SSH Tectia 
PreviousNextUp[Contents] [Index]

    About This Document >>
    Installing SSH Tectia Server for IBM z/OS >>
    Using SSH Tectia Server for IBM z/OS >>
    Configuring the Server >>
    Configuring the Client >>
    Authentication >>
    Troubleshooting SSH Tectia Server for IBM z/OS >>
    Examples of Use >>
        Secure File Transfers Using the z/OS Client>>
        Secure File Transfers Using Windows and Unix Clients>>
        Submitting JCL Jobs over Secure Shell
        Debugging SSH Tectia Server for IBM z/OS>>
        Example of Distributing Keys
            Mainframe Server Keys
            Remote Server Keys
            Mainframe User Keys
            Remote User Keys
    Man Pages >>
    Log Messages >>

Example of Distributing Keys

This section describes one way to distribute keys for secure file transfer using SSH Tectia Server for IBM z/OS in the central location and SSH Tectia Server or another Secure Shell server and client products in the remote locations.

The processing on the mainframe is non-interactive. Public-key pair with a null passphrase is used for the SSH Tectia server on the mainframe and can be used also for the SSH Tectia client users on the mainframe - the key security is handled by local file access control using the local security product. RACF is used in this example, but TSS and ACF2 are equally applicable. The Secure Shell servers on the remote hosts use public-key pairs with a null passphrase. This is the customary way of setting up any Secure Shell server.

The users on the remote machines authenticate themselves by presenting their RACF user ID and password.

In this example, it is assumed that there is a centralized organization that administers keys and passwords and call it the Mainframe Security Group and that each remote machine has a responsible administrator, the Remote Security Officer.

The method presented here attempts to be straightforward and executes several of the steps on the mainframe under the batch user accounts. Other methods might run some of the steps under an administrator account or use a Unix or Linux machine to administer the keys.

The sample tools ssh-hostkey-probe and ssh-userkeygendist2.sh are available separately. Contact SSH Technical Support at http://support.ssh.com/.

Mainframe Server Keys

Remote Server Keys

Mainframe User Keys

Remote User Keys

PreviousNextUp[Contents] [Index]


[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]

Copyright © 2006 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Copyright Notice