|
     |
In addition to the standard IETF SecSh keys used by Tectia, Tectia Server for IBM z/OS accepts OpenSSH public keys for user authentication. For more information on OpenSSH configuration, see OpenSSH documentation.
To enable public-key authentication from OpenSSH client on Unix to Tectia Server on z/OS:
Create a key pair using ssh-keygen, for example:
$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/ClientUser/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/ClientUser/.ssh/id_rsa. Your public key has been saved in /home/ClientUser/.ssh/id_rsa.pub. The key fingerprint is: 72:e7:68:3b:b6:cb:95:33:46:e8:46:e0:aa:4e:94:cd ClientUser@openssh.example.com The key's randomart image is: +--[ RSA 2048]----+ | | | | | . | | + . . . | | o E o S o | | . . = = . | | . . = B | | . . +o+ o | | .o .=+ | +-----------------+
To create the key without a passphrase, hit enter when prompted to enter the passphrase.
When the key is created with default file name (id_rsa), it is
automatically used in public-key authentication attempts.
Create a .ssh2 directory on Server_zos (if it does not
exist already):
$ ssh ServerUser@Server_zos mkdir .ssh2
Copy your public key to the remote Server_zos using
sftp:
$ sftp ServerUser@Server_zos sftp> put id_rsa.pub /ftadv:C=ISO8859-1,D=IBM-1047,X=TEXT/.ssh2/id_rsa.pub
Create an authorization file on the remote
Server_zos.
$ ssh ServerUser@Server_zos "echo Key id_rsa.pub >> .ssh2/authorization"
Make sure that public-key authentication is allowed in the OpenSSH client
configuration on Client (it is allowed by default).
| |
Copyright 
2015 SSH Communications Security Corporation
This software is protected by international copyright laws. All rights reserved.
Contact Information