From Tectia Client on Unix to Tectia Server on z/OS

The instructions apply to Tectia Client (5.1 and later) and Tectia ConnectSecure on Unix. For more information, see Tectia Client User Manual or Tectia ConnectSecure Administrator Manual.

To enable public-key authentication from Tectia Client on Unix to Tectia Server on z/OS:

  1. Create a key pair using ssh-keygen-g3. For non-interactive use, the key can be generated without a passphrase with the -P option.

    $ ssh-keygen-g3 -t rsa -b 1536 -P $HOME/.ssh2/unix_key
    Generating 1536-bit rsa key pair
       5 oOo.oOo.oOo.
    Key generated.
    1536-bit rsa, ClientUser@tectia_unix, Tue Jul 11 2006 14:49:51 +0300
    Private key saved to /home/ClientUser/.ssh2/unix_key
    Public key saved to /home/ClientUser/.ssh2/unix_key.pub
  2. Create a remote .ssh2 directory on the z/OS Server (if it does not exist already):

    $ sshg3 ServerUser@Server_zos mkdir .ssh2
  3. Copy your public key to the remote z/OS Server:

    $ scpg3 -a unix_key.pub \
  4. Create an authorization file on the remote z/OS Server.

    $ sshg3 ServerUser@Server_zos "echo Key unix_key.pub >> .ssh2/authorization"
  5. Make sure that public-key authentication is allowed in the Connection Broker configuration on Client, in the default settings and in the relevant connection profile (it is allowed by default).