[Contents] [Index]

About This Document >>     Installing SSH Tectia Server for IBM z/OS >>     Getting Started with SSH Tectia Server for IBM z/OS >>     Configuring the Server >>     Authentication >>         Using the z/OS System Authorization Facility         Server Authentication with Public Keys in File >>             Defining Server Host Key             Generating the Server Host Key Pair             Using an OpenSSH Server Host Key             Notifying the Users of the Host Key Change         Server Authentication with Certificates >>         User Authentication with Passwords         User Authentication with Public Keys in File >>         User Authentication with Certificates >>         Host-Based User Authentication >>         User Authentication with Keyboard-Interactive     File Transfer Using SFTP >>     Secure File Transfer Using Transparent FTP Security >>     Tunneling >>     Troubleshooting SSH Tectia Server for IBM z/OS >>     Man Pages and Default Configuration Files >>     Log Messages >>

Defining Server Host Key

The key pair used for server authentication is defined on the server in the sshd2_config file with the following parameters:

HostkeyFile hostkey PublicHostKeyFile hostkey.pub

During the setup process, one RSA key pair (with the file names hostkey and hostkey.pub) is generated and stored in the /opt/tectia/etc/ directory. By default this key pair is used for server authentication. Make sure that only the user running sshd2 has access to the private key.

In SSH Tectia Server for IBM z/OS, each server daemon can have only one host key pair. This is different from SSH Tectia Server on other platforms.

By default, the server uses a public key with the filename of the private key plus the extension .pub. The PublicHostKeyFile keyword has to be defined only if the public-key file is stored with a different filename.