FWIW, a very interesting way to authenticate z/OS OpenSSH sessions is using Kerberos (perhaps with Windows Active Directory).
z/OS provides Kerberos as part of its free feature " z/OS Network Authentication Service", and this is compatible with a Windows Active Directory domain and MIT Kerberos on Unix/Linux. The learning curve for setting this up is steep, but here is a SHARE session and a white paper to kick start things: *The Three Headed Dog Ate My SSH Keys! - Using OpenSSH in a Single Sign-on Corporate Environment with z/OS, Windows and Linux* <http://s23.a2zinc.net/clients/SHARE/Winter2016/Public/sessions.aspx?ID=81&sortMenu=104002#> http://s23.a2zinc.net/clients/SHARE/Winter2016/Public/SessionDetails.aspx?SessionID=103&SessionDateID=4 *Using OpenSSH in a Single Sign-On Corporate Environment with z/OS, Windows and Linux* https://dovetail.com/docs/ssh/kerberos_sso.pdf Kirk Wolf Dovetailed Technologies http://dovetail.com ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
