From Tectia Client on Unix to Tectia Server on z/OS

The instructions apply to Tectia Client (5.1 and later) and Tectia ConnectSecure on Unix. For more information, see Tectia Client User Manual or Tectia ConnectSecure Administrator Manual.

To enable public-key authentication from Tectia Client on Unix to Tectia Server on z/OS:

Create a key pair using ssh-keygen-g3. For non-interactive use, the key can be generated without a passphrase with the -P option.

$ ssh-keygen-g3 -t rsa -b 1536 -P $HOME/.ssh2/unix_key
Generating 1536-bit rsa key pair
   5 oOo.oOo.oOo.
Key generated.
1536-bit rsa, ClientUser@tectia_unix, Tue Jul 11 2006 14:49:51 +0300
Private key saved to /home/ClientUser/.ssh2/unix_key
Public key saved to /home/ClientUser/.ssh2/unix_key.pub

Create a remote .ssh2 directory on the z/OS Server (if it does not exist already):
```
$ sshg3 ServerUser@Server_zos mkdir .ssh2
```

Copy your public key to the remote z/OS Server:

$ scpg3 -a unix_key.pub \
ServerUser@Server_zos:˜/.ssh2/unix_key.pub

Create an authorization file on the remote z/OS Server.

$ sshg3 ServerUser@Server_zos "echo Key unix_key.pub >> .ssh2/authorization"

Make sure that public-key authentication is allowed in the Connection Broker configuration on Client, in the default settings and in the relevant connection profile (it is allowed by default).