how can COZ be setup to prevent using passwords ?

Discussion of the COZBATCH utility for z/OS
Post Reply
carls
Posts: 10
Joined: Mon Jan 21, 2019 1:34 pm

how can COZ be setup to prevent using passwords ?

Post by carls »

How can COZ be setup to prevent using passwords ?

From a z/OS batch perspective, it is possible to globally configure COZ, COZBATCH, cozftp from allowing a password to be used?

In other words, how can we ensure that only public/private key pairs can be used?

Thank you,
Carl
dovetail
Site Admin
Posts: 2022
Joined: Thu Jul 29, 2004 12:12 pm

Re: how can COZ be setup to prevent using passwords ?

Post by dovetail »

(for Co:Z SFTP questions, use the Co:Z SFTP forum; this one is for COZBATCH https://dovetail.com/products/cozbatch.html)

Note: all authentication is actually done by IBM z/OS OpenSSH, so your question is really about preventing OpenSSH password authentication.

You can add this to /etc/ssh_config:

PasswordAuthentication no

this will prevent users from using password authentication, but it does not prevent them from setting that option back to "yes" as a command line option or in their $HOME/.ssh/config file.

For sshd server, this same option in /etc/sshd_config will disable password authentication and a user will not be able to override it

If you collect SMF records with z/OS OpenSSH or zERT, you can audit which users/jobs use which kind of OpenSSH authentication.
carls
Posts: 10
Joined: Mon Jan 21, 2019 1:34 pm

Re: how can COZ be setup to prevent using passwords ?

Post by carls »

we will research that setting. Thank you
Post Reply