Creating the Server Host Key Pair
The server must have, and client users may have, a key pair consisting of a private key and a public key for authentication. You must secure the private key so that only the user running
sshd2 has access to it. A certificate containing the public key may be used instead of the public key.
SSH Tectia Server (M) includes a program that generates a key pair,
ssh-keygen2, which is in
/usr/lpp/ssh2/bin. The setup script creates a key pair for the server unless a key pair is already available as
/etc/ssh2/hostkey.pub. A new server key can be created also manually if necessary.
Creating a Key Pair Manually
The server key pair can be created as a separate operation before or after running the setup script.
Create the directory
/etc/ssh2 if it does not already exist.
Generate the key pair for the server in such a way that the private key has no passphrase (option
-P). The server will then start up without any operator interaction to enter a passphrase. Protect the key with file system access rules. The private key (
/etc/ssh2/hostkey) must be accessible only by the
ssh-keygen2 may be used to generate the key pair. Switch to the
SSHD2 user (if not already) and enter the command:
>/usr/lpp/ssh2/bin/ssh-keygen2 -t rsa -b 1024 -P /etc/ssh2/hostkey
This will create a new 1024-bit RSA key pair and store it under