Another mainframe to mainframe sftp question: we use batch job/password for sftp/authentication and we were told that we still need to have file authorized_keys in u/HOME/.ssh. Is that correct?
Please advice.
thank you.
Does password authentication require to have authorized_keys
Re: Does password authentication require to have authorized_keys
No, you do not need a $HOME/.ssh/authorized_keys file if you are using password auth.
This file is a server-side file where public keys are registered, which must match a private key used by the SSH client. It is not used for password authentication of the user.
No matter what kind of user authentication you use (password, key, etc), you will normally still need to have the client authenticate the server (host) identity. This is typically done with a "known_hosts" file on the client machine.
This file is a server-side file where public keys are registered, which must match a private key used by the SSH client. It is not used for password authentication of the user.
No matter what kind of user authentication you use (password, key, etc), you will normally still need to have the client authenticate the server (host) identity. This is typically done with a "known_hosts" file on the client machine.
Re: Does password authentication require to have authorized_keys
Thank you so much for your help. Just to clarify: when I do mainframe to mainframe sftp the ACF2 password created for the sftp ID is enough for the authentication. Is this correct?
thank you
Igor
thank you
Igor
Re: Does password authentication require to have authorized_keys
Right: the mainframe server (IBM Ported Tools OpenSSH SSHD) canl authenticate the userid using only the ACF2 password.
But don't forget: with SSH, the client will also authenticate the server using the server's SSH Host key.
But don't forget: with SSH, the client will also authenticate the server using the server's SSH Host key.
Re: Does password authentication require to have authorized_keys
Does this means that I still need to have a public key on my site even though I use password option for authentication?
thank you.
thank you.
Re: Does password authentication require to have authorized_keys
You will need to have the server's host public key on your client (in .ssh/known_hosts or /etc/ssh/ssh_known_hosts) or accept the key the first time you connect.
For more information on how this works, I would suggest that you take a look at the presentation:
"IBM Ported Tools for z/OS: OpenSSH - Key Authentication"
at: http://dovetail.com/webinars.html
For more information on how this works, I would suggest that you take a look at the presentation:
"IBM Ported Tools for z/OS: OpenSSH - Key Authentication"
at: http://dovetail.com/webinars.html
Re: Does password authentication require to have authorized_keys
thanks a lot, will look into documentation