How can COZ be setup to prevent using passwords ?
From a z/OS batch perspective, it is possible to globally configure COZ, COZBATCH, cozftp from allowing a password to be used?
In other words, how can we ensure that only public/private key pairs can be used?
Thank you,
Carl
how can COZ be setup to prevent using passwords ?
Re: how can COZ be setup to prevent using passwords ?
(for Co:Z SFTP questions, use the Co:Z SFTP forum; this one is for COZBATCH https://dovetail.com/products/cozbatch.html)
Note: all authentication is actually done by IBM z/OS OpenSSH, so your question is really about preventing OpenSSH password authentication.
You can add this to /etc/ssh_config:
PasswordAuthentication no
this will prevent users from using password authentication, but it does not prevent them from setting that option back to "yes" as a command line option or in their $HOME/.ssh/config file.
For sshd server, this same option in /etc/sshd_config will disable password authentication and a user will not be able to override it
If you collect SMF records with z/OS OpenSSH or zERT, you can audit which users/jobs use which kind of OpenSSH authentication.
Note: all authentication is actually done by IBM z/OS OpenSSH, so your question is really about preventing OpenSSH password authentication.
You can add this to /etc/ssh_config:
PasswordAuthentication no
this will prevent users from using password authentication, but it does not prevent them from setting that option back to "yes" as a command line option or in their $HOME/.ssh/config file.
For sshd server, this same option in /etc/sshd_config will disable password authentication and a user will not be able to override it
If you collect SMF records with z/OS OpenSSH or zERT, you can audit which users/jobs use which kind of OpenSSH authentication.
Re: how can COZ be setup to prevent using passwords ?
we will research that setting. Thank you