From Tectia Client on Unix to Tectia Server on z/OS

These instructions apply to Tectia Client and Tectia ConnectSecure on Unix. For more information, see Tectia Client User Manual or Tectia ConnectSecure Administrator Manual.

To enable public-key authentication from Tectia Client on Unix to Tectia Server on z/OS:

  1. Create a key pair using ssh-keygen-g3. For non-interactive use, the key can be generated without a passphrase with the -P option. The -t option can be used to specify the key type (the default is DSA).

    $ ssh-keygen-g3 -t rsa -P $HOME/.ssh2/unix_key
    Generating 2048-bit rsa key pair
       9 .oOo.oOo.oOo
    Key generated.
    2048-bit rsa, ClientUser@tectia_unix, Tue Nov 11 2014 10:43:23 +0200
    Private key saved to /home/ClientUser/.ssh2/unix_key
    Public key saved to /home/ClientUser/.ssh2/
  2. Create a remote .ssh2 directory on Server_zos (if it does not exist already):

    $ sshg3 ServerUser@Server_zos mkdir .ssh2
  3. Copy your public key to the remote Server_zos:

    $ scpg3 -a \
  4. Create an authorization file on the remote Server_zos.

    $ sshg3 ServerUser@Server_zos "echo Key >> .ssh2/authorization"
  5. Make sure that public-key authentication is allowed in the Connection Broker configuration on Client, in the default settings and in the relevant connection profile (it is allowed by default).