Your browser does not allow storing cookies. We recommend enabling them.


Generating the Server Host Key Pair

The host public-key pair (2048-bit RSA) is generated during the installation of Tectia Server for IBM z/OS by running job KEYGH generated by Tectia SSH Assistant installation step 1.15 KEYGEN. You only need to regenerate the host key pair if you want to change it.

KEYGH invokes a tool called ssh-keygen-g3 (located in /opt/tectia/bin) that generates the host key pair:

 //STDPARM  DD  *                         
 SH /opt/tectia/bin/ssh-keygen-g3 -H 1 -P 2 -t rsa 3                    
    -c "Tectia Server key for $(hostname) generated at $(date)" 4  
    -b 2048 5
 //STDENV   DD  *  

The key pair will be stored in the default host key directory (/opt/tectia/etc).


The key will be saved without a passphrase.


The type of the key will be RSA.


This line generates the key comment.


The length of the key will be 2048 bits.

Because the key pair is generated in such a way that the private key has no passphrase (option -P), the server will start up without any operator interaction to enter a passphrase. Protect the key with file system access rules. The private key (/opt/tectia/etc/hostkey) must be accessible only by the SSHD2 user.

For more information on the key generation options, see the Tectia Server for IBM z/OS User Manual or the ssh-keygen-g3 man page.

To (re)generate the host key in UNIX, perform the following tasks:

  1. Use su to switch to a UID 0 user (if you are not already logged in as one).

  2. Run ssh-keygen-g3 to generate the host key, for example:

    # /opt/tectia/bin/ssh-keygen-g3 -t ecdsa -b 256 -P /opt/tectia/etc/hostkey

    This will generate a 256-bit ECDSA key pair without a passphrase and store it under /opt/tectia/etc.

  3. Restart the server.




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now