Your browser does not allow storing cookies. We recommend enabling them.

SSH

Generating the Server Host Key Pair

The host public-key pair (1536-bit RSA) is generated during the setup of Tectia Server. You only need to regenerate it if you want to change your host key pair.

Tectia Server for IBM z/OS includes a program that generates a key pair, ssh-keygen-g3, which is located in /opt/tectia/bin.

Generate the key pair for the server in such a way that the private key has no passphrase (option -P). The server will then start up without any operator interaction to enter a passphrase. Protect the key with file system access rules. The private key (/opt/tectia/etc/hostkey) must be accessible only by the SSHD2 user.

To (re)generate the host key, perform the following tasks:

  1. Use su to switch to a UID 0 user (if you are not already logged in as one).

  2. Run ssh-keygen-g3 to generate the host key, for example:

    # /opt/tectia/bin/ssh-keygen-g3 -t rsa -P /opt/tectia/etc/hostkey

    This will generate a 2048-bit RSA key pair without a passphrase and store it under /opt/tectia/etc.

    For more information on the key generation options, see the Tectia Server for IBM z/OS User Manual or the ssh-keygen-g3 man page.

  3. Restart the server as instructed in Restarting the Server.


 

 
PrivX
 

 

 
What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.



    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH



    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now