[Contents] [Index]

About This Document >>     Installing SSH Tectia Server for IBM z/OS >>     Getting Started with SSH Tectia Server for IBM z/OS >>     Configuring the Server >>     Configuring the Client >>     Authentication >>     File Transfer Using SFTP >>     File Transfer Using Transparent FTP Tunneling >>     Tunneling on the Command Line >>     Troubleshooting SSH Tectia Server for IBM z/OS >>     Advanced Information >>     Man Pages >>         scp2         sftp2         ssh-add2         ssh-agent2         ssh-socks-proxy >>         ssh-socks-proxy-config >>         ssh-socks-proxy-ctl >>         ssh-certd         ssh_certd_config         ssh-certview >>         ssh-cmpclient >>         ssh-dummy-shell         ssh-ekview         ssh-externalkeys         ssh-keydist2 >>             Synopsis             Description             Options             Examples         ssh-keygen2         ssh-probe2         ssh-scepclient >>         ssh-sft-stage         ssh2         ssh2_config         sshd-check-conf         sshd2         sshd2_config         sshd2_subconfig         sshregex     Log Messages >>

Examples

Example 1: Connect to multiple hosts, fetch their host keys in hashed (default) format, and save them under the user's $HOME/.ssh2/hostkeys directory. Save the host key hash values with both the specified hostname and the IP address of the host. Store a log under /tmp.

> ssh-keydist2 -N -i -A /tmp/newhosts.log host1 host2 host3

Example 2: Connect to multiple hosts defined in the hostlist.txt file, fetch their host keys in plain format, and save them under both the user's $HOME/.ssh2/hostkeys directory and the system-wide /etc/ssh2/hostkeys directory. Running the command requires administrator privileges.

> ssh-keydist2 -N -F plain -g -H /home/userid/hostlist.txt

The keys are stored with the names specified in the host list file. For example, the following list would specify storing the keys with FQDN and also connecting to port 222 on host1.example.com:

host1.example.com host1.example.com#222 host2.example.com host3.example.com

Example 3: Create a 1024-bit DSA key with an empty passphrase, and upload it to a Unix server running OpenSSH, including the necessary conversions. Public-key upload uses password-from-file for authentication.

> ssh-keydist2 -t dsa -b 1024 -P -d -p /home/userid/passwd_file \
   -u user1 -O open_server.example.com

Example 4: Create a 1536-bit RSA key with an empty passphrase, and upload it to multiple servers, including the necessary conversions. Public-key upload uses password-from-file for authentication. Note that only one password file can be defined. This means that all remote hosts must have the same password.

> ssh-keydist2 -t rsa -b 1536 -P -d \ 
   -p /home/userid/passwd_file \
   -S -u user1 tectia_unix.example.com \ 
   -W -u user2 tectia_win.example.com \
   -Z -u user3 tectia_zos.example.com \
   -O -u user1 open_server.example.com \

Example 5: Distribute an existing RSA public key to several hosts using host lists. Accept new server host keys automatically and store the log under /tmp.

The host lists need to be grouped so that all SSH Tectia Unix, SSH Tectia Windows, SSH Tectia z/OS, and OpenSSH hosts are in different host files, for example tectiaunix_hostlist.txt, tectiazos_hostlist.txt, openssh_hostlist.txt, each host list defined in the following way:

userid1/host1.example.com userid2/host2.example.com userid3/host3.example.com

Note that only one password file can be defined. This means that all remote hosts must have the same password.

The command is as follows:

> ssh-keydist2 -f /home/userid/.ssh2/id_rsa_1024_a.pub \
   -p /home/userid/passwd_file -a -F plain -A /tmp/newhosts.log \
   -S -H tectiaunix_hostlist.txt \
   -Z -H tectiazos_hostlist.txt \
   -O -H openssh_hostlist.txt