SSH Tectia 
PreviousNextUp[Contents] [Index]

    About This Document >>
    Installing SSH Tectia Server for IBM z/OS >>
    Using SSH Tectia Server for IBM z/OS >>
    Configuring the Server >>
    Configuring the Client >>
    Authentication >>
    Troubleshooting SSH Tectia Server for IBM z/OS >>
    Examples of Use >>
        Secure File Transfers Using the z/OS Client>>
        Secure File Transfers Using Windows and Unix Clients>>
        Submitting JCL Jobs over Secure Shell
        Debugging SSH Tectia Server for IBM z/OS>>
        Example of Distributing Keys >>
            Mainframe Server Keys
            Remote Server Keys
            Mainframe User Keys
            Remote User Keys
    Man Pages >>
    Log Messages >>

Remote Server Keys

The remote Secure Shell servers generate public-key pairs for themselves when the software is installed.

The SSH Tectia clients on the mainframe must have the remote server public keys available in order to authenticate the remote server they are connecting to. The keys can be stored in the mainframe user's $HOME/.ssh2/hostkeys directory or in the /etc/ssh2/hostkeys directory which is common for all the users. Here it is assumed that the common directory will be used. The directory will be copied to all the mainframe systems that need the keys.

A remote server public key can be downloaded manually with an initial interactive connection with Secure Shell. The SSH Tectia client programs on mainframe do not allow entering remote passwords in the OMVS shell, so this connection in most easily done from a Telnet or a Secure Shell session. The SSH Tectia client program stores the key in the user's .ssh2 directory. It can be copied from there to /etc/ssh2/hostkeys.

An automated method is available to download the server keys of a large number of remote servers. The ssh-hostkey-probe program will access the remote machines (the Secure Shell servers must be running) and download the keys. The program reads a file containing the hostnames of the remote machines. Note that if a server will be accessed with different names, for example sometimes with the DNS hostname and sometimes with the IP address, all the names must be entered in the file on separate lines.

The downloaded remote server public keys should be checked. Their fingerprints should be printed with ssh-keygen2 and compared to the fingerprints printed at the remote sites. For more information, see Client Configuration.

PreviousNextUp[Contents] [Index]


[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]

Copyright © 2006 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Copyright Notice