SSH Tectia  
Previous Next Up [Contents] [Index]

    About This Document >>
    Installing SSH Tectia Server for IBM z/OS >>
    Getting Started with SSH Tectia Server for IBM z/OS >>
    Configuring the Server >>
    Authentication >>
        Using the z/OS System Authorization Facility
        Server Authentication with Public Keys in File >>
            Defining Server Host Key
            Generating the Server Host Key Pair
            Using an OpenSSH Server Host Key
            Notifying the Users of the Host Key Change
        Server Authentication with Certificates >>
        User Authentication with Passwords
        User Authentication with Public Keys in File >>
        User Authentication with Certificates >>
        Host-Based User Authentication >>
        User Authentication with Keyboard-Interactive
    File Transfer Using SFTP >>
    Secure File Transfer Using Transparent FTP Security >>
    Tunneling >>
    Troubleshooting SSH Tectia Server for IBM z/OS >>
    Man Pages and Default Configuration Files >>
    Log Messages >>

Generating the Server Host Key Pair

The host public-key pair (1536-bit RSA) is generated during the setup of SSH Tectia Server (Section Running the Setup Script). You only need to regenerate it if you want to change your host key pair.

SSH Tectia Server for IBM z/OS includes a program that generates a key pair, ssh-keygen-g3, which is located in /opt/tectia/bin.

Generate the key pair for the server in such a way that the private key has no passphrase (option -P). The server will then start up without any operator interaction to enter a passphrase. Protect the key with file system access rules. The private key (/opt/tectia/etc/hostkey) must be accessible only by the SSHD2 user.

To (re)generate the host key, perform the following tasks:

  1. Use su to switch to a UID 0 user (if you are not already logged in as one).
  2. Run ssh-keygen-g3 to generate the host key, for example:
    # /opt/tectia/bin/ssh-keygen-g3 -t rsa -P /opt/tectia/etc/hostkey
    

    This will generate a 2048-bit RSA key pair without a passphrase and store it under /opt/tectia/etc. For more information on the key generation options, see the ssh-keygen-g3 man page.

  3. Restart the server as instructed in Section Restarting sshd2.

Previous Next Up [Contents] [Index]


[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]

Copyright © 2011 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Copyright Notice