SSH

Password Stored in a File or Data Set

Password authentication normally requires user interaction. For situations where user interaction is not possible, for example when running Tectia client programs from JCL, you can have the password stored in a file or data set.

With sshg3, scpg3, and sftpg3, use the --password=file://FILE option to provide the password. With ssh-keydist-g3, use the --password-file FILE option to provide the password.

[Note]Note

When storing a password in a file or data set, make sure that the access permissions are correct.

For non-interactive batch jobs, we recommend that you use public-key authentication without a passphrase, or host-based authentication. These methods provide more security than a password stored in a file.

Password Stored in a File

To set up authentication with a password stored in a file:

  1. Create a file, for example /home/userid/passwd_file.

  2. The file must be readable to the user that created it only:

    $ chmod 600 /home/userid/passwd_file
    
  3. Edit the file with your favorite text editor to contain one line with your password on the remote system, for example:

    MyPasS
    

To use the password stored in a file, for example with sftpg3, run the following:

$ sftpg3 --password=file:///home/userid/passwd_file

Password Stored in a Data Set

To set up authentication with password stored in a data set:

  1. Allocate a data set or a data set member, for example:

    //'USERID.PASSWD'
    
  2. Make sure that the data set is accessible only by the correct user ID.

  3. Edit the password data set to contain your password on the remote system. The format of the password data set is one line containing only the password. For example:

    MyPasS
    

To use the password stored in a data set, for example with sftpg3, run the following:

$ sftpg3 --password=file://"//'USERID.PASSWD'"