Your browser does not allow this site to store cookies and other data. Some functionality on this site may not work without them. See Privacy Policy for details on how we would use cookies.

Tectia

From OpenSSH Client on Unix to Tectia Server on z/OS

In addition to the standard IETF SecSh keys used by Tectia, Tectia Server for IBM z/OS accepts OpenSSH public keys for user authentication. For more information on OpenSSH configuration, see OpenSSH documentation.

To enable public-key authentication from OpenSSH client on Unix to Tectia Server on z/OS:

  1. Create a key pair using ssh-keygen, for example:

    $ ssh-keygen -t rsa -b 1536
    Generating public/private rsa key pair.
    Enter file in which to save the key (/home/ClientUser/.ssh/id_rsa): 
    Enter passphrase (empty for no passphrase): 
    Enter same passphrase again: 
    Your identification has been saved in /home/ClientUser/.ssh/id_rsa.
    Your public key has been saved in /home/ClientUser/.ssh/id_rsa.pub.
    The key fingerprint is:
    ca:3a:5d:a7:58:9c:45:e1:4d:e3:42:e4:bc:77 ClientUser@open.example.com
    

    To create the key without a passphrase, hit enter when prompted to enter the passphrase.

    When the key is created with a default file name (id_rsa), it is automatically used in public-key authentication attempts.

  2. Create a .ssh2 directory on the z/OS Server (if it does not exist already):

    $ ssh ServerUser@Server_zos mkdir .ssh2
    
  3. Copy your public key to the remote z/OS Server using sftp:

    $ sftp ServerUser@Server_zos
    sftp> put id_rsa.pub /ftadv:C=ISO8859-1,D=IBM-1047,X=TEXT/.ssh2/id_rsa.pub
    
  4. Create an authorization file on the remote z/OS Server.

    $ ssh ServerUser@Server_zos "echo Key id_rsa.pub >> .ssh2/authorization"
    
  5. Make sure that public-key authentication is allowed in the OpenSSH client configuration on Client (it is allowed by default).

===AUTO_SCHEMA_MARKUP===