Your browser does not allow this site to store cookies and other data. Some functionality on this site may not work without them. See Privacy Policy for details on how we would use cookies.

SSH

From OpenSSH Client on Unix to Tectia Server on z/OS

In addition to the standard IETF SecSh keys used by Tectia, Tectia Server for IBM z/OS accepts OpenSSH public keys for user authentication. For more information on OpenSSH configuration, see OpenSSH documentation.

To enable public-key authentication from OpenSSH client on Unix to Tectia Server on z/OS:

  1. Create a key pair using ssh-keygen, for example:

    $ ssh-keygen -t rsa
    Generating public/private rsa key pair.
    Enter file in which to save the key (/home/ClientUser/.ssh/id_rsa): 
    Enter passphrase (empty for no passphrase): 
    Enter same passphrase again: 
    Your identification has been saved in /home/ClientUser/.ssh/id_rsa.
    Your public key has been saved in /home/ClientUser/.ssh/id_rsa.pub.
    The key fingerprint is:
    72:e7:68:3b:b6:cb:95:33:46:e8:46:e0:aa:4e:94:cd ClientUser@openssh.example.com
    The key's randomart image is:
    +--[ RSA 2048]----+
    |                 |
    |                 |
    |      .          |
    |   + . . .       |
    |  o E o S o      |
    | .   . = = .     |
    |  . .   = B      |
    | . .   +o+ o     |
    | .o    .=+       |
    +-----------------+
    

    To create the key without a passphrase, hit enter when prompted to enter the passphrase.

    When the key is created with default file name (id_rsa), it is automatically used in public-key authentication attempts.

  2. Create a .ssh2 directory on Server_zos (if it does not exist already):

    $ ssh ServerUser@Server_zos mkdir .ssh2
  3. Copy your public key to the remote Server_zos using sftp:

    $ sftp ServerUser@Server_zos
    sftp> put id_rsa.pub /ftadv:C=ISO8859-1,D=IBM-1047,X=TEXT/.ssh2/id_rsa.pub
  4. Create an authorization file on the remote Server_zos.

    $ ssh ServerUser@Server_zos "echo Key id_rsa.pub >> .ssh2/authorization"
  5. Make sure that public-key authentication is allowed in the OpenSSH client configuration on Client (it is allowed by default).

===AUTO_SCHEMA_MARKUP===