DOKK / manpages / debian 12 / s390-tools / iucvtty.8.en
iucvtty(8) IUCV terminal applications iucvtty(8)

iucvtty - allow remote logins over z/VM IUCV

iucvtty [-h|--help]
iucvtty [-v|--version]
iucvtty [-a|--allow-from regex] terminal_id [-- login_program [login_options]]

The iucvtty application provides full-screen terminal access to a Linux instance running as a z/VM guest operating system. The iucvconn application is used to connect to a running iucvtty instance.

The terminal connection is based on the z/VM Inter-User Communication Vehicle (IUCV). z/VM IUCV establishes a communication path between two z/VM guest virtual machines on the same z/VM instance. Because z/VM IUCV is independent from TCP/IP, Linux instances with no external network can be accessed.

terminal_id identifies the z/VM IUCV connection and is similar to a port number in TCP/IP communications. terminal_id is case-sensitive and consists of up to 8 alphanumeric characters. It must be specified as a parameter in connection requests against a iucvtty instance.

When a connection is established, iucvtty starts a login program. When the login program ends, iucvtty also exits. Consider an inittab(5) entry to ensure that iucvtty is restarted and ready for the next terminal session.

Display a short help text and exit.
Display the version number of iucvtty, then exit.
Limit permissions for incoming connections to z/VM user IDs that match the regular expression regex. The connection is refused if the ID does not match. If this parameter is omitted, connections are permitted from any z/VM user ID.
login_program specifies the absolute path to the login program to be started when a connection is established. The default is /bin/login(1).
The login_program must be separated by two dashes (--).
Depending on the particular login program used, login_options specifies additional options.

To allow remote logins using the terminal identifier "lnxterm":


iucvtty lnxterm

To only allow users from LNXSYS01 to connect to terminal "lnxterm":


iucvtty -a LNXSYS01 lnxterm

To only allow users from LNXSYS10 through LNXSYS19 to connect to terminal "lnxterm":


iucvtty -a "LNXSYS1[0-9]" lnxterm

To use /sbin/sulogin instead of /bin/login for terminal "suterm":


iucvtty suterm -- /sbin/sulogin

An entry in /etc/inittab to facilitate user logins on terminal "lnxterm" with /bin/login could be:


t1:2345:respawn:/sbin/iucvtty lnxterm

An entry in /etc/inittab to facilitate user logins on terminal "suterm" with /sbin/sulogin in single user mode could be:


s1:S:respawn:/sbin/iucvtty suterm -- /sbin/sulogin

If the Linux kernel does not include kernel support for the AF_IUCV network addressing family, iucvtty exits and displays the message 'AF_IUCV address family is not available: Address family not supported by protocol'.

The iucvtty program can be used by regular users. Depending on the particular login program, iucvtty must be started with superuser privileges for user authentication and authorization. For instance, /bin/login requires superuser privileges and, thus, regular users must use a different login program.

Each connection attempt is logged to the authpriv syslog facility.

iucvtty uses pseudo-terminal (pts) devices to communicate with the login program. For security reasons, some login programs, like /bin/login, do not permit root logins on pseudo-terminal devices (see also /etc/securetty(5)).

To permit root logins, consider using HVC terminal devices that are provided by the z/VM IUCV hypervisor console (HVC) device driver.

See the af_iucv(7) manual page for details about IUCV authorizations.

iucvconn(1), login(1), pts(4), regex(7), securetty(5), af_iucv(7), hvc_iucv(9)

March 2009 s390-tools