Creating the Server Host Key Pair
The server must have, and client users may have, a key pair consisting of a
private key and a public key for authentication. You must secure the
private key so that only the user running sshd2 has access to it. A certificate
containing the public key may be used instead of the public key.
SSH Tectia Server (M) includes a program that generates a key pair, ssh-keygen2,
which is in /usr/lpp/ssh2/bin. The setup script creates a key pair for
the server unless a key pair is already available as /etc/ssh2/hostkey
and /etc/ssh2/hostkey.pub. A new server key can be created also manually
if necessary.
Creating a Key Pair Manually
The server key pair can be created as a separate operation before or after running the setup script.
Create the directory /etc/ssh2 if it does not already exist.
Generate the key pair for the server in such a way that the private key
has no passphrase (option -P). The server will then start up
without any operator interaction to enter a passphrase. Protect the key
with file system access rules. The private key (/etc/ssh2/hostkey)
must be accessible only by the SSHD2 user.
The utility ssh-keygen2 may be used to generate the key pair.
Switch to the SSHD2 user (if not already) and enter the command:
>/usr/lpp/ssh2/bin/ssh-keygen2 -t rsa -b 1024 -P /etc/ssh2/hostkey
This will create a new 1024-bit RSA key pair and store it under /etc/ssh2.
