[Contents] [Index]

About This Document >>     Installing SSH Tectia Server for IBM z/OS >>     Getting Started with SSH Tectia Server for IBM z/OS >>     Configuring the Server >>     Authentication >>         Using the z/OS System Authorization Facility         Server Authentication with Public Keys in File >>         Server Authentication with Certificates >>         User Authentication with Passwords         User Authentication with Public Keys in File >>             Enabling Public-Key Authentication             Using the Authorization File             Using Keys Generated with OpenSSH         User Authentication with Certificates >>         Host-Based User Authentication >>         User Authentication with Keyboard-Interactive     System Administration >>     File Transfer Using SFTP >>     Secure File Transfer Using Transparent FTP Security >>     Tunneling >>     Troubleshooting SSH Tectia Server for IBM z/OS >>     Man Pages and Default Configuration Files >>     Log Messages >>

Using Keys Generated with OpenSSH

If the user has an existing OpenSSH authorized_keys file on the server, the ssh-keygen-g3 tool can be used to import the OpenSSH authorized_keys file and to configure the authorization file, for example:

SERVER> ssh-keygen-g3 --import-ssh1-authorized-key $HOME/.ssh/authorized_keys $HOME/.ssh2/authorization Imported key /home/user/.ssh/authorized_keys:1 to /home/user/.ssh2/imported-437b1a07-1.pub and added to authorization file /home/user/.ssh2/authorization Imported key /home/user/.ssh/authorized_keys:2 to /home/user/.ssh2/imported-437b1a07-2.pub and added to authorization file /home/user/.ssh2/authorization

For more information on the ssh-keygen-g3 options, see the ssh-keygen-g3 man page.

Alternatively, the administrator of SSH Tectia Server may enable AuthorizedKeysFile in the server configuration file /opt/tectia/etc/sshd2_config, for example as follows:

AuthorizedKeysFile %D/.ssh/authorized_keys

SSH Tectia Server will check the defined AuthorizedKeysFile in addition to the user's AuthorizationFile (by default $HOME/.ssh2/authorization). Note that the AuthorizationFile has precedence over AuthorizedKeysFile if the same key is defined in both.