| | |
| ||
| ||
     |
Public-key authentication is based on the use of digital signatures. Each user creates a pair of key files. One of these key files is the user's public key, and the other is the user's private key. The server knows the user's public key, and only the user has the private key.
When the user tries to authenticate, the client sends a signature to the server, and the server checks for matching public keys. If the key is protected with a passphrase, the server requests the user to enter the passphrase.
![[Caution]](images/caution.gif) | Caution |
|---|---|
Do not store your private keys in a location accessible to other users. |
To use public-key authentication with SSH Tectia client tools for z/OS, do the following actions:
Generate a key pair with ssh-keygen-g3 (see Creating Keys with ssh-keygen-g3 on z/OS).
Upload your public key to the remote host computer (see Uploading Public Keys from z/OS to Remote Host).
For instructions on using public-key authentication to connect from other hosts to SSH Tectia Server for IBM z/OS, see Using Public-Key Authentication from Other Hosts to z/OS.
In the following instructions, Server is the remote host
running the Secure Shell server that you are trying to connect to.
ServerUser is the username on Server that you are
logging in as. Client is the host running the Secure Shell
client (SSH Tectia client tools for z/OS). ClientUser is the username on
Client that should be allowed to log in to Server
as ServerUser. See Figure 4.2.
The instructions assume that ClientUser is allowed to log
in to Server as ServerUser using some other
authentication method (usually password).
| |
Copyright 
2011 Tectia Corporation
This software is protected by international copyright laws. All rights reserved.
Contact Information
