Interactive

authorization, Authorization File Options

AuthorizationEkInitStringMapper, Configuration File

AuthorizationEkProvider, Certificates Stored in SAF

AuthorizationFile, Using Keys Generated with OpenSSH

AuthorizedKeysFile, Using Keys Generated with OpenSSH, Configuration File

AuthPassword.ChangePlugin, Configuration File

AuthPublicKey.Algorithms, Configuration File

AuthPublicKey.Cert.Required, Certificates Stored in File, Certificates Stored in SAF, Configuration File

AuthPublicKey.Cert.ValidationMethods, Certificates Stored in SAF, Configuration File

AuthPublicKey.MaxSize, Configuration File

AuthPublicKey.MinSize, Configuration File

auxiliary storage shortage, Auxiliary Storage Shortage

B

banner message, Notification

BannerMessageFile, Configuration File

basic configuration, Configuring the Server

batch file transfers, Creating a User for Batch File Transfers

C

CA certificate, Certificates Stored in File

case-sensitivity, Configuration File

CertdListenerPath, Configuration File

certificate authentication

user, User Authentication with Certificates

certificate revocation list (CRL), Certificates Stored in File, Certificates Stored in SAF, Certificates Stored in File, Certificates Stored in SAF

Certificate Validator, ssh-certd

restarting, Restarting and Stopping ssh-certd

running as a started task, Running ssh-certd as a Started Task

stopping, Restarting and Stopping ssh-certd

version, Running ssh-certd as a Started Task

certificate-specific log messages, Certificate-Specific Code

certificates

enrolling, Certificates Stored in File

certificates in host-based authentication, Certificates Stored in File, Certificates Stored in File

certification authority (CA), Server Authentication with Certificates

changing host key, Notifying the Users of the Host Key Change

character set, Shell Access and Remote Commands

chcp command, Supporting the chcp Command

check configuration, sshd-check-conf

CheckMail, Configuration File

ChRootGroups, Configuration File

ChRootUsers, Configuration File

Ciphers, Configuring Ciphers, Configuration File

code page, Shell Access and Remote Commands

code pages, Configuring Code Pages

coded character set conversion, Environment Variables for Server and Client Applications

command accepted, Console Messages

command option unrecognized, Console Messages

command unrecognized, Console Messages

command-line options

server, Command-Line Options

ssh-certd, Starting ssh-certd Manually under USS

common code log messages, Common Code

conddisp, Handling Prematurely Ending File Transfers

configuration

cipher, Configuring Ciphers

host key signature algorithms, Configuring Host Key Signature Algorithms

KEX, Configuring KEXs

MAC, Configuring MACs

public key signature algorithms, Configuring Public Key Signature Algorithms

root logins, Configuring Root Logins

subconfigurations, Defining Subconfigurations

configuration file

ssh-certd, Configuration File, ssh_certd_config, Configuration File

sshd2, Configuration File

configuration files

server, Server Configuration Files

SOCKS Proxy, Configuring SOCKS Proxy

Connection Broker, Terminology

console messages, Console Messages

command accepted, Console Messages

command option unrecognized, Console Messages

command unrecognized, Console Messages

invalid access attempt, Console Messages

process started, Console Messages

restart, Console Messages

start, Console Messages

stop, Console Messages

version, Console Messages

version control information, Console Messages

controlling file transfer, Controlling File Transfer

CPU time, Exceeding Maximum CPU Time

creating file transfer user, Creating a User for Batch File Transfers

creating SSHD2 user, Creating the SSHD2 User

creating SSHSP user, Creating the SSHSP User

CREAZFS, Option 1

cryptographic algorithms, Configuring Cryptographic Algorithms

cryptographic hardware support, Cryptographic Hardware Support

cryptography support log messages, Cryptography Support

customer support, Customer Support

D

debugging, Debugging Tectia Server for IBM z/OS

file transfer, Debugging File Transfer

sshd2 started task, Setting the Debug Level

USS shell, Debugging Using USS shell

default configuration files

sshd2_config, Default sshd2_config Configuration File

ssh_certd_config, Default ssh_certd_config Configuration File

DefaultDomain, Traditional Public Keys Stored in File, Certificates Stored in File

denial-of-service attack, Load Control

DenyGroups, Restricting User Logins , Configuration File

DenyHosts, Restricting User Logins , Configuration File, User Authentication - Common

