From OpenSSH Client on Unix to SSH Tectia Server on z/OS
In addition to the standard IETF SecSh keys used by SSH Tectia, SSH Tectia Server for IBM z/OS accepts OpenSSH public keys for user authentication. For more information on OpenSSH configuration, see OpenSSH documentation.
To enable public-key authentication from OpenSSH client on Unix to SSH Tectia Server on z/OS:
Create a key pair using ssh-keygen, for example:
$ ssh-keygen -t rsa -b 1536
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user1/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user1/.ssh/id_rsa.
Your public key has been saved in /home/user1/.ssh/id_rsa.pub.
The key fingerprint is:
To create the key without a passphrase, hit enter when prompted to enter the passphrase. When the is created with a default file name (id_rsa), it is automatically used in public-key authentication attempts.
Create a .ssh2 directory on the z/OS Server (if it does not exist already):
$ ssh user1@tectia_zos mkdir .ssh2
Copy your public key to the remote z/OS Server using sftp:
$ sftp user1@zos
sftp> put id_rsa.pub /ftadv:C=ISO8859-1,D=IBM-1047,X=TEXT/.ssh2/id_rsa.pub
Create an authorization file on the remote z/OS Server.