protection to sshd subsystem: sftp



Ask about System customization & performance, Workload management, I/O device configuration etc.

protection to sshd subsystem: sftp

Postby Shady » Wed Sep 08, 2010 9:33 am

Hi all....


My question addresses TCPIP...:
I know I can reserve a port like this..
PORT 22 TCP SSHD* SAF SSHD
where the SAF SSHD identifies the following SERVAUTH profile:
EZB.PORTACCESS.sysname.tcpname.SSHD
This would reserve the port for the SSHD* proc started by the User who have permit to the SSHD resname...

The background is the following...:
SFTP is a subsys of the SSHD. SSHD forks processes in the USS on that port (def. 22).
We want protect SFTP to some users. The problem is that the fork is independent of the users which starts SFTP request because when SSHD started the forks would be permit through the SSHD* user...

So... Perhaps someone have an idea to protect the sftp subsystem to some users like it is done by normal FTP (EZB.FTP.sysname.ftpdaemonname.PORTnnnnn)...?
It haven't to be with a port statement. Maybe someone have an other idea? Preferred with RACF options...

THX
Shady
Shady
 
Posts: 9
Joined: Sat Mar 13, 2010 11:55 am
Has thanked: 1 time
Been thanked: 0 time

Return to System programming

 


  • Related topics
    Replies
    Views
    Last post