denying agent forwarding, Agent Forwarding

denying connection attempts, Restricting Connections

denying file transfers, Restrictions to Tunneling

denying terminal access, Disabling Terminal Access , Restrictions to Tunneling

denying tunneling, Disabling Tunneling

DenySHosts, Optional Configuration Settings, Configuration File

DenyTcpForwardingForGroups, Configuration File

DenyTcpForwardingForUsers, Configuration File

DenyUsers, Restricting User Logins , Configuration File, User Authentication - Common

directories, Directories and Data Sets

$HOME/.ssh2, USS

/opt, Permission Requirements

/opt/tectia, USS

/tmp, USS

auth, From Tectia Server for IBM z/OS Version 5.x

hostkeys, From Tectia Server for IBM z/OS Version 5.x

knownhosts, From Tectia Server for IBM z/OS Version 5.x

sample files, Sample Files

subconfig, From Tectia Server for IBM z/OS Version 5.x

DisableVersionFallback, Configuration File

disabling root logins, Configuring Root Logins

disclaimer before login, Notification

disk space requirement, System Requirements

documentation, About This Document

documentation conventions, Documentation Conventions

E

editing configuration files, Editing Configuration Files

egrep, Restricting User Logins

character sets, Character Sets for egrep and zsh_fileglob

escaped tokens, Escaped Tokens for Regex Syntax Egrep

patterns, Patterns

Email, Certificate User Mapping File

EmailRegex, Certificate User Mapping File

encryption algorithm, Configuring Ciphers

enrolling host certificate, Certificates Stored in File

environment variables, Environment Variables for Server and Client Applications

error messages, Troubleshooting Tectia Server for IBM z/OS

error situations, Solving Problem Situations

EXTENDED, SFTP

external keys, ssh-externalkeys

providers, External Key Providers

using, Using External Keys

ExternalAuthorizationProgram, Configuration File

F

failed authentication, User Authentication - Common , User Authentication - Host-Based

fallback to plain FTP, System-Wide Transparent FTP Tunneling with Fallback

file descriptor, System Limits and Requirements

file transfer, controlling, Controlling File Transfer

files related to sshd2, Files

fingerprint, Notifying the Users of the Host Key Change

firewall, Certificates Stored in File, Certificates Stored in SAF, Certificates Stored in File, Certificates Stored in SAF

ForwardACL, Restrictions to Tunneling, Configuration File

forwarding

agent, Agent Forwarding

local, Local Tunnels

remote, Remote Tunnels

FTP

fallback, System-Wide Transparent FTP Tunneling with Fallback

tunneling, Secure File Transfer Using Transparent FTP Security

FTP-SFTP conversion, Terminology, Secure File Transfer Using Transparent FTP Security

fully qualified domain name (FQDN), Certificates Stored in File, Traditional Public Keys Stored in File

G

general server log messages, General Server Log Messages

generating host key, Generating the Server Host Key Pair

H

home directory, Permission Requirements

host certificate

enrolling, Certificates Stored in File

host key

changing, Notifying the Users of the Host Key Change

generating, Generating the Server Host Key Pair

multiple, Defining Server Host Key

host key check, disabling, Disabling Host Key Check

host key I/O log messages, Host Key I/O

host restrictions, Restricting User Logins

host-based authentication, Host-Based User Authentication , Server Configuration, User Authentication - Host-Based

host-based authentication with certificates, Certificates Stored in File, Certificates Stored in File

host-based authentication with SAF keys, Certificates Stored in SAF

HostbasedAuthForceClientHostnameDNSMatch, Traditional Public Keys Stored in File, Optional Configuration Settings, Configuration File

HostCA, Certificates Stored in File

HostCAEkProvider, Certificates Stored in SAF

HostCertificateFile, Certificates Stored in File, Certificates Stored in File, Configuration File

HostIdMappingHostnames, Certificates Stored in SAF, Configuration File

hostkey, From Tectia Server for IBM z/OS Version 5.x, Server Configuration Files, Defining Server Host Key

HostKey.Cert.Required, Certificates Stored in File, Certificates Stored in SAF, Configuration File

hostkey.pub, From Tectia Server for IBM z/OS Version 5.x, Server Configuration Files, Defining Server Host Key

HostKeyAlgorithms, Configuration File

HostKeyEkInitString, Certificates Stored in SAF, Configuration File

HostKeyEkProvider, Certificates Stored in SAF, Configuration File

HostKeyFile, Defining Server Host Key, Certificates Stored in File, Certificates Stored in File, Configuration File

hostkeys directory, From Tectia Server for IBM z/OS Version 5.x

hosts.equiv, Optional Configuration Settings

HostSpecificConfig, Host-Specific Subconfiguration, Configuration File

I

IdentityDispatchUsers, Configuration File

IdleTimeOut, Configuration File

IETF Secsh draft, Configuring Ciphers, Configuring MACs, Configuring KEXs, Configuring Host Key Signature Algorithms, Configuring Public Key Signature Algorithms

