[Contents] [Index]

About This Document >>     Installing SSH Tectia Server for IBM z/OS >>     Getting Started with SSH Tectia Server for IBM z/OS >>     Configuring the Server >>     Configuring the Client >>     Authentication >>         Using the z/OS System Authorization Facility         Server Authentication with Public Keys in File >>         Server Authentication with Certificates >>         User Authentication with Passwords         User Authentication with Public Keys in File >>             Using Public-Key Authentication from z/OS Client             Using Public-Key Authentication from Windows Client to z/OS Server             Using Public-Key Authentication from Unix Client to z/OS Server             z/OS Server Configuration             Optional Configuration Settings         User Authentication with Certificates >>         Host-Based User Authentication >>         User Authentication with Keyboard-Interactive >>         Distributing Public Keys Using the Key Distribution Tool >>     Transferring Files >>     Tunneling >>     Troubleshooting SSH Tectia Server for IBM z/OS >>     Advanced Information >>     Man Pages >>     Log Messages >>

Using Public-Key Authentication from Unix Client to z/OS Server

In this example, SSH Tectia Client 5.1 is used. For more information, see SSH Tectia Client 5.x User Manual.

1. Create a key pair using ssh-keygen-g3. For non-interactive use, the key can be generated without a passphrase with the -P option.

   $ ssh-keygen-g3 -t rsa -b 1024 -P $HOME/.ssh2/unix_key Generating 1024-bit rsa key pair 5 oOo.oOo.oOo. Key generated. 1024-bit rsa, testuser@unix_server, Tue Jul 11 2006 14:49:51 +0300 Private key saved to /home/testuser//.ssh2/unix_key Public key saved to /home/testuser//.ssh2/unix_key.pub

2. Create an identification file in your $HOME/.ssh2 directory on the Unix Client, for example:

   $ cd $HOME/.ssh2 $ echo "IdKey unix_key" >> identification $ cat identification IdKey unix_key

3. Create a remote .ssh2 directory (if it does not exist already).

   $ssh2 testuser@tectia_mf_server mkdir .ssh2
   

4. Copy your public key to the remote z/OS Server.

   $ scpg3 unix_key.pub \
   testuser@zos:/ftadv:C=ISO8859-1,D=IBM-1047,X=TEXT/.ssh2/unix_key.pub
   

5. Create an authorization file on the remote z/OS Server.

   $sshg3 testuser@zos "echo Key unix_key.pub >> .ssh2/authorization"
   

6. Make sure that public-key authentication is allowed in the Connection Broker configuration on Client, in the default settings and in the relevant connection profile (it is allowed by default).