The key pair used for server authentication is defined on the server in the sshd2_config file with the following parameters:

HostkeyFile              hostkey
PublicHostKeyFile        hostkey.pub

During the setup process, one RSA key pair (with the file names hostkey and hostkey.pub) is generated and stored in the /opt/tectia/etc/ directory. By default this key pair is used for server authentication. Make sure that only the user running sshd2 has access to the private key.

In Tectia Server for IBM z/OS, each server daemon can have only one host key pair. This is different from Tectia Server on other platforms.

By default, the server uses a public key with the filename of the private key plus the extension .pub. The PublicHostKeyFile keyword has to be defined only if the public-key file is stored with a different filename.