IgnoreRhosts, Optional Configuration Settings, Configuration File

IgnoreRootRhosts, Configuration File

incoming tunnels, Tunneling, Remote Tunnels

inetd, General Server Log Messages

INIT, SFTP

installation directories, Running Tectia and OpenSSH on the Same Host

installing Tectia Server for IBM z/OS, Installing the Tectia Server for IBM z/OS Software

invalid access attempt, Console Messages

IPv6 support, IPv6 Support, IPv6 Support on Tectia Server and client tools for IBM z/OS

K

KeepAlive, Configuration File

KEXs, Configuring KEXs, Configuration File

key exchange (KEX), Configuring KEXs

key fingerprint, Notifying the Users of the Host Key Change

key generation, Generating the Server Host Key Pair

Keyboard-Interactive authentication, User Authentication with Keyboard-Interactive, User Authentication - Keyboard-Interactive Password, User Authentication - Keyboard-Interactive

known hosts, Traditional Public Keys Stored in File

knownhosts directory, From Tectia Server for IBM z/OS Version 5.x

KnownHostsEkProvider, Certificates Stored in SAF, Configuration File

L

LDAPServers, Certificates Stored in File, Certificates Stored in SAF, Certificates Stored in File, Certificates Stored in SAF

legal disclaimer, Notification

line delimiters, Shell Access and Remote Commands, Configuring Terminal Data Conversion

listen address, Restricting Connections

listen port, Restricting Connections

ListenAddress, Restricting Connections, Configuration File

ListenerRetryInterval, Configuration File

load control, Load Control

LoadControl.Active, Load Control, Configuration File

LoadControl.DiscardLimit, Load Control, Configuration File

LoadControl.WhitelistSize, Load Control, Configuration File

local port forwarding, Local Tunnels

local tunnels, Local Tunnels

log messages

agent forwarding, Agent Forwarding

certificates, Certificate-Specific Code

common code, Common Code

cryptography support, Cryptography Support

host key, Host Key I/O

host-based authentication, User Authentication - Host-Based

Keyboard-Interactive, User Authentication - Keyboard-Interactive Password, User Authentication - Keyboard-Interactive

password authentication, User Authentication - Password

public-key authentication, User Authentication - Public Key

server, General Server Log Messages

session channel, Session Channels

SFTP, SFTP

SSH1 agent, SSH1 Agent Forwarding

tunneling, Port Forwarding

user authentication, User Authentication - Common

logging, Auditing, Logging, File Transfer Server Log Messages with Wrong Timestamps, Log Messages

login

restricting, Restricting User Logins

root, Configuring Root Logins

login process, sshd2, Login Process

LoginGraceTime, Configuration File, General Server Log Messages

M

MACs, Configuring MACs, Configuration File

man pages, Man Pages

man-in-the-middle attack, Notifying the Users of the Host Key Change

MapFile, Certificates Stored in File, Certificates Stored in SAF

MaxBroadcastsPerSecond, Configuration File

MaxConnections, Load Control, Configuration File

Message Authentication Code (MAC), Configuring MACs

message before login, Notification

migrated data sets, Setting Up Security for Processing Offline Data Sets

missing home directory, User Authentication - Host-Based

modifying configuration files, Editing Configuration Files

MOUNZFS, Option 1

multiple host keys, Defining Server Host Key

N

Network Address Translation (NAT), Optional Configuration Settings

network interface binding, Restricting Connections

NoDelay, Configuration File

O

OMVS segment, Permission Requirements

OpenSSH, Running Tectia and OpenSSH on the Same Host

OpenSSH host key, Using an OpenSSH Server Host Key

OSS licences, Open Source Software License Acknowledgements

outgoing tunnels, Tunneling, Local Tunnels

P

PARMLIB, Creating the SAMPLIB and PARMLIB Data Sets

PasswdPath, Configuration File

password authentication, Using Password Authentication, User Authentication with Passwords , User Authentication with Keyboard-Interactive, User Authentication - Keyboard-Interactive Password, User Authentication - Password

