Your browser does not allow storing cookies. We recommend enabling them.

SSH Tectia 
PreviousNextUp[Contents] [Index]

    About This Document >>
    Installing SSH Tectia Server for IBM z/OS >>
    Using SSH Tectia Server for IBM z/OS >>
    Configuring the Server >>
    Configuring the Client >>
    Authentication >>
    Troubleshooting SSH Tectia Server for IBM z/OS >>
    Examples of Use >>
        Secure File Transfers Using the z/OS Client>>
        Secure File Transfers Using Windows and Unix Clients>>
        Submitting JCL Jobs over Secure Shell
        Debugging SSH Tectia Server for IBM z/OS>>
        Example of Distributing Keys >>
            Mainframe Server Keys
            Remote Server Keys
            Mainframe User Keys
            Remote User Keys
    Man Pages >>
    Log Messages >>

Remote Server Keys

The SSH Tectia clients on the mainframe must have remote server public keys or public key hash values available in order to authenticate the remote server they are connecting to. The keys or key hash values can be stored in the mainframe user's $HOME/.ssh2/hostkeys directory or in the /etc/ssh2/hostkeys directory which is common for all the users. The example hostkey tool can be used to retrieve multiple remote host keys and store the key hash values to user's host key directory. Separate steps are needed if the administrator wants to store these key hash values also to system-wide key store that is available for all the users.

For more information about hashed host key format and usage of the system-wide key store, see Section Server Authentication with Public Keys.

Example 1: Fetching multiple host keys in verbose more and storing the log under /tmp.

> ssh-userkeygendist2.sh -v -N -A /tmp/newhosts.log host1 host2 host3 host4

The host keys are copied under $HOME/.ssh2/hostkeys. If the administrator wants to use those keys for all users, key hashes and the salt file need to be copied to global key store /etc/ssh2/hostkeys.

> mkdir /etc/ssh2/hostkeys
> cp $HOME/.ssh2/hostkeys/* /etc/ssh2/hostkeys 
> chmod 755 /etc/ssh2/hostkeys 
> chmod 644 /etc/ssh2/hostkeys/*

Example2: Fetching host keys using a hostlist file.

The format of the hostlist file is the following:

host1.company.com
host2.company.com
host3.company.com

The commands are the following:

> ssh-userkeygendist2.sh -N -A /tmp/newhosts.log -H /home/userid/hostlist.txt

PreviousNextUp[Contents] [Index]


[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]

Copyright © 2006 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Copyright Notice


 

 
PrivX
 

 

 
What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.



    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH



    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now