Generating the Server Host Key Pair
The host public-key pair (1536-bit RSA) is generated during the setup of
SSH Tectia Server (Section Running the Setup Script).
You only need to regenerate it if you want to change your host key pair.
SSH Tectia Server for IBM z/OS includes a program that generates a key pair, ssh-keygen-g3,
which is located in /opt/tectia/bin.
Generate the key pair for the server in such a way that the private key
has no passphrase (option -P). The server will then start up
without any operator interaction to enter a passphrase. Protect the key
with file system access rules. The private key (/opt/tectia/etc/hostkey)
must be accessible only by the SSHD2 user.
To (re)generate the host key, perform the following tasks:
- Use
su to switch to a UID 0 user (if you are not already logged in as one).
- Run
ssh-keygen-g3 to generate the host key, for example:
# /opt/tectia/bin/ssh-keygen-g3 -t rsa -P /opt/tectia/etc/hostkey
This will generate a 2048-bit RSA key pair without a passphrase and store
it under /opt/tectia/etc. For more information on the key generation
options, see the ssh-keygen-g3 man page.
- Restart the server as instructed in Section
Restarting sshd2.
