Your browser does not allow storing cookies. We recommend enabling them.

SSH Tectia 
PreviousNextUp[Contents] [Index]

    About This Document >>
    Installing SSH Tectia Server (M) >>
        System Requirements
        Directories and Datasets>>
        Installing the SSH Tectia Server (M) Software >>
            Required Permissions
            Preparing the System
            Unpacking the Archive
            Creating the SSHD2 User
            Creating the /usr/lpp/ssh2 Directory
            Running the Setup Script
            Creating the Server Host Key Pair
            Enabling Manual Pages
            Securing the Server
        Upgrading the SSH Tectia Server (M) Software
        Removing the SSH Tectia Server (M) Software
    Using SSH Tectia Server (M) >>
    Troubleshooting SSH Tectia Server (M) >>
    Configuration >>
    Authentication >>
    Application Tunneling >>
    Sample Files >>
    Man Pages
    Log Messages >>

Creating the Server Host Key Pair

The server must have, and client users may have, a key pair consisting of a private key and a public key for authentication. You must secure the private key so that only the user running sshd2 has access to it. A certificate containing the public key may be used instead of the public key.

SSH Tectia Server (M) includes a program that generates a key pair, ssh-keygen2, which is in /usr/lpp/ssh2/bin. The setup script creates a key pair for the server unless a key pair is already available as /etc/ssh2/hostkey and /etc/ssh2/ A new server key can be created also manually if necessary.

Creating a Key Pair Manually

The server key pair can be created as a separate operation before or after running the setup script.

Create the directory /etc/ssh2 if it does not already exist.

Generate the key pair for the server in such a way that the private key has no passphrase (option -P). The server will then start up without any operator interaction to enter a passphrase. Protect the key with file system access rules. The private key (/etc/ssh2/hostkey) must be accessible only by the SSHD2 user.

The utility ssh-keygen2 may be used to generate the key pair. Switch to the SSHD2 user (if not already) and enter the command:

>/usr/lpp/ssh2/bin/ssh-keygen2 -t rsa -b 1024 -P /etc/ssh2/hostkey

This will create a new 1024-bit RSA key pair and store it under /etc/ssh2.

PreviousNextUp[Contents] [Index]

[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]

Copyright © 2005 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Copyright Notice




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now