It's sometimes convenient to create your own z/OS SSHD server on an alternate port for testing purposes. You can do this without any special privileges, and the SSHD server will run fine, except that it will only allow logins for the userid that it is running under.
This is especially handy if your Systems Programmer doesn't understand immediately that adding an SSH user subsystem doesn't introduce any new security risks.
Procedure J.1. General outline for adding a test SSHD server
Create your own ssh directory, say ~/sshd, and copy the file
zos$ mkdir ~/sshd zos$ cp /etc/ssh/sshd_config ~/sshd
In this directory, generate your host keys, as directed in the z/OS OpenSSH User's Guide.
If you can copy the keys in /etc/ssh directory, then you will avoid "host key" mismatch problems if you switch your SSH client from the production to the test server. If you do copy the production host keys, make sure that you change the file permissions to
600so that they can't be read by others.
Edit your copy of sshd_config:
Portline and set it to an available port
Uncomment / add the following lines (to use the private keys generated in the previous step):
HostKey ./ssh_host_rsa_key HostKey ./ssh_host_dsa_key
From a z/OS shell, change to the directory that you created and start your copy of SSHD:
/usr/sbin/sshd -e -D -f ./sshd_config
Note: If you are unable to execute
/usr/sbin/sshd, you may be able to copy it to your local directory, add the execute bit (
chmod +x ~/sshd/sshd) and run the above command using this local copy.
To connect to your test SSHD server from a client, don't forget to use the
-ssh -p portSSH option on your ssh commands.