OpenSSH and globalization

OpenSSH assumes that all text data traveling across the network is encoded in ISO/IEC 8859-1 (Latin-1). Specifically, OpenSSH treats data as text and performs conversion between the ASCII Latin-1 coded character set and the EBCDIC-coded character set of the current locale in the following scenarios:
  • ssh login session
  • ssh remote command execution
  • scp file transfers
  • sftp file transfers when the ascii subcommand is specified

The OpenSSH daemon (sshd) can understand and handle non-Latin-1 coded character sets on the network for interactive sessions, specifically sessions with a tty allocated. However, not all EBCDIC-coded character sets are compatible with ISO 8859-1. To determine if a coded character set is compatible with a particular locale, see the information about locales supplied with z/OS XL C/C++ in z/OS XL C/C++ Programming Guide.

Warning: If there is no one-to-one mapping between the EBCDIC coded character set of the session data and ISO 8859-1, then nonidentical conversions might occur. Specifically, substitution characters (for example, IBM-1047 0x3F) are inserted into the data stream for those incompatible characters. See Configuring the OpenSSH daemon and Configuring the OpenSSH client for more information.

Sessions that are considered interactive include:
  • The ssh login session when a tty is allocated. This is the default behavior.
  • The ssh remote command execution, when the -t option is used to allocate a tty.
The following scenarios are considered noninteractive and continue to interpret network data as ISO 8859-1:
  • The ssh login session when the -T option is specified (which disables tty allocation.)
  • The ssh remote command execution when the -t option is not specified. The default behavior is not to allocate a tty for remote command execution.
  • The scp file transfers
  • The sftp file transfers when the ascii subcommand is specified

The support provided by z/OS OpenSSH is summarized in Table 1. It lists the expected coded character set for the network data during both interactive and noninteractive OpenSSH sessions with various peers.

Table 1. Summary of support provided by OpenSSH V1R2
Scenario Session is: Client is running: Server is running: Coded character set of network data is:
1 Interactive z/OS® z/OS ASCII coded character set as defined by the chcp setting.

Restriction: The z/OS client expects Latin-1, so the ASCII coded character set must be handled accordingly on the server side. See Configuring the OpenSSH daemon for more information.
2 Interactive Non-z/OS UNIX (such as AIX®, Linux) or PC z/OS ASCII coded character set as defined by the chcp setting.
3 Interactive z/OS Non-z/OS UNIX (such as AIX, Linux) or PC ISO 8859-1
4 Noninteractive z/OS z/OS ISO 8859-1
5 Noninteractive Non-z/OS UNIX (such as AIX, Linux) or PC z/OS ISO 8859-1
6 Noninteractive z/OS Non-z/OS UNIX (such as AIX, Linux) or PC ISO 8859-1
Note that some OpenSSH sessions transfer data as binary. In other words, no character translation is performed. These include:
  • sftp sessions (when the ascii subcommand is not used)
  • Port-forwarded sessions
  • X11-forwarded sessions

Limitation: z/OS OpenSSH does not support multibyte locales.