Your browser does not allow storing cookies. We recommend enabling them.

SSH

From OpenSSH Client on Unix to Tectia Server on z/OS

In addition to the standard IETF SecSh keys used by Tectia, Tectia Server for IBM z/OS accepts OpenSSH public keys for user authentication. For more information on OpenSSH configuration, see OpenSSH documentation.

To enable public-key authentication from OpenSSH client on Unix to Tectia Server on z/OS:

  1. Create a key pair using ssh-keygen, for example:

    $ ssh-keygen -t rsa -b 1536
    Generating public/private rsa key pair.
    Enter file in which to save the key (/home/ClientUser/.ssh/id_rsa): 
    Enter passphrase (empty for no passphrase): 
    Enter same passphrase again: 
    Your identification has been saved in /home/ClientUser/.ssh/id_rsa.
    Your public key has been saved in /home/ClientUser/.ssh/id_rsa.pub.
    The key fingerprint is:
    ca:3a:5d:a7:58:9c:45:e1:4d:e3:42:e4:bc:77 ClientUser@open.example.com
    

    To create the key without a passphrase, hit enter when prompted to enter the passphrase.

    When the key is created with a default file name (id_rsa), it is automatically used in public-key authentication attempts.

  2. Create a .ssh2 directory on the z/OS Server (if it does not exist already):

    $ ssh ServerUser@Server_zos mkdir .ssh2
    
  3. Copy your public key to the remote z/OS Server using sftp:

    $ sftp ServerUser@Server_zos
    sftp> put id_rsa.pub /ftadv:C=ISO8859-1,D=IBM-1047,X=TEXT/.ssh2/id_rsa.pub
    
  4. Create an authorization file on the remote z/OS Server.

    $ ssh ServerUser@Server_zos "echo Key id_rsa.pub >> .ssh2/authorization"
    
  5. Make sure that public-key authentication is allowed in the OpenSSH client configuration on Client (it is allowed by default).


 

 
Highlights from the SSH.COM blog:

  • Cryptomining with the SSH protocol: what big enterprises need to know about it

    Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency.
    Read more
  • SLAM the door shut on traditional privileged access management

    Did you know that something as trivial-sounding as granting access for your developers or third parties to a product development environment can throw a gorilla-sized monkey wrench into your operations and productivity?
    Read more
  • We broke the IT security perimeter

    Everyone understands the concept of a security perimeter. You only gain access if you are identified and authorized to do so.
    Read more