Your browser does not allow storing cookies. We recommend enabling them.


User Authentication with Public Keys

The user's public keys are located in the user's $HOME/.ssh2 directory on the server.

The batch user accesses the remote machine using an account on the remote machine. The remote user name may either be the same as or different from the batch user's RACF user ID.

Each batch user's public key must be distributed to all the remote accounts. The way the public key is set up differs between Tectia and OpenSSH-based products.

ssh-keydist-g3 uses password authentication for this initial access to the remote server. You can store the password for the remote account in a data set as follows:

  1. Allocate a data set or a data set member. For example:

  2. The data set must only be accessible to the user executing the JCL.

  3. Put the user password in the data set. For example:


Use the sample JCL KEYDIST (shown below) from <HLQ>.V650.SAMPLIB to distribute user keys. Edit the JCL to suit your needs. The example assumes that the server host key has already been fetched and verified. You can consult the Tectia Server for IBM z/OS User Manual for an explanation of all the available options for the ssh-keydist-g3 command.

Note that KEYDIST must be run under the batch user's user ID in order for the file permissions to be set properly.


PGM /opt/tectia/bin/ssh-keydist-g3
-t rsa -b 1024 1 -P 2
-u userid 3 -p //'USERID.PASSWD' 4
-U /tmp/my_log_file 5 
-O 6

Create a new 1024-bit RSA keypair.


Use an empty passphrase.


The user name specified here will be used.


Use a password stored in a data set. Replace //'USERID.PASSWD' with the name of your password data set.


A log file will be written to the (non-default) location specified here.


Connect to a Unix host running OpenSSH. Replace with your host.

In KEYDIST above the -O option is used to connect to an OpenSSH server running on a Unix host. Use the following ssh-keydist-g3 options when connecting to Tectia Server on different platforms:

  • z/OS: -Z

  • Unix: -S

  • Windows: -W


Highlights from the SSH.COM blog:

  • Cryptomining with the SSH protocol: what big enterprises need to know about it

    Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency.
    Read more
  • SLAM the door shut on traditional privileged access management

    Did you know that something as trivial-sounding as granting access for your developers or third parties to a product development environment can throw a gorilla-sized monkey wrench into your operations and productivity?
    Read more
  • We broke the IT security perimeter

    Everyone understands the concept of a security perimeter. You only gain access if you are identified and authorized to do so.
    Read more