PasswordGuesses, Configuration File

pattern matching syntax, Restricting User Logins

permission requirements, Permission Requirements

PermitEmptyPasswords, Configuration File

PermitRootLogin, Configuration File

permitting root logins, Configuring Root Logins

PidFile, Configuration File

PKCS #7 package, Certificates Stored in File

Pki, Certificates Stored in File

PkiEkProvider, Certificates Stored in SAF

Port, Restricting Connections, Configuration File

port forwarding, Tunneling

local, Local Tunnels

remote, Remote Tunnels

port forwarding log messages, Port Forwarding

PrintMotd, Configuration File

private key

host, Defining Server Host Key, Certificates Stored in File

problem situations, Solving Problem Situations

process started, Console Messages

ProxyServer, Configuration File

pseudo-volume, Restoring Archived Data Sets

public-key authentication

server, Authenticating Remote Server Hosts, Server Authentication with Public Keys in File

user, Using Public-Key Authentication, User Authentication with Public Keys in File, Enabling Public-Key Authentication, User Authentication - Public Key

PublicHostKeyFile, Defining Server Host Key, Configuration File

Q

QuietMode, Configuration File

R

RACFPC, Preparing the System

RandomSeedFile, Configuration File

random_seed, From Tectia Server for IBM z/OS Version 5.x

reconfiguring the SOCKS Proxy, Reconfiguring ssh-socks-proxy

regular expressions (regex), sshregex

egrep, Regex syntax: egrep

ssh, Regex syntax: ssh

syntax, Restricting User Logins

traditional, Regex syntax: zsh_fileglob (or traditional)

zsh_fileglob, Regex syntax: zsh_fileglob (or traditional)

RekeyIntervalSeconds, Configuration File

related documents, About This Document

remote command, System Administration

remote port forwarding, Remote Tunnels

remote tunnels, Remote Tunnels

removing old versions, Upgrading Previously Installed Secure Shell Software

removing Tectia Server for IBM z/OS, Removing the Tectia Server for IBM z/OS Software

RequiredAuthentications, Configuration File

RequireReverseMapping, Configuration File, User Authentication - Common

ResolveClientHostName, Configuration File

restart, Console Messages

restarting SOCKS Proxy, Reconfiguring ssh-socks-proxy

restarting the Certificate Validator, Restarting and Stopping ssh-certd

restarting the server, Restarting and Stopping sshd2

restoring archived data sets, Restoring Archived Data Sets

restricting SFTP access, Restricting Access to User's MVS User Catalog

restricting tunneling, Restrictions to Tunneling

restricting user login, Restricting User Logins

reverse DNS mapping, User Authentication - Common

rhosts, Restricting User Logins

root login, Configuring Root Logins

root login denied, User Authentication - Common

running the server, Running the Server

S

SAF authentication

server, Certificates Stored in SAF

user, Certificates Stored in SAF

SAF keys in host-based authentication, Certificates Stored in SAF

sample files, Sample Files

SAMPLIB, Creating the SAMPLIB and PARMLIB Data Sets

scpg3, Terminology

secure application connectivity, Tunneling

secure configuration, Securing the Server

Secure File Transfer Protocol (SFTP), File Transfer Using SFTP

Secure Shell Certificate Validator, ssh-certd

Secure Shell Daemon, sshd2

SerialAndIssuer, Certificate User Mapping File

server

querying version, Running sshd2 as a Started Task

restarting, Restarting and Stopping sshd2

running, Running the Server

starting under USS, Starting sshd2 Manually under USS

stopping, Restarting and Stopping sshd2

server authentication

with public key, Server Authentication with Public Keys in File

with SAF keys, Certificates Stored in SAF

server authentication methods, Authentication

server banner message, Notification

server certificate, Server Authentication with Certificates

server configuration, Configuring the Server, Shell Access and Remote Commands

server configuration files, Server Configuration Files

server listen address, Restricting Connections

server listen port, Restricting Connections

server log messages, General Server Log Messages

session channel related log messages, Session Channels

setsid, General Server Log Messages

SettableEnvironmentVars, Configuration File

setting debug level, Setting the Debug Level

setting up a shell user, Setting Up a Shell User

sft-server-g3, Defining Subsystems, Logging SFTP Transactions , Enabling the SFTP Subsystem, File Transfer Server Log Messages with Wrong Timestamps

SFTP log messages, SFTP

SFTP subsystem, Enabling the SFTP Subsystem

sftpg3, Terminology

SftpSmfType, Configuration File

SftpSysLogFacility, Configuration File

shell access, System Administration

shell user, Setting Up a Shell User

ShellAccountCodeset, Configuring Terminal Data Conversion, Configuration File

ShellAccountLineDelimiter, Configuring Terminal Data Conversion, Configuration File

