IBM Support

OA57724: NEW FUNCTION: HEALTH CHECKS FOR OPENSSH UPGRADE TO Z/OS V2R4 HCHECKER/K

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as new function.

Error description

  • Provide two Health Checks to identify OpenSSH config default
    value changes and unsupported algorithms in z/OS V2R4.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * All z/OS OpenSSH customers                                   *
    *                                                              *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * In z/OS V2R4, OpenSSH was upgraded to                        *
    * version 7.6p1 which changed many                             *
    * default values and supported                                 *
    * algorithms from the previous version                         *
    * of 6.4p1. Customers can run these                            *
    * health checks prior to z/OS V2.4 to                          *
    * identify the default and algorithm                           *
    * changes expected in z/OS V2.4.                               *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    Before the customer upgrades z/OS systems from V2R2/V2R3 to
    V2R4, an OpenSSH migration health check is provided to tell
    what default changes and which algorithms are not supported
    in z/OS V2R4.
    
    When OpenSSH daemon (sshd) starts up, two health checks
    will be registered to z/OS Health Checker. Upon activation of
    these checks, configuration files will be examined to show
    which default values are changed in V2R4, and which values
    are no longer supported in z/OS V2R4.
    
    The default configuration files checked are
    /etc/ssh/ssh_config and /etc/ssh/sshd_config. If these
    default configuration files are not used, then the health
    checks accept parameter overrides for specification of the
    correct location for the configuration files.
    

Problem conclusion

  • Keyword: HCHECKER/K
    

Temporary fix

Comments

  • Introduce two Health Check items:
    Health check ZOSMIGV2R4_SSH_CONFIG is to check the settings
    in SSH config file. The default check path is
    /etc/ssh/ssh_config.
    Health check ZOSMIGV2R4_SSHD_CONFIG is to check the settings
    in SSH daemon config file. The default check path is
    /etc/ssh/sshd_config.
    
    Before upgrading to z/OS V2R4, those checks can help to find
    out the default value changes and unsupported values in SSH
    and SSHD config file.
    

APAR Information

  • APAR number

    OA57724

  • Reported component name

    OPENSSH FOR Z/O

  • Reported component ID

    5655M2301

  • Reported release

    230

  • Status

    CLOSED UR1

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    YesSpecatt / New Function / Xsystem

  • Submitted date

    2019-06-04

  • Closed date

    2019-09-03

  • Last modified date

    2019-11-01

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UJ00695 UJ00696

Modules/Macros

  • FOTM4RSD FOTM4ASD FOTM4RSH FOTM4ASH FOTSXSHD
    

Publications Referenced
SC23684330    

Fix information

  • Fixed component name

    OPENSSH FOR Z/O

  • Fixed component ID

    5655M2301

Applicable component levels

  • R220 PSY UJ00696

       UP19/10/03 P F910  

  • R230 PSY UJ00695

       UP19/10/03 P F910  

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU011","label":"Systems - zSystems software"}, "Product":{"code":"SG19O","label":"APARs - MVS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"230","Edition":""},{"Business Unit":{"code":"BU011","label":"Systems - zSystems software"}, "Product":{"code":"SG19M","label":"APARs - z/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"230","Edition":""}]

Document Information

Modified date:
01 November 2019