Open SSH for OS/390
Open SSH is well documented at www.openssh.org and open ssl is equally well documented at
www.openssl.org
The Ports presented here are somewhat back level, but are very stable.
scp only works with ascii files binary files will be corrupted, you can use
uuencode to pre-code binary files so that scp can copy them and then uudecode to get them back. The problem is that
the built in translation table is NOT one to one , if anyone knows how to specify a user translation table please let me know
You can email me if you have questions at alan@nichols.de
If you want to thank someone then write to Mike McIsaac and the members of the red book team
for putting together the red book that made this possible
Instructions
Please read carefuly and follow these instructions ;-)
- Collect zlib, unpack it and make it
- Install and start your random number generator as documented below
- Collect openssl unpack it make and make install it
- Now create a symbolic link in the openssl directory like this:
ln -s blah blah
- Collect openssh unpack it NB: IF YOU USE THE CONFIGURE SCRIPT
YOU WILL HAVE TO MANUALLY EDIT THE Makefile so that the compiler options are in the right order. I have already run
configure and the Makefile should work for you as it is so just use make and make install. Copy the zlib headers
to the directory where you unpacked openssh if your compiler cant find them !
- Now mark the sshd as apf authorized in the HFS
su;extattr +ap /usr/local/sbin/sshd
- Now make your hostkey
/usr/local/bin/ssh-keygen -f /etc/ssh/ssh_host_key if you get the message:
ssh-keygen: no RSA support in libssl and libcrypto. See ssl(8).
you havent started randy !!
- Now start the ssh server
- Use the freeware program putty if you are using windows as a client, sensible operating systems
have their own client ;-)
- Place the command
setty sanein your .profile or the system shell profile ..
- Enjoy - write IBM and tell them how important freeware is and ask them to support ssh in future z/390 releases.
The gzips contain the binaries compiled under 2.9 should your site not have a C compiler license
Here is some JCL to start your ssh server, you should define the RACF user for this task
as protected and with uid 0 /tmp as home and /bin/sh as program
//PTCPSSHD PROC
//INET EXEC PGM=BPXBATCH,REGION=4096K,TIME=NOLIMIT,ACCT=&IPACCNT,
// PARM='SH /usr/local/sbin/sshd -h /etc/ssh/ssh_host_key'
//CEEDUMP DD SYSOUT=*
//SYSERR DD PATH='/tmp/sshd.syserr',
// PATHOPTS=(OWRONLY,OCREAT,OTRUNC),
// PATHMODE=SIRWXU
//STDOUT DD PATH='/tmp/sshd.stdout',
// PATHOPTS=(OWRONLY,OCREAT,OTRUNC),
// PATHMODE=SIRWXU
//STDERR DD PATH='/tmp/sshd.stderr',
// PATHOPTS=(OWRONLY,OCREAT,OTRUNC),
// PATHMODE=SIRWXU
//SYSOUT DD PATH='/tmp/sshd.sysout',
// PATHOPTS=(OWRONLY,OCREAT,OTRUNC),
// PATHMODE=SIRWXU
//PTCPRAND PROC
//RAND EXEC PGM=BPXBATCH,REGION=0M,TIME=NOLIMIT,ACCT=&IPACCNT,
// PARM='SH /usr/local/bin/randy'
//SYSOUT DD SYSOUT=*
//SYSPRINT DD SYSOUT=*
//CEEDUMP DD SYSOUT=*
//SYSERR DD PATH='/tmp/randy.syserr',
// PATHOPTS=(OWRONLY,OCREAT,OTRUNC),
// PATHMODE=SIRWXU
//STDOUT DD PATH='/tmp/randy.stdout',
// PATHOPTS=(OWRONLY,OCREAT,OTRUNC),
// PATHMODE=SIRWXU
//STDERR DD PATH='/tmp/randy.stderr',
// PATHOPTS=(OWRONLY,OCREAT,OTRUNC),
// PATHMODE=SIRWXU
//SYSOUT DD PATH='/tmp/randy.sysout',
// PATHOPTS=(OWRONLY,OCREAT,OTRUNC),
// PATHMODE=SIRWXU
/*REXX*/
fname = '/dev/urandom'
"/usr/sbin/mknod " fname " p"
do forever
address syscall 'open' fname O_wronly 644
if retval=-1 then do ; say 'file not opened' errno errnojr; exit; end
fd = retval
randomish_number=""
do i=1 to 80
randomish_number=random(0,9)||randomish_number
end
randomish_number=randomish_number || esc_n
address syscall 'write ' fd ' randomish_number ' length(randomish_number)
if retval=-1 then say 'error code ' errno errnojr
address syscall 'close' fd
address syscall 'sleep 1'
end