ShellConvert, Configuring Terminal Data Conversion, Configuration File

ShellTransferCodeset, Configuring Terminal Data Conversion, Configuration File

ShellTransferLineDelimiter, Configuring Terminal Data Conversion, Configuration File

ShellTranslateTable, Configuring Terminal Data Conversion, Configuration File

shosts, Restricting User Logins

shosts.equiv, Optional Configuration Settings, User Authentication - Host-Based

SIGHUP, General Server Log Messages

signal 29, Exceeding Maximum CPU Time

signature algorithms

host key, Configuring Host Key Signature Algorithms

public key, Configuring Public Key Signature Algorithms

SIGXCPU, Exceeding Maximum CPU Time

SMF Auditing, SMF Auditing

socket, System Limits and Requirements

SOCKS Proxy, Terminology, Transparent FTP Tunneling, Running SOCKS Proxy

configuring, Configuring SOCKS Proxy

reconfiguring, Reconfiguring ssh-socks-proxy

running as started task, Creating the SSHSP User, Running ssh-socks-proxy as a Started Task

starting manually, Starting ssh-socks-proxy Manually under USS

stopping, Stopping ssh-socks-proxy

SocksServer, Certificates Stored in File, Certificates Stored in SAF, Certificates Stored in File, Certificates Stored in SAF, Configuration File

ssh (regex), Regex syntax: ssh

ssh-broker-config.xml

auth-hostbased, Traditional Public Keys Stored in File, Certificates Stored in File

authentication-methods, Traditional Public Keys Stored in File, Certificates Stored in File

strict-host-key-checking, Notifying the Users of the Host Key Change

ssh-broker-ctl, Terminology

ssh-broker-g3, Terminology

ssh-certd, Terminology, ssh-certd

configuration file, Configuration File, Configuration File

options, Options

restarting, Restarting and Stopping ssh-certd

running as a started task, Running ssh-certd as a Started Task

starting manually under USS, Starting ssh-certd Manually under USS

stopping, Restarting and Stopping ssh-certd

ssh-cmpclient-g3, Certificates Stored in File

ssh-dummy-shell, ssh-dummy-shell

ssh-externalkeys, ssh-externalkeys

ssh-keydist-g3, Storing Remote Server Host Keys

ssh-keygen-g3, Using Public-Key Authentication, Generating the Server Host Key Pair

ssh-scepclient-g3, Certificates Stored in File

ssh-socks-proxy, Running SOCKS Proxy

ssh-socks-proxy-config.xml, From Tectia Server for IBM z/OS Version 5.x, Summary of Configuration Steps, Configuring SOCKS Proxy

default-settings, The ssh-socks-proxy-config.xml configuration file

filter-engine, The ssh-socks-proxy-config.xml configuration file

profiles, The ssh-socks-proxy-config.xml configuration file

static-tunnels, The ssh-socks-proxy-config.xml configuration file

ssh-socks-proxy-ctl, Running SOCKS Proxy

SSH1 agent forwarding log messages, SSH1 Agent Forwarding

ssh2_config, Traditional Public Keys Stored in File, Certificates Stored in File

SSHCERTD, Running ssh-certd as a Started Task

sshd-check-conf, sshd-check-conf

behavior, Behavior

examples, Examples

options, Options

sshd2, Terminology, sshd2

advanced configuration, sshd2_subconfig

configuration file, Configuration File

configuration file format, sshd2_config

files, Files

login process, Login Process

options, Options

SSHD2, Running sshd2 as a Started Task

sshd2_config, From Tectia Server for IBM z/OS Version 5.x, Server Configuration Files, Configuring Ciphers, Configuring MACs, Configuring KEXs, Configuring Host Key Signature Algorithms, Configuring Public Key Signature Algorithms, Restricting User Logins , sshd2_config, Default sshd2_config Configuration File

sshd2_config keyword

AddressFamily, Configuration File

AllowAgentForwarding, Agent Forwarding, Configuration File

AllowedAuthentications, User Authentication with Passwords , Enabling Public-Key Authentication, Certificates Stored in File, Certificates Stored in SAF, Certificates Stored in File, Certificates Stored in SAF, Configuration File

