z/OS OpenSSH

z/OS OpenSSH is a port of Open Source Software release OpenSSH 6.4p1 and provides secure encryption for both remote login and file transfer.

z/OS OpenSSH includes the following utilities:
  • ssh, a z/OS® client program for logging into a z/OS shell. It can also be used to log into other platform's UNIX shells. It is an alternative to rlogin.
  • scp for copying files between networks. It is an alternative to rcp.
  • sftp for file transfers over an encrypted ssh transport. It is an interactive file transfer program similar to ftp.
  • sshd, a daemon program for ssh that listens for connections from clients. The z/OS OpenSSH implementation of sshd supports both SSH protocol versions 1 and 2 simultaneously.

    The default sshd configuration only runs protocol version 2.

Other basic utilities such as ssh-add, ssh-agent, ssh-keysign, ssh-keyscan, ssh-keygen and sftp-server are also included.

To ensure secure encrypted communications, OpenSSH uses ciphers such as AES, Blowfish and 3DES.

z/OS OpenSSH provides the following z/OS extensions:
  • System Authorization Facility (SAF) key ring. z/OS OpenSSH can be configured to allow z/OS OpenSSH keys to be stored in SAF key rings.
  • Multilevel security. It is a security policy that allows the classification of data and users based on a system of hierarchical security levels combined with a system of non-hierarchical security categories.
  • System Management Facility (SMF). z/OS OpenSSH can be configured to collect SMF Type 119 records for both the client and the server.
  • Hardware Crypto Support. OpenSSH can be configured to choose Integrated Cryptographic Service Facility (ICSF) callable service for implementing the applicable SSH session ciphers and HMACs.

For more information about migrating from older releases of OpenSSH to the newest release, see the step called "OpenSSH: Accommodate a new level of OpenSSH" in the z/OS Upgrade Workflow (which is part of the z/OS product). Prior levels of the z/OS Upgrade Workflows are available online at z/OSMF workflows for the z/OS platform