From SSH Tectia Client on Unix to SSH Tectia Server on z/OS

The instructions apply to SSH Tectia Client (5.1 and later) and SSH Tectia ConnectSecure on Unix. For more information, see SSH Tectia Client User Manual or SSH Tectia ConnectSecure Administrator Manual.

To enable public-key authentication from SSH Tectia Client on Unix to SSH Tectia Server on z/OS:

Create a key pair using ssh-keygen-g3. For non-interactive use, the key can be generated without a passphrase with the -P option.

$ ssh-keygen-g3 -t rsa -b 1536 -P $HOME/.ssh2/unix_key
Generating 1536-bit rsa key pair
   5 oOo.oOo.oOo.
Key generated.
1536-bit rsa, ClientUser@tectia_unix, Tue Jul 11 2006 14:49:51 +0300
Private key saved to /home/ClientUser/.ssh2/unix_key
Public key saved to /home/ClientUser/.ssh2/unix_key.pub

Create a remote .ssh2 directory on the z/OS Server (if it does not exist already):
```
$ sshg3 ServerUser@Server_zos mkdir .ssh2
```

Copy your public key to the remote z/OS Server:

$ scpg3 -a unix_key.pub \
ServerUser@Server_zos:˜/.ssh2/unix_key.pub

Create an authorization file on the remote z/OS Server.

$ sshg3 ServerUser@Server_zos "echo Key unix_key.pub >> .ssh2/authorization"

Make sure that public-key authentication is allowed in the Connection Broker configuration on Client, in the default settings and in the relevant connection profile (it is allowed by default).