AllowGroups, Configuration File

AllowHosts, Configuration File

AllowSHosts, Optional Configuration Settings, Configuration File

AllowTcpForwarding, Configuration File

AllowTcpForwardingForGroups, Configuration File

AllowTcpForwardingForUsers, Configuration File

AllowUsers, Configuration File

AuthHostbased.Cert.Required, Certificates Stored in File, Certificates Stored in SAF, Configuration File

AuthHostbased.Cert.ValidationMethods, Certificates Stored in SAF, Configuration File

AuthInteractiveFailureTimeout, Configuration File

AuthKbdInt.FailureTimeout, User Authentication with Keyboard-Interactive

AuthKbdInt.NumOptional, User Authentication with Keyboard-Interactive, Configuration File

AuthKbdInt.Optional, User Authentication with Keyboard-Interactive, Configuration File

AuthKbdInt.Plugin, Configuration File

AuthKbdInt.Required, User Authentication with Keyboard-Interactive, Configuration File

AuthKbdInt.Retries, Configuration File

AuthorizationEkInitStringMapper, Configuration File

AuthorizationEkInitStringMapperTimeout, Configuration File

AuthorizationEkProvider, Certificates Stored in SAF, Configuration File

AuthorizationFile, Configuration File

AuthorizedKeysFile, Using Keys Generated with OpenSSH, Configuration File

AuthPassword.ChangePlugin, Configuration File

AuthPublicKey.Algorithms, Configuration File

AuthPublicKey.Cert.Required, Certificates Stored in File, Certificates Stored in SAF, Configuration File

AuthPublicKey.Cert.ValidationMethods, Certificates Stored in SAF, Configuration File

AuthPublicKey.MaxSize, Configuration File

AuthPublicKey.MinSize, Configuration File

BannerMessageFile, Configuration File

CertdListenerPath, Configuration File

CheckMail, Configuration File

ChRootGroups, Configuration File

ChRootUsers, Configuration File

Ciphers, Configuration File

DenyGroups, Configuration File

DenyHosts, Configuration File

DenySHosts, Optional Configuration Settings, Configuration File

DenyTcpForwardingForGroups, Configuration File

DenyTcpForwardingForUsers, Configuration File

DenyUsers, Configuration File

DisableVersionFallback, Configuration File

ExternalAuthorizationProgram, Configuration File

ForwardACL, Configuration File

ForwardAgent, Configuration File

HostbasedAuthForceClientHostnameDNSMatch, Traditional Public Keys Stored in File, Optional Configuration Settings, Configuration File

HostCertificateFile, Certificates Stored in File, Certificates Stored in File, Configuration File

HostIdMappingHostnames, Certificates Stored in SAF, Configuration File

HostKey.Cert.Required, Certificates Stored in File, Certificates Stored in SAF, Configuration File

HostKeyAlgorithms, Configuration File

HostKeyEkInitString, Certificates Stored in SAF, Configuration File

HostKeyEkProvider, Certificates Stored in SAF, Configuration File

HostKeyFile, Defining Server Host Key, Certificates Stored in File, Certificates Stored in File, Configuration File

HostSpecificConfig, Configuration File

IdentityDispatchUsers, Configuration File

IdleTimeOut, Configuration File

IgnoreRhosts, Optional Configuration Settings, Configuration File

IgnoreRootRhosts, Configuration File

KeepAlive, Configuration File

KEXs, Configuration File

KnownHostsEkProvider, Configuration File

ListenAddress, Configuration File

ListenerRetryInterval, Configuration File

LoadControl.Active, Configuration File

LoadControl.DiscardLimit, Configuration File

LoadControl.WhitelistSize, Configuration File

LoginGraceTime, Configuration File

MACs, Configuration File

MaxBroadcastsPerSecond, Configuration File

MaxConnections, Configuration File

NoDelay, Configuration File

PasswdPath, Configuration File

PasswordGuesses, Configuration File

PermitEmptyPasswords, Configuration File

PermitRootLogin, Configuration File

PidFile, Configuration File

Port, Configuration File

PrintMotd, Configuration File

ProxyServer, Configuration File

PublicHostKeyFile, Configuration File

QuietMode, Configuration File

RandomSeedFile, Configuration File

RekeyIntervalSeconds, Configuration File

RequiredAuthentications, Configuration File

RequireReverseMapping, Configuration File

ResolveClientHostName, Configuration File

SettableEnvironmentVars, Configuration File

SftpSmfType, Configuration File

SftpSysLogFacility, Configuration File

ShellAccountCodeset, Configuring Terminal Data Conversion, Configuration File

ShellAccountLineDelimiter, Configuring Terminal Data Conversion, Configuration File

