Example of Distributing Keys
This section describes one way to distribute keys for secure file transfer
using SSH Tectia Server for IBM z/OS in the central location and SSH Tectia Server or another Secure Shell server
and client products in the remote locations.
The processing on the mainframe is non-interactive. Public-key pair with a
null passphrase is used for the SSH Tectia server on the mainframe and can be used
also for the SSH Tectia client users on the mainframe - the key security is
handled by local file access control using the local security product. RACF
is used in this example, but TSS and ACF2 are equally applicable. The Secure
Shell servers on the remote hosts use public-key pairs with a null
passphrase. This is the customary way of setting up any Secure Shell server.
The users on the remote machines authenticate themselves by presenting
their RACF user ID and password.
In this example, it is assumed that there is a centralized organization that
administers keys and passwords and call it the Mainframe Security Group and that each remote machine has a responsible
administrator, the Remote Security Officer.
The method presented here attempts to be straightforward and executes
several of the steps on the mainframe under the batch user accounts. Other
methods might run some of the steps under an administrator account or use
a Unix or Linux machine to administer the keys.
The sample tools ssh-hostkey-probe and ssh-userkeygendist2.sh
are available separately. Contact SSH Technical Support at
http://support.ssh.com/.
