The server must have, and client users may have, a key pair consisting of a private key and a public key for authentication. You must secure the private key so that only the user running sshd2 has access to it. A certificate containing the public key may be used instead of the public key.
SSH Tectia Server (M) includes a program that generates a key pair, ssh-keygen2, which is in /usr/lpp/ssh2/bin. The setup script creates a key pair for the server unless a key pair is already available as /etc/ssh2/hostkey and /etc/ssh2/hostkey.pub. A new server key can be created also manually if necessary.
Creating a Key Pair Manually
The server key pair can be created as a separate operation before or after running the setup script.
Create the directory /etc/ssh2 if it does not already exist.
Generate the key pair for the server in such a way that the private key has no passphrase (option -P). The server will then start up without any operator interaction to enter a passphrase. Protect the key with file system access rules. The private key (/etc/ssh2/hostkey) must be accessible only by the SSHD2 user.
The utility ssh-keygen2 may be used to generate the key pair. Switch to the SSHD2 user (if not already) and enter the command: