Your browser does not support HTML5 local storage or you have disabled it. Some functionality on this site, including saving your privacy settings and offering you special discounts, uses local storage and may not work with local storage disabled. We recommend allowing the use of local storage in your browser. In some browsers, it is the same setting used for disabling cookies.

SSH Tectia 
PreviousNextUp[Contents] [Index]

    About This Document >>
    Installing SSH Tectia Server for IBM z/OS >>
    Using SSH Tectia Server for IBM z/OS >>
    Configuring the Server >>
    Configuring the Client >>
    Authentication >>
    Troubleshooting SSH Tectia Server for IBM z/OS >>
    Examples of Use >>
        Secure File Transfers Using the z/OS Client>>
        Secure File Transfers Using Windows and Unix Clients>>
        Submitting JCL Jobs over Secure Shell
        Debugging SSH Tectia Server for IBM z/OS>>
        Example of Distributing Keys
            Mainframe Server Keys
            Remote Server Keys
            Mainframe User Keys
            Remote User Keys
    Man Pages >>
    Log Messages >>

Example of Distributing Keys

File transfer processing on mainframes is usually non-interactive. This means that the host keys of the remote servers must be stored in a way that user interaction is not needed during the batch process, and that users and processes use non-interactive authentication methods for user authentication.

This section contains some examples on storing multiple remote host keys to a common key store and setting up public-key authentication to multiple hosts using the key distribution tool included in the installation package. These examples are executed from Unix shell (for example, OMVS shell), but the same commands can also be run in JCL using BPXBATCH.

The example tool consists of two scripts, ssh-userkeygendist2.sh and ssh-1st-connect2.sh. Both scripts are installed to /usr/lpp/ssh2/doc/zOS/samples/. ssh-userkeygendist2.sh is the main script that is used on all examples. ssh-1st-connect.sh is a sub-script that is used by ssh-userkeygendist2.sh.

Before using the scripts, you need to add the /usr/lpp/ssh2/doc/zOS/samples to your PATH environment variable. On OMVS or other Unix shell, use the following commands:

> PATH=$PATH:/usr/lpp/ssh2/doc/zOS/samples
> export PATH

Or copy the scripts to a directory that is already in PATH, for example:

> cp /usr/lpp/ssh2/doc/zOS/samples/ssh*.sh /usr/lpp/ssh2/bin/

Your current PATH can be seen with command:

> echo $PATH

The usage of ssh-userkeygendist2.sh is the following:

Usage: ssh-userkeygendist2.sh [options] host [[options] [host]] ...

Options:
-u, --remote-user remote_user           The default is local username.

-W, --ssh2-windows       The remote host is running Windows and its ssh 
                         client is SSH Tectia.

-S, --ssh2-unix          The remote host is running Unix and its ssh 
                         client is SSH Tectia.

-O, --openssh-unix       The remote host is running Unix and its ssh 
                         client is OpenSSH.

-Z, --ssh2-zos           The remote host is running z/OS and its ssh 
                         client is SSH Tectia.

-H, --hostlist-file hostlist_file       File contains hostnames or 
                                        username/hostname pairs.

-p, --password-file                     File contains password used 
                                        for authentication.

-P, --empty-passphrase                  Assume empty passphrase when 
                                        generating key pair.

-d, --allow-keygen-overwrite            Allow ssh-keygen2 to overwrite 
                                        an existing key pair.

-t, --key-type dsa|rsa                  Type of the generated key

-b, --key-bits bits                     Length of the generated key

-f, --pubkey-file public_key_file       Disable key pair generation, 
                                        distribute this key instead.

-a, --accept-new-host-keys              Automatically accept new hostkeys. 
                                        Use with care.

-N, --only-accept-new-host-keys         Only accept the hostkeys. Do not 
                                        generate or distribute user keys.

-A, --accepted-host-key-log log_file    Log file of accepted new hostkeys

-n, --do-not-execute                    Print the commands but do not 
                                        execute them.

-v, --verbose                           Use verbose mode.

Mainframe Server Keys

Remote Server Keys

Mainframe User Keys

Remote User Keys

PreviousNextUp[Contents] [Index]


[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]

Copyright © 2006 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Copyright Notice

===AUTO_SCHEMA_MARKUP===