Your browser does not allow storing cookies. We recommend enabling them.

Tectia

Generating the Server Host Key Pair

The host public-key pair (1536-bit RSA) is generated during the setup of Tectia Server (Running the Setup Script). You only need to regenerate it if you want to change your host key pair.

Tectia Server for IBM z/OS includes a program that generates a key pair, ssh-keygen-g3, which is located in /opt/tectia/bin.

Generate the key pair for the server in such a way that the private key has no passphrase (option -P). The server will then start up without any operator interaction to enter a passphrase. Protect the key with file system access rules. The private key (/opt/tectia/etc/hostkey) must be accessible only by the SSHD2 user.

To (re)generate the host key, perform the following tasks:

  1. Use su to switch to a UID 0 user (if you are not already logged in as one).

  2. Run ssh-keygen-g3 to generate the host key, for example:

    # /opt/tectia/bin/ssh-keygen-g3 -t rsa -P /opt/tectia/etc/hostkey

    This will generate a 2048-bit RSA key pair without a passphrase and store it under /opt/tectia/etc. For more information on the key generation options, see the ssh-keygen-g3 man page.

  3. Restart the server as instructed in Restarting and Stopping sshd2.


 

 
What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.



    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH



    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now