Your browser does not support HTML5 local storage or you have disabled it. Some functionality on this site, including saving your privacy settings and offering you special discounts, uses local storage and may not work with local storage disabled. We recommend allowing the use of local storage in your browser. In some browsers, it is the same setting used for disabling cookies.

Tectia

From OpenSSH Client on Unix to Tectia Server on z/OS

In addition to the standard IETF SecSh keys used by Tectia, Tectia Server for IBM z/OS accepts OpenSSH public keys for user authentication. For more information on OpenSSH configuration, see OpenSSH documentation.

To enable public-key authentication from OpenSSH client on Unix to Tectia Server on z/OS:

  1. Create a key pair using ssh-keygen, for example:

    $ ssh-keygen -t rsa -b 1536
    Generating public/private rsa key pair.
    Enter file in which to save the key (/home/ClientUser/.ssh/id_rsa): 
    Enter passphrase (empty for no passphrase): 
    Enter same passphrase again: 
    Your identification has been saved in /home/ClientUser/.ssh/id_rsa.
    Your public key has been saved in /home/ClientUser/.ssh/id_rsa.pub.
    The key fingerprint is:
    ca:3a:5d:a7:58:9c:45:e1:4d:e3:42:e4:bc:77 ClientUser@open.example.com
    

    To create the key without a passphrase, hit enter when prompted to enter the passphrase.

    When the key is created with a default file name (id_rsa), it is automatically used in public-key authentication attempts.

  2. Create a .ssh2 directory on the z/OS Server (if it does not exist already):

    $ ssh ServerUser@Server_zos mkdir .ssh2
    
  3. Copy your public key to the remote z/OS Server using sftp:

    $ sftp ServerUser@Server_zos
    sftp> put id_rsa.pub /ftadv:C=ISO8859-1,D=IBM-1047,X=TEXT/.ssh2/id_rsa.pub
    
  4. Create an authorization file on the remote z/OS Server.

    $ ssh ServerUser@Server_zos "echo Key id_rsa.pub >> .ssh2/authorization"
    
  5. Make sure that public-key authentication is allowed in the OpenSSH client configuration on Client (it is allowed by default).

===AUTO_SCHEMA_MARKUP===