The host public-key pair (1536-bit RSA) is generated during the setup of Tectia Server (Running the Setup Script). You only need to regenerate it if you want to change your host key pair.
Tectia Server for IBM z/OS includes a program that generates a key pair,
ssh-keygen-g3
, which is located in
/opt/tectia/bin
.
Generate the key pair for the server in such a way that the private
key has no passphrase (option -P
). The server will then
start up without any operator interaction to enter a passphrase. Protect the
key with file system access rules. The private key
(/opt/tectia/etc/hostkey
) must be accessible only by
the SSHD2
user.
To (re)generate the host key, perform the following tasks:
Use su
to switch to a UID 0 user (if you are not
already logged in as one).
Run ssh-keygen-g3
to generate the host key, for
example:
# /opt/tectia/bin/ssh-keygen-g3 -t rsa -P /opt/tectia/etc/hostkey
This will generate a 2048-bit RSA key pair without a passphrase and
store it under /opt/tectia/etc
. For more information on the
key generation options, see the ssh-keygen-g3
man
page.
Restart the server as instructed in Restarting and Stopping sshd2
.