Installing the Tectia SSH Assistant ISPF Application

The Tectia SSH Assistant (SSZASST) ISPF application provides an interface for installing and configuring Tectia Server for IBM z/OS and its client tools. It is designed to simplify the process of installing the product tar archive appropriately and performing the multiple configuration tasks required using traditional MVS tools (ISPF and JCL), without requiring the use of the Unix shell.

  1. If you have not yet done so, transfer the Tectia SSH Assistant application XMIT file and the Tectia Server for IBM z/OS product tar archive in binary mode to your z/OS system. For instructions, see Uploading Files Required for Installation.

  2. On the z/OS host, receive the Tectia SSH Assistant data set via the following command (replace dataset.xmit with the actual name of the uploaded XMIT data set, if needed):


    In response to the RECEIVE prompt, you may enter the usual parameters to control the creation of the received data set, or just press enter to take the defaults and create a data set called prefix.SSZASST.PDS.

  3. Inside the restored data set you will find a Rexx script called $RECEIVE. EXEC the script to set up the application libraries:


    (Alternatively, you can simply type EXEC next to $RECEIVE in a member list.)

    This Rexx will prompt for the HLQ under which the application libraries are to be set up, as well as optional VOLSER, if needed.

  4. Press Enter repeatedly to page through the command output.

    The following libraries will be created, assuming default names:

  5. The Tectia SSH Assistant application requires the Rexx runtime or Rexx alternate libraries to execute. The Rexx Alternate Library SEAGALT (for example, FAN140.SEAGALT or IBM.REXX.SEAGALT, etc.), which is shipped as part of z/OS since version 1.9, may be used to satisfy this requirement. Make sure that SEAGALT is available in the linklist or in a STEPLIB allocated to your TSO session.

    The following message indicates that a suitable Rexx runtime was not found:

    IRX0159E The run time processor EAGRTPRC is not available

    To solve the issue, add a line to the appropriate PARMLIB(PROGxx) member such as:

  6. Set up the Tectia SSH Assistant application to be invoked. The simplest way to do this is to EXEC prefix.SSZASST.CEXEC(SSZ) directly, which will use LIBDEF to allocate the panel and skeleton libraries, assuming they share the same qualifiers as the Rexx library:


    Alternatively, you can concatenate the libraries to the appropriate DDs in your TSO logon procedure, or copy their contents to allocated user ISPF data sets.

    Tectia SSH Assistant main menu

    Figure 2.1. Tectia SSH Assistant main menu

The mode of operation of Tectia SSH Assistant follows a probably familiar approach of collecting settings, generating JCL jobs and configuration files, and then executing those jobs. Since there are many steps which must be run by a privileged user, such as granting RACF permissions, defining file systems, etc., the install jobs may be run by other users than the one who generated them.

Table 2.1. ISPF Tectia SSH Assistant Menu Structure

Menu itemDescription
0 SETM Installation settings and defaults submenu
0.1 SETI Define settings for installation input
0.2 SETO Define settings for installation output
0.3 SETL Load settings profile from logged definition
1 GENJ Generate installation jobs
1.1 INSTUSER Grant permissions to user doing install
1.2 CPGMCTL Ensure C library program-controlled
1.3 ADDSSHDU Set up SSH Server user
1.4 ADDSOXPU Set up SOCKS Proxy Server user
1.5 CSFSERV ICSF permissions
1.6 SERVAUTH Port 22 control
1.7 SAVE (Save previous installation key data)
1.8 ZFS Define installation ZFS
1.9 LOAD Load installation ZFS
1.10 RESTORE (Restore previous installation key data)
1.11 SYMLINK Create /opt/tectia symlink
1.12 SSZLIBS Sample JCL and PARM libraries
1.13 PROCLIB Set up started task procedures
1.14 LICENCE Install licenses from supplied tarball
1.15 KEYGEN Generate server host keys
99 GENALL Generate all jobs
2 INST Perform the step-by-step installation
2.1 JOBS Member list of generated installation jobs (prefix.SSZ.INSTALL.CNTL)
2.2 LOG Browse log of settings and executed jobs (prefix.SSZ.INSTALL.LOG)
3 CONF Manage configuration files
3.1 ETCD View the installation etc directory
3.2 SSHD2 SSHD2 server configuration file (/opt/tectia/etc/sshd2_config)
3.3 CERT Certificate Validator configuration file (/opt/tectia/etc/ssh_certd_config)
3.4 SOXP SOCKS Proxy configuration file (/opt/tectia/etc/ssh-socks-proxy-config.xml)
4 TASK Start/stop/modify started tasks
4.1 TSRV Control the SSH server
4.2 TCRT Control the certificate server
4.3 TSXP Control the Socks proxy server