Adding user access to the SSH server

You can add a user to the SSH server after the user shares their valid public key file.

Before you begin

  • Ensure that the user you want to add access for shares their public key file by using your customer-defined process.
  • Ensure that the user has a user ID for the z/TPF system that is defined in the /etc/passwd file.
  • Ensure that you are connected to the SSH server.

About this task

After the user that you want to add shares their public key file, that file must be transferred to the z/TPF system and specified as an input key file on the ZSSHD MANAGE command.

The input key file must be transferred to the z/TPF system in binary format, but it can be any file name and stored in any accessible directory on the z/TPF system. If the input key file is found and valid, the system adds the key to the /certs/authorized_keys/username.keys file. This file is created if it does not exist. After a public key is added to the SSH server, the system removes the input key file to ensure that public key files do not exist in random locations in the file system.

If a user has multiple remote clients that they use to connect to the SSH server on the z/TPF system, the public key from each remote client must be added to the z/TPF system. Use this procedure for each public key that you want to add for the user.

Procedure

  1. Start of changeEnsure that the user public key is in the correct format. For more information, see Getting started. End of change
  2. Securely transfer the user public key to the z/TPF system in binary format.
  3. Enter the ZSSHD MANAGE command with the ADD parameter specified to add the user.
    Specify the z/TPF user ID for the user, the input key file that was shared by the user, and a unique label to associate with the user key.

Results

The user can now securely transfer files to the z/TPF system from their remote client.

Example

The following example shows the overall process flow when you add a user to the SSH server. In this example, the user ID for the user is tpfuser1, and the public key for their Linux® system is contained in a file named linuser1.pub.

  1. The user shares the linuser1.pub public key file by using a customer-defined process.
  2. You use SFTP to transfer the linuser1.pub file securely to the /tmp directory on the z/TPF system.
  3. You enter the following command to add the user and assign a unique label to the key: 
    ZSSHD MANAGE tpfuser1 ADD KEY-/tmp/linuser1.pub LABEL-tpfuser1Linux
  4. The system processes the ZSSHD MANAGE command as follows:
    1. Validates that tpfuser1 is a valid user ID that is defined in the /etc/passwd file.
    2. If the tpfuser1 user ID is valid, the public key that is contained in the /tmp/linuser1.pub file is added to the /certs/authorized_keys/tpfuser1.keys file. If the /certs/authorized_keys/tpfuser1.keys file does not exist, it is created.
      The public key is parsed from the input key file and stored in the following format:
      ssh-rsa public_key LABEL-tpfuser1Linux TIMESTAMP-timestamp
      public_key
      The public key for the user.
      timestamp
      A numerical representation of the time the public key was added for the user.
    3. The input key file /tmp/linuser1.pub is removed from the file system.