Remote Server Keys
The SSH Tectia clients on the mainframe must have remote server public keys or public key hash values available in order to authenticate the remote server they are connecting to. The keys or key hash values can be stored in the mainframe user's
$HOME/.ssh2/hostkeys directory or in the
/etc/ssh2/hostkeys directory which is common for all the users. The example hostkey tool can be used to retrieve multiple remote host keys and store the key hash values to user's host key directory. Separate steps are needed if the administrator wants to store these key hash values also to system-wide key store that is available for all the users.
For more information about hashed host key format and usage of the system-wide key store, see Section Server Authentication with Public Keys.
Example 1: Fetching multiple host keys in verbose more and storing the log under
> ssh-userkeygendist2.sh -v -N -A /tmp/newhosts.log host1 host2 host3 host4
The host keys are copied under
$HOME/.ssh2/hostkeys. If the administrator wants to use those keys for all users, key hashes and the salt file need to be copied to global key store
> mkdir /etc/ssh2/hostkeys
> cp $HOME/.ssh2/hostkeys/* /etc/ssh2/hostkeys
> chmod 755 /etc/ssh2/hostkeys
> chmod 644 /etc/ssh2/hostkeys/*
Example2: Fetching host keys using a hostlist file.
The format of the hostlist file is the following:
The commands are the following:
> ssh-userkeygendist2.sh -N -A /tmp/newhosts.log -H /home/userid/hostlist.txt