Remote Server Keys
The SSH Tectia clients on the mainframe must have remote server public
keys or public key hash values available in order to authenticate the
remote server they are connecting to. The keys or key hash values can be
stored in the mainframe user's $HOME/.ssh2/hostkeys directory
or in the /etc/ssh2/hostkeys directory which is common for all
the users. The example hostkey tool can be used to retrieve multiple
remote host keys and store the key hash values to user's host key
directory. Separate steps are needed if the administrator wants to store these
key hash values also to system-wide key store that is available for all
the users.
For more information about hashed host key format and usage of the
system-wide key store, see Section Server Authentication with Public Keys.
Example 1: Fetching multiple host keys in verbose more and
storing the log under /tmp.
> ssh-userkeygendist2.sh -v -N -A /tmp/newhosts.log host1 host2 host3 host4
The host keys are copied under $HOME/.ssh2/hostkeys. If the
administrator wants to use those keys for all users, key hashes and the salt
file need to be copied to global key store /etc/ssh2/hostkeys.
> mkdir /etc/ssh2/hostkeys
> cp $HOME/.ssh2/hostkeys/* /etc/ssh2/hostkeys
> chmod 755 /etc/ssh2/hostkeys
> chmod 644 /etc/ssh2/hostkeys/*
Example2:
Fetching host keys using a hostlist file.
The format of the hostlist file is the following:
host1.company.com
host2.company.com
host3.company.com
|
The commands are the following:
> ssh-userkeygendist2.sh -N -A /tmp/newhosts.log -H /home/userid/hostlist.txt
