Your browser does not allow storing cookies. We recommend enabling them.

SSH Tectia 
PreviousNextUp[Contents] [Index]

    About This Document >>
    Installing SSH Tectia Server for IBM z/OS >>
    Using SSH Tectia Server for IBM z/OS >>
    Configuring the Server >>
    Configuring the Client >>
    Authentication >>
    Troubleshooting SSH Tectia Server for IBM z/OS >>
    Examples of Use >>
        Secure File Transfers Using the z/OS Client>>
        Secure File Transfers Using Windows and Unix Clients>>
        Submitting JCL Jobs over Secure Shell
        Debugging SSH Tectia Server for IBM z/OS>>
        Example of Distributing Keys
            Mainframe Server Keys
            Remote Server Keys
            Mainframe User Keys
            Remote User Keys
    Man Pages >>
    Log Messages >>

Example of Distributing Keys

File transfer processing on mainframes is usually non-interactive. This means that the host keys of the remote servers must be stored in a way that user interaction is not needed during the batch process, and that users and processes use non-interactive authentication methods for user authentication.

This section contains some examples on storing multiple remote host keys to a common key store and setting up public-key authentication to multiple hosts using the key distribution tool included in the installation package. These examples are executed from Unix shell (for example, OMVS shell), but the same commands can also be run in JCL using BPXBATCH.

The example tool consists of two scripts, and Both scripts are installed to /usr/lpp/ssh2/doc/zOS/samples/. is the main script that is used on all examples. is a sub-script that is used by

Before using the scripts, you need to add the /usr/lpp/ssh2/doc/zOS/samples to your PATH environment variable. On OMVS or other Unix shell, use the following commands:

> PATH=$PATH:/usr/lpp/ssh2/doc/zOS/samples
> export PATH

Or copy the scripts to a directory that is already in PATH, for example:

> cp /usr/lpp/ssh2/doc/zOS/samples/ssh*.sh /usr/lpp/ssh2/bin/

Your current PATH can be seen with command:

> echo $PATH

The usage of is the following:

Usage: [options] host [[options] [host]] ...

-u, --remote-user remote_user           The default is local username.

-W, --ssh2-windows       The remote host is running Windows and its ssh 
                         client is SSH Tectia.

-S, --ssh2-unix          The remote host is running Unix and its ssh 
                         client is SSH Tectia.

-O, --openssh-unix       The remote host is running Unix and its ssh 
                         client is OpenSSH.

-Z, --ssh2-zos           The remote host is running z/OS and its ssh 
                         client is SSH Tectia.

-H, --hostlist-file hostlist_file       File contains hostnames or 
                                        username/hostname pairs.

-p, --password-file                     File contains password used 
                                        for authentication.

-P, --empty-passphrase                  Assume empty passphrase when 
                                        generating key pair.

-d, --allow-keygen-overwrite            Allow ssh-keygen2 to overwrite 
                                        an existing key pair.

-t, --key-type dsa|rsa                  Type of the generated key

-b, --key-bits bits                     Length of the generated key

-f, --pubkey-file public_key_file       Disable key pair generation, 
                                        distribute this key instead.

-a, --accept-new-host-keys              Automatically accept new hostkeys. 
                                        Use with care.

-N, --only-accept-new-host-keys         Only accept the hostkeys. Do not 
                                        generate or distribute user keys.

-A, --accepted-host-key-log log_file    Log file of accepted new hostkeys

-n, --do-not-execute                    Print the commands but do not 
                                        execute them.

-v, --verbose                           Use verbose mode.

Mainframe Server Keys

Remote Server Keys

Mainframe User Keys

Remote User Keys

PreviousNextUp[Contents] [Index]

[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]

Copyright © 2006 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Copyright Notice




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now