ShellConvert, Configuring Terminal Data Conversion, Configuration File

ShellTransferCodeset, Configuring Terminal Data Conversion, Configuration File

ShellTransferLineDelimiter, Configuring Terminal Data Conversion, Configuration File

ShellTranslateTable, Configuring Terminal Data Conversion, Configuration File

SocksServer, Configuration File

StrictModes, Configuration File

StrictModes.UserDirMaskBits, Configuration File

Subsystem-<subsystem name>, Defining Subsystems, Handling Prematurely Ending File Transfers , Controlling Staging during File Transfers , Configuration File

SysLogFacility, Configuration File

Terminal.AllowGroups, Configuration File

Terminal.AllowUsers, Configuration File

Terminal.DenyGroups, Configuration File

Terminal.DenyUsers, Configuration File

UseCryptoHardware, Configuration File

UserConfigDirectory, Configuration File

UserKnownHosts, Traditional Public Keys Stored in File, Configuration File

UserSpecificConfig, Configuration File

UseSocks5, Configuration File

VerboseMode, Configuration File

WTORoutingCodes, Configuration File

sshd2_subconfig, sshd2_subconfig

options, Options

SSHENV, Environment Variables for Server and Client Applications

sshg3, Terminology

sshregex, sshregex

sshsetenv, Environment Variables for Server and Client Applications

SSHSP, Running ssh-socks-proxy as a Started Task

SSHSP user, creating, Creating the SSHSP User

ssh_banner_message, From Tectia Server for IBM z/OS Version 5.x

ssh_certd_config, From Tectia Server for IBM z/OS Version 5.x, Server Configuration Files, Restricting User Logins , ssh_certd_config, Default ssh_certd_config Configuration File

ssh_certd_config keyword

Cert.DODPKI, Configuration File

CertCacheFile, Configuration File

CrlAutoUpdate, Configuration File

CrlPrefetch, Configuration File

ExternalMapper, Configuration File

ExternalMapperTimeout, Configuration File

HostCA, Certificates Stored in File, Configuration File

HostCAEkProvider, Configuration File

HostCAEkProviderNoCRLs, Configuration File

HostCANoCRLs, Configuration File

LDAPServers, Certificates Stored in File

LdapServers, Configuration File

MapFile, Certificates Stored in File, Configuration File

OCSPResponderURL, Configuration File

PidFile, Configuration File

Pki, Certificates Stored in File, Configuration File

PkiDisableCrls, Configuration File

PkiEkProvider, Certificates Stored in SAF, Configuration File

QuietMode, Configuration File

RandomSeedFile, Configuration File

SocksServer, Certificates Stored in File, Configuration File

SysLogFacility, Configuration File

UseSocks5, Configuration File

UseSSHD2ConfigFile, Configuration File

VerboseMode, Configuration File

WTORoutingCodes, Configuration File

ssh_channel_request_env, Session Channels

ssh_ftadv_config, From Tectia Server for IBM z/OS Version 5.x

SSH_FXP_CLOSE, SFTP

SSH_FXP_EXTENDED, SFTP

SSH_FXP_FSETSTAT, SFTP

SSH_FXP_FSTAT, SFTP

SSH_FXP_INIT, SFTP

SSH_FXP_LSTAT, SFTP

SSH_FXP_MKDIR, SFTP

SSH_FXP_OPEN, SFTP

SSH_FXP_OPENDIR, SFTP

SSH_FXP_READDIR, SFTP

SSH_FXP_READLINK, SFTP

SSH_FXP_REALPATH, SFTP

SSH_FXP_REMOVE, SFTP

SSH_FXP_RENAME, SFTP

SSH_FXP_RMDIR, SFTP

SSH_FXP_SETSTAT, SFTP

SSH_FXP_STAT, SFTP

SSH_FXP_SYMLINK, SFTP

SSH_MVS_CONSOLE, Running SOCKS Proxy

SSH_SFT_PSEUDOVOLUME_VOLSERS, Restoring Archived Data Sets

staging, Controlling Staging during File Transfers

starting the server

as a started task, Running sshd2 as a Started Task

under USS, Starting sshd2 Manually under USS

starting the SOCKS Proxy, Starting ssh-socks-proxy Manually under USS

stop, Console Messages

stopping the Certificate Validator, Restarting and Stopping ssh-certd

stopping the server, Restarting and Stopping sshd2

stopping the SOCKS Proxy, Stopping ssh-socks-proxy

storing remote host keys, Storing Remote Server Host Keys

strict-host-key-checking, Notifying the Users of the Host Key Change

StrictModes, Configuration File, User Authentication - Host-Based

StrictModes.UserDirMaskBits, Configuration File

subconfig directory, From Tectia Server for IBM z/OS Version 5.x

subconfigurations, Defining Subconfigurations

Subject, Certificate User Mapping File

SubjectRegex, Certificate User Mapping File

subsystem, Defining Subsystems

Subsystem-<subsystem name>, Configuration File

subsystem-sftp, Enabling the SFTP Subsystem, Handling Prematurely Ending File Transfers , Controlling Staging during File Transfers

