I found an unexpected security problem with the IBM SSH Server on Windows ( DB2 10.5 ).
The problem: The server allows at default all user to connect with full "Windows"- rights. Using WinSCP ( or other tools ),an connected user can manipulate all files on that server. I don't tried to execute malicious programs.
How can we Windows-Admins (and why must be) configure this thing ? The IBM SSH is mostly undocumented at DB2 10.5 info center.
( meanwhile, If found a way to limit it to local Windows-Admins but, this is not the point)
The "old" admin server (DAS) does a better job at default.
And again: No Windows Server needs an SSH server. All admin tasks can be executed using Windows RPC calls.