SSH Tectia  
Previous Next Up [Contents] [Index]

    About This Document >>
    Installing SSH Tectia Server for IBM z/OS >>
    Getting Started with SSH Tectia Server for IBM z/OS >>
    Configuring the Server >>
    Configuring the Client >>
    Authentication >>
        Using the z/OS System Authorization Facility
        Server Authentication with Public Keys in File >>
        Server Authentication with Certificates >>
        User Authentication with Passwords
        User Authentication with Public Keys in File >>
            From SSH Tectia Client on z/OS
            From SSH Tectia Client on Windows to SSH Tectia Server on z/OS
            From SSH Tectia Client on Unix to SSH Tectia Server on z/OS
            From OpenSSH Client on Unix to SSH Tectia Server on z/OS
            Settings in SSH Tectia Server on z/OS
        User Authentication with Certificates >>
        Host-Based User Authentication >>
        User Authentication with Keyboard-Interactive >>
        Distributing Public Keys Using the Key Distribution Tool >>
    File Transfer Using SFTP >>
    File Transfer Using Transparent FTP Tunneling >>
    Tunneling on the Command Line >>
    Troubleshooting SSH Tectia Server for IBM z/OS >>
    Advanced Information >>
    Man Pages >>
    Log Messages >>

From OpenSSH Client on Unix to SSH Tectia Server on z/OS

In addition to the standard IETF SecSh keys used by SSH Tectia, SSH Tectia Server for IBM z/OS accepts OpenSSH public keys for user authentication. For more information on OpenSSH configuration, see OpenSSH documentation.

To enable public-key authentication from OpenSSH client on Unix to SSH Tectia Server on z/OS:

  1. Create a key pair using ssh-keygen, for example:
    $ ssh-keygen -t rsa -b 1536
    Generating public/private rsa key pair.
    Enter file in which to save the key (/home/user1/.ssh/id_rsa): 
    Enter passphrase (empty for no passphrase): 
    Enter same passphrase again: 
    Your identification has been saved in /home/user1/.ssh/id_rsa.
    Your public key has been saved in /home/user1/.ssh/id_rsa.pub.
    The key fingerprint is:
    ca:3a:5d:a7:58:9c:45:e1:4d:e3:42:e4:bc:49:0b:77 user1@openssh.example.com
    
    To create the key without a passphrase, hit enter when prompted to enter the passphrase. When the is created with a default file name (id_rsa), it is automatically used in public-key authentication attempts.
  2. Create a .ssh2 directory on the z/OS Server (if it does not exist already):
    $ ssh user1@tectia_zos mkdir .ssh2
    
  3. Copy your public key to the remote z/OS Server using sftp:
    $ sftp user1@zos
    sftp> put id_rsa.pub /ftadv:C=ISO8859-1,D=IBM-1047,X=TEXT/.ssh2/id_rsa.pub
    
  4. Create an authorization file on the remote z/OS Server.
    $ ssh user1@zos "echo Key id_rsa.pub >> .ssh2/authorization"
    
  5. Make sure that public-key authentication is allowed in the OpenSSH client configuration on Client (it is allowed by default).

Previous Next Up [Contents] [Index]


[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]

Copyright © 2007 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Copyright Notice