Your browser does not allow storing cookies. We recommend enabling them.


User Authentication with Public Keys in a File

Public-key authentication is based on the use of digital signatures. Each user creates a pair of key files. One of these key files is the user's public key, and the other is the user's private key. The server knows the user's public key, and only the user has the private key.

The key files must be stored in a location where the user has the write rights, (and read rights), but that is not accessible to others. These user-specific rights are required for the file, the authorized_keys directory, and for the authorization file, if used.

When the user tries to authenticate, the client sends a signature to the server, and the server checks for matching public keys. If the key is protected with a passphrase, the server requests the user to enter the passphrase.


Do not store your private keys in a location accessible to other users.

To use public-key authentication with Tectia client tools for z/OS, do the following actions:

  1. Generate a key pair with ssh-keygen-g3 (see Creating Keys with ssh-keygen-g3 on z/OS).

  2. Upload your public key to the remote host computer (see Uploading Public Keys from z/OS to Remote Host).

For instructions on using public-key authentication to connect from other hosts to Tectia Server for IBM z/OS, see Using Public-Key Authentication from Other Hosts to z/OS.

In the instructions in the following sections,

  • Server is the remote host running the Secure Shell server that you are trying to connect to.

  • ServerUser is the user name on Server that you are logging in as.

  • Client is the host running the Secure Shell client (Tectia client tools for z/OS).

  • ClientUser is the user name on Client that should be allowed to log in to Server as ServerUser.

User public-key authentication

Figure 4.2. User public-key authentication

The instructions assume that ClientUser is allowed to log in to Server as ServerUser using some other authentication method (usually password).


Highlights from the SSH.COM blog:

  • Cryptomining with the SSH protocol: what big enterprises need to know about it

    Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency.
    Read more
  • SLAM the door shut on traditional privileged access management

    Did you know that something as trivial-sounding as granting access for your developers or third parties to a product development environment can throw a gorilla-sized monkey wrench into your operations and productivity?
    Read more
  • We broke the IT security perimeter

    Everyone understands the concept of a security perimeter. You only gain access if you are identified and authorized to do so.
    Read more