Using Public-Key Authentication
In public-key authentication, the server authenticates the user by the
presence of the user's public key in the user's $HOME/.ssh2
directory (see the man pages for details). The public key ties the user
ID to the user's private key.
To generate a key pair, run a command such as the following:
>/usr/lpp/ssh2/bin/ssh-keygen2 -t rsa -b 1024 /u/USERB/.ssh2/userb-key
Generate the identification file that contains the name of your private key:
>echo "IdKey userb-key" >> $HOME/.ssh2/identification
Keys generated on the mainframe are in the EBCDIC format. If you are
using public-key authentication against Windows or Unix servers you need
to convert the public key to the ASCII format. This can be done with the
iconv utility:
>iconv -t ISO8859-1 -f IBM-1047 userb-key.pub > userb-key_ascii.pub
If you are using public key authentication between two mainframes,
EBCDIC/ASCII conversion is not needed.
Copy the EBCDIC-format public key, /u/USERB/.ssh2/userb-key.pub, or
the converted public key, /u/USERB/.ssh2/userb-key_ascii.pub, to
your $HOME/.ssh2 directory on the remote machine and create the
authorization file that points to your public key on the remote machine:
>echo "Key userb-key.pub" >> $HOME/.ssh2/authorization
or
>echo "Key userb-key_ascii.pub" >> $HOME/.ssh2/authorization
To generate a key pair with a plaintext key that can be used in JCL and
in the TSO OMVS shell, add the -P option to the
ssh-keygen2 command:
>/usr/lpp/ssh2/bin/ssh-keygen2 -t rsa -b 1024 -P /u/USERB/.ssh2/userb-key
