z/OS OpenSSH

z/OS OpenSSH is a port of Open Source Software release OpenSSH 6.4p1 and provides secure encryption for both remote login and file transfer.

z/OS OpenSSH includes the following utilities:
  • ssh, a z/OS® client program for logging into a z/OS shell. It can also be used to log into other platform's UNIX shells. It is an alternative to rlogin.
  • scp for copying files between networks. It is an alternative to rcp.
  • sftp for file transfers over an encrypted ssh transport. It is an interactive file transfer program similar to ftp.
  • sshd, a daemon program for ssh that listens for connections from clients. The z/OS OpenSSH implementation of sshd supports both SSH protocol versions 1 and 2 simultaneously.

    The default sshd configuration only runs protocol version 2.

Other basic utilities such as ssh-add, ssh-agent, ssh-keysign, ssh-keyscan, ssh-keygen and sftp-server are also included.

To ensure secure encrypted communications, OpenSSH uses ciphers such as AES, Blowfish and 3DES.

z/OS OpenSSH provides the following z/OS extensions:
  • System Authorization Facility (SAF) key ring. z/OS OpenSSH can be configured to allow z/OS OpenSSH keys to be stored in SAF key rings.
  • Multilevel security. It is a security policy that allows the classification of data and users based on a system of hierarchical security levels combined with a system of non-hierarchical security categories.
  • System Management Facility (SMF). z/OS OpenSSH can be configured to collect SMF Type 119 records for both the client and the server.
  • Hardware Crypto Support. OpenSSH can be configured to choose Integrated Cryptographic Service Facility (ICSF) callable service for implementing the applicable SSH session ciphers and HMACs.