Your Browser is not longer supported

Please use Google Chrome, Mozilla Firefox or Microsoft Edge to view the page correctly
Loading...

{{viewport.spaceProperty.prod}}

BS2000-specific restrictions

&pagelevel(3)&pagelevel

When working with OpenSSH in a BS2000 environment, the special aspects described below must be borne in mind.


Use of a user’s own resolver library instead of the BCAM host name

To resolve host names, OpenSSH(BS2000) uses neither the BCAM host tables nor the resolver on the BS2000 side which is configured in the $TSOS.SYSDAT.SOCKETS.nnn.SOC6.RESOLV or $TSOS.SYSDAT.LWRESD.nnn.RESOLV.CONF file, but the DNS resolver library of TCP-IP-SV:DNS(BS2000) (see chapter “DNS”). As a result the sshd daemon is independent of the BCAM version used and behaves in the same way as applications such as TCP-IP-SV:DNS(BS2000) and APACHE(BS2000). Prerequisites here are that the /etc/resolv.conf file exists and contains the address of at least one valid DNS name server.

When TCP-IP-SV:OPENSSH is installed, a check is made to see whether the /etc/resolv.conf file exists. The option is also available of taking over any existing configuration from $TSOS.SYSDAT.LWRESD.nnn.RESOLV.CONF or
$TSOS.SYSDAT.SOCKETS.nnn.SOC6.RESOLV to a newly created /etc/resolv.conf.

The complete DNS name and the complete IPv4 or IPv6 address are also entered in the lastlog file so that the place where the remote login took place can be ascertained. Here the host name is used in the notation in which it was supplied by the name server, i.e. normally in lower case. This behavior is compatible with other Unix platforms, but differs from the behavior of the POSIX rlogin. The POSIX rlogin always uses BCAM names in upper case.

In the case of ssh connections or ssh-keyscan calls from POSIX, the behavior described also means that host names which are not entered in the DNS resolver library of TCP-IP-SV:DNS(BS2000) but are entered in the BCAM host table are invisible for ssh and ssh-keyscan and thus invalid.

In this case you must therefore

  • specify the associated IP addresses or

  • use a name entered in the DNS resolver library of TCP-IP-SV:DNS(BS2000) or

  • enter the BCAM names “manually” in the /etc/hosts file.


Prompt when the password is empty

Normal Unix systems do not request a password if they use login or slogin to log into an ID without a password. However, the POSIX rlogin requests a password to be entered even for an ID without a password. This behavior does not result in increased security, though, because it is at the same time possible to issue an rsh command without a password for the same ID.

Here OpenSSH behaves like the other Unix systems and does not ask for a empty password. However, as a login to IDs without a password is, by default, blocked in OpenSSH, in this case you must set the PermitEmptyPasswords directive in the configuration file /etc/ssh/sshd_config to “yes”.


Upper/lower case in the user name

Unlike in Unix operating system, no distinction is made between upper and lower case in BS2000 and BS2000 POSIX. Thus in BS2000 and POSIX the user “Username” can log on as “username”, “USERNAME” or “uSeRnAmE”. The name of the user who has logged on is recorded in the /var/adm/utmp file. You can use the who command to have the user name displayed.

Whereas rlogin enters the user name in upper case, OpenSSH specifies the user name in lower case (as is usual in Unix operating systems).

Powered by Atlassian Confluence and Scroll Viewport.