Does password authentication require to have authorized_keys

Discussion of the COZBATCH utility for z/OS
Post Reply
igortr
Posts: 11
Joined: Tue Aug 25, 2015 2:50 pm

Does password authentication require to have authorized_keys

Post by igortr »

Another mainframe to mainframe sftp question: we use batch job/password for sftp/authentication and we were told that we still need to have file authorized_keys in u/HOME/.ssh. Is that correct?
Please advice.
thank you.
dovetail
Site Admin
Posts: 2022
Joined: Thu Jul 29, 2004 12:12 pm

Re: Does password authentication require to have authorized_keys

Post by dovetail »

No, you do not need a $HOME/.ssh/authorized_keys file if you are using password auth.

This file is a server-side file where public keys are registered, which must match a private key used by the SSH client. It is not used for password authentication of the user.

No matter what kind of user authentication you use (password, key, etc), you will normally still need to have the client authenticate the server (host) identity. This is typically done with a "known_hosts" file on the client machine.
igortr
Posts: 11
Joined: Tue Aug 25, 2015 2:50 pm

Re: Does password authentication require to have authorized_keys

Post by igortr »

Thank you so much for your help. Just to clarify: when I do mainframe to mainframe sftp the ACF2 password created for the sftp ID is enough for the authentication. Is this correct?
thank you
Igor
dovetail
Site Admin
Posts: 2022
Joined: Thu Jul 29, 2004 12:12 pm

Re: Does password authentication require to have authorized_keys

Post by dovetail »

Right: the mainframe server (IBM Ported Tools OpenSSH SSHD) canl authenticate the userid using only the ACF2 password.

But don't forget: with SSH, the client will also authenticate the server using the server's SSH Host key.
igortr
Posts: 11
Joined: Tue Aug 25, 2015 2:50 pm

Re: Does password authentication require to have authorized_keys

Post by igortr »

Does this means that I still need to have a public key on my site even though I use password option for authentication?
thank you.
dovetail
Site Admin
Posts: 2022
Joined: Thu Jul 29, 2004 12:12 pm

Re: Does password authentication require to have authorized_keys

Post by dovetail »

You will need to have the server's host public key on your client (in .ssh/known_hosts or /etc/ssh/ssh_known_hosts) or accept the key the first time you connect.

For more information on how this works, I would suggest that you take a look at the presentation:

"IBM Ported Tools for z/OS: OpenSSH - Key Authentication"
at: http://dovetail.com/webinars.html
igortr
Posts: 11
Joined: Tue Aug 25, 2015 2:50 pm

Re: Does password authentication require to have authorized_keys

Post by igortr »

thanks a lot, will look into documentation
Post Reply