SFTP Install RSA Certificate

Discussion of Co:Z sftp, a port of OpenSSH sftp for z/OS
Post Reply
TSGHOS
Posts: 20
Joined: Fri Oct 15, 2010 8:55 am

SFTP Install RSA Certificate

Post by TSGHOS »

Hello,

We have installed IBM Ported Tools and generated the required Digital Certifcates in RACF.

My question is :

We are now in process of installing Co:z SFTP ,do we need to create a new keyring and digital certificate ?

Thanks.
Top
dovetail
Site Admin
Posts: 2025
Joined: Thu Jul 29, 2004 12:12 pm

Post by dovetail »

Co:Z SFTP uses IBM Ported Tools OpenSSH for its ssh layer, which includes authentication, so you can definitely use the keyring that you setup for Ported Tools with Co:Z SFTP.

1) If you are using Co:Z SFTP server, then Ported Tools handles the login authentication before starting the sftp-server process, so there is nothing special to do to use the keyring that you have setup for Ported Tools OpenSSH.

2) If you are using Co:Z SFTP client, you have two options for using the keyring:
a) Use the CO:Z SFTP saf keyring agent, by specifying

cozsftp -k "SSH-RING:SSH-LABEL" ....

Notes: this works for RSA certificates only, not DSA, and works with
Ported Tools 1.1 or 1.2 Also, you can omit ":SSH-LABEL" if it is the default label
in the key ring.

b) Use the Ported Tools ssh keyring option:

cozsftp -o IdentityKeyRingLabel="SSH-RING SSH-LABEL" ...

Notes: This only works with Ported Tools OpenSSH 1.2.
The label name must be specified and there must be
a space between the ring and label name.
Top
Post Reply

Return to “Co:Z SFTP”