Setting up Non-Interactive Server and User Authentication
The Secure Shell protocol used by the SSH Tectia Server for IBM z/OS provides mutual
authentication – the client authenticates the server and the server
authenticates the client. Both parties are assured of the identity of the
other party.
The Secure Shell server host can authenticate itself using either
traditional public-key authentication or certificate authentication.
Different methods can be used to authenticate Secure Shell client users.
These authentication methods can be combined or used separately,
depending on the level of functionality and security you want.
The SSH Tectia client on z/OS uses the following user authentication methods
by default (in order): public-key, keyboard-interactive, and password
authentication. In addition, the client supports host-based
authentication.
The SSH Tectia server on z/OS allows public-key and password authentication by
default. In addition, the server supports keyboard-interactive and host-based
authentication.
This chapter gives instructions for setting up non-interactive
authentication for server and user using public keys. For information
on the other authentication methods, see SSH Tectia Server for IBM z/OS Administrator
Manual.
Most of the examples in this chapter are executed from Unix shell (for
example, OMVS shell), but the same commands can also be run in JCL using
BPXBATCH.
