Your browser does not allow storing cookies. We recommend enabling them.

SSH

From OpenSSH Client on Unix to Tectia Server on z/OS

In addition to the standard IETF SecSh keys used by Tectia, Tectia Server for IBM z/OS accepts OpenSSH public keys for user authentication. For more information on OpenSSH configuration, see OpenSSH documentation.

To enable public-key authentication from OpenSSH client on Unix to Tectia Server on z/OS:

  1. Create a key pair using ssh-keygen, for example:

    $ ssh-keygen -t rsa
    Generating public/private rsa key pair.
    Enter file in which to save the key (/home/ClientUser/.ssh/id_rsa): 
    Enter passphrase (empty for no passphrase): 
    Enter same passphrase again: 
    Your identification has been saved in /home/ClientUser/.ssh/id_rsa.
    Your public key has been saved in /home/ClientUser/.ssh/id_rsa.pub.
    The key fingerprint is:
    72:e7:68:3b:b6:cb:95:33:46:e8:46:e0:aa:4e:94:cd ClientUser@openssh.example.com
    The key's randomart image is:
    +--[ RSA 2048]----+
    |                 |
    |                 |
    |      .          |
    |   + . . .       |
    |  o E o S o      |
    | .   . = = .     |
    |  . .   = B      |
    | . .   +o+ o     |
    | .o    .=+       |
    +-----------------+
    

    To create the key without a passphrase, hit enter when prompted to enter the passphrase.

    When the key is created with default file name (id_rsa), it is automatically used in public-key authentication attempts.

  2. Create a .ssh2 directory on Server_zos (if it does not exist already):

    $ ssh ServerUser@Server_zos mkdir .ssh2
  3. Copy your public key to the remote Server_zos using sftp:

    $ sftp ServerUser@Server_zos
    sftp> put id_rsa.pub /ftadv:C=ISO8859-1,D=IBM-1047,X=TEXT/.ssh2/id_rsa.pub
  4. Create an authorization file on the remote Server_zos.

    $ ssh ServerUser@Server_zos "echo Key id_rsa.pub >> .ssh2/authorization"
  5. Make sure that public-key authentication is allowed in the OpenSSH client configuration on Client (it is allowed by default).



Want to see how PrivX can help your organisation?

Are you a DEVELOPER accessing cloud hosts, are you a IT ADMIN managing access & credentials in your corporation, are you BUSINESS MANAGER and want to save money or are you responsible of IT SECURITY in DevOps