What z/OS OpenSSH does not support
z/OS OpenSSH does
not support the following functionality:
- AFS token passing
- Kerberos (except through the use of GSS-API)
- Pluggable Authentication Module (PAM)
- Print last log
- Smart cards
- "Keyboard-interactive" user authentication
- TCP wrappers
- Tunnel device forwarding
User-defined subsystems treat data as binary. Subsystems
are a feature of SSH protocol version 2 which facilitate the use of ssh as
a secure transport for other applications such as sftp.
However, you can define your own subsystem using the Subsystem keyword
of sshd_config. The subsystem is then invoked as a remote command.
For example:
Subsystem backups /home/billyjc/backups.sh
By default, the network data for a subsystem is treated
as binary. Any output generated by a subsystem will not be displayed
correctly between z/OS systems unless steps are taken to convert
the data. The included sftp subsystem must be
treated as binary, but connections for user-defined subsystems that
are not binary may use the ChannelConvert option.
The ChannelConvert option may be used in
a Host or Match block to convert data for selected connections. See
the description for ChannelConvert in zos_ssh_config — z/OS-specific system-wide OpenSSH client configuration file and zos_sshd_config — z/OS-specific OpenSSH daemon configuration file.Note: ChannelConvert should be
added with caution to zos_ssh_config or zos_sshd_config so
that it does not cause connections to fail, since they are or are
not converting data as required.
z/OS OpenSSH does not support multibyte locales. z/OS OpenSSH does not support running in multibyte locales. It currently only supports single-byte locales that are compatible with ASCII coded character set ISO/IEC 8859-1. For more information, see Globalization on z/OS systems.