support, Customer Support

symmetric encryption, Configuring Ciphers

syslog, Auditing, Logging, File Transfer Server Log Messages with Wrong Timestamps

SysLogFacility, Configuration File

system configuration, Configuring the Server

system log, Logging

System Management Facilities (SMF), SMF Auditing

system requirements, System Requirements

T

task started, Console Messages

TCP permissions, Permission Requirements

TCP wrappers, General Server Log Messages

technical support, Customer Support

Tectia client tools for z/OS, Terminology

Tectia Server for IBM z/OS, Terminology

terminal data conversion, Configuring Terminal Data Conversion

Terminal.AllowGroups, Configuration File

Terminal.AllowUsers, Configuration File

Terminal.DenyGroups, Disabling Terminal Access , Configuration File

Terminal.DenyUsers, Disabling Terminal Access , Configuration File

terminology, Terminology

timestamp, File Transfer Server Log Messages with Wrong Timestamps

TN3270, Tunneling TN3270

transparent FTP tunneling, Secure File Transfer Using Transparent FTP Security

transparent TCP tunneling, Tunneling TN3270

troubleshooting, Troubleshooting Tectia Server for IBM z/OS

tunneling, Tunneling

access control, Restrictions to Tunneling

agent, Agent Forwarding

local, Local Tunnels

remote, Remote Tunnels

TN3270, Tunneling TN3270

transparent FTP, Secure File Transfer Using Transparent FTP Security

tunneling log messages, Port Forwarding

tunnels

local (outgoing), Local Tunnels

remote (incoming), Remote Tunnels

TZ, File Transfer Server Log Messages with Wrong Timestamps

U

ultimately restricted shell, ssh-dummy-shell

uninstalling Tectia Server for IBM z/OS, Removing the Tectia Server for IBM z/OS Software

unrecognized command, Console Messages

unrecognized command option, Console Messages

upgrade_history, From Tectia Server for IBM z/OS Version 5.x

upgrading Tectia Server for IBM z/OS, Upgrading Previously Installed Secure Shell Software

UseCryptoHardware, Cryptographic Hardware Support, Configuration File

user authentication

host-based, Host-Based User Authentication , Certificates Stored in File, Server Configuration, Certificates Stored in File, Certificates Stored in SAF

with certificates, User Authentication with Certificates

with Keyboard-Interactive, User Authentication with Keyboard-Interactive

with password, Using Password Authentication, User Authentication with Passwords

with public key, Using Public-Key Authentication, User Authentication with Public Keys in File, Enabling Public-Key Authentication

with SAF keys, Certificates Stored in SAF

user authentication log messages, User Authentication - Common , User Authentication - Host-Based , User Authentication - Keyboard-Interactive Password, User Authentication - Keyboard-Interactive, User Authentication - Password , User Authentication - Public Key

user authentication methods, Authentication

user login, restricting, Restricting User Logins

user name, Restricting User Logins

user requirements, Permission Requirements

user restrictions, Restricting User Logins

UserConfigDirectory, Configuration File

UserKnownHosts, Traditional Public Keys Stored in File, Configuration File

UserSpecificConfig, User-Specific Subconfiguration, Configuration File

UseSocks5, Configuration File

USS, Starting sshd2 Manually under USS

V

VerboseMode, Configuration File

version, Running sshd2 as a Started Task, Console Messages

version control information

branch, Console Messages

revision, Console Messages

virtual storage limit, Auxiliary Storage Shortage

volume serial number, Restoring Archived Data Sets

W

well-known port, Tunneling

white list, Load Control

Workload Manager (WLM), System Limits and Requirements

WTORoutingCodes, Configuration File, Configuration File

X

X.509 certificates, Certificates Stored in File, Certificates Stored in File

Z

zos-saf provider, External Key Providers

zsh_fileglob, Restricting User Logins

character sets, Character Sets for egrep and zsh_fileglob

patterns, Patterns