SSH Tectia® Server 5.5 for IBM z/OS

Product Description

SSH Communications Security Corp.

Copyright © 2005–2007 SSH Communications Security Corp.

This software is protected by international copyright laws. All rights reserved. ssh® and Tectia® are registered trademarks of SSH Communications Security Corp in the United States and in certain other jurisdictions. The SSH and Tectia logos are trademarks of SSH Communications Security Corp and may be registered in certain jurisdictions. All other names and marks are property of their respective owners.

No part of this publication may be reproduced, published, stored in an electronic database, or transmitted, in any form or by any means, electronic, mechanical, recording, or otherwise, for any purpose, without the prior written permission of SSH Communications Security Corp.

THERE IS NO WARRANTY OF ANY KIND FOR THE ACCURACY OR USEFULNESS OF THIS INFORMATION EXCEPT AS REQUIRED BY APPLICABLE LAW OR EXPRESSLY AGREED IN WRITING.

30 September 2007

Table of Contents

1. About This Document

Documentation Conventions
Customer Support

2. Introduction

Secure TCP/IP Connectivity

Threats and Attacks
Security Services

Secure Shell Protocol

Protocol
Authentication
Different Protocol Versions

3. Key Applications for SSH Tectia

Secure System Administration
Secure File Transfer
Secure Application Connectivity

4. Architecture

SSH Tectia Solution Components

SSH Tectia Server
SSH Tectia Client
SSH Tectia Connector

Server Authentication

User Authentication

Tunneling Applications
Tunneling FTP
Tunneling with SSH Tectia Connector

Transparent FTP Tunneling

FTP-SFTP Conversion

5. Use Cases

Secure System Administration
Secure System Administration with RSA SecurID
Secure Application Connectivity with Application Login
Secure TN3270 Application Connectivity to IBM Mainframes
Remote Access with SSH Tectia Client/Server
Remote Access through Nested Tunnels
Transparent FTP Tunneling
FTP-SFTP Conversion

6. Choosing the Authentication Method

Password Authentication

Advantages and Disadvantages of Password Authentication

Public-Key Authentication

Authentication Procedure
Advantages and Disadvantages of Public-Key Authentication

Certificate Authentication and PKI

Certificate Enrollment
Certificate Revocation
Authentication Procedure
Certificate Authentication on IBM z/OS
Advantages and Disadvantages of Certificate Authentication

Making the Most of Public Keys and PKI

Certificates and Keys on Smart Cards
Authentication Agents and Key Providers

Host-Based Authentication

Advantages and Disadvantages of Host-Based Authentication

Keyboard-Interactive Authentication

Advantages and Disadvantages of Keyboard-Interactive Authentication
Password Submethod
PAM Submethod
RSA SecurID Submethod
RADIUS Submethod

7. Product Specification

Main Features

Secure Shell Protocol Features
Secure File Transfer
High Performance with SSH G3
User Authentication
Ease of Use
Enhanced File Transfer (EFT) Expansion Pack (Optional)
SSH Tectia Connector and Tunneling Expansion Pack for SSH Tectia Server (Optional)
SSH Tectia Server for IBM z/OS (Optional)

SSH Tectia Server and Client Version Differences

Technical Specifications

Supported Operating Systems
Hardware Requirements
PKI Features
Supported Third-Party Products
Supported Cryptographic Algorithms, Protocols, and Standards