SSH: Distributing Public Keys Using the Key Distribution Tool

[Contents] [Index]

    About This Document >>
    Installing SSH Tectia Server for IBM z/OS >>
    Getting Started with SSH Tectia Server for IBM z/OS >>
    Configuring the Server >>
    Configuring the Client >>
    Authentication >>
        Using the z/OS System Authorization Facility
        Server Authentication with Public Keys in File >>
        Server Authentication with Certificates >>
        User Authentication with Passwords
        User Authentication with Public Keys in File >>
        User Authentication with Certificates >>
        Host-Based User Authentication >>
        User Authentication with Keyboard-Interactive >>
        Distributing Public Keys Using the Key Distribution Tool
            Distributing Mainframe Server Keys
            Fetching Remote Server Keys
            Distributing Mainframe User Keys
            Distributing Remote User Keys
    File Transfer Using SFTP >>
    File Transfer Using Transparent FTP Tunneling >>
    Tunneling on the Command Line >>
    Troubleshooting SSH Tectia Server for IBM z/OS >>
    Advanced Information >>
    Man Pages >>
    Log Messages >>

Distributing Public Keys Using the Key Distribution Tool

File transfer processing on mainframes is usually non-interactive. This means that the host keys of the remote servers must be stored in a way that user interaction is not needed during the batch process, and that both users and processes use non-interactive authentication methods for user authentication.

The key distribution tool, /usr/lpp/ssh2/bin/ssh-keydist2, can be used for storing multiple remote host keys to user-specific or common key store and setting up public-key authentication to multiple hosts.

The tool uses sub-script /usr/lpp/ssh2/bin/ssh-1st-connect2 for receiving remote host keys.

The tool calls /usr/lpp/ssh2/bin/ssh-keygen2 when creating new key pairs.

For more infromation on the ssh-keydist2 options, see Appendix ssh-keydist2.

Most of the examples in this section are executed from Unix shell (for example, OMVS shell), but the same commands can also be run in JCL using BPXBATCH.