You could use the _ZOS_USER_SSH_CONFIG environment variable to point all to the same file.
In that file, you could have: IdentityKeyRingLabel "* SSH-KEY" This would use the user's virtual keyring and label "SSH-KEY". Kirk Wolf Dovetailed Technologies http://dovetail.com On Tue, Nov 6, 2012 at 1:19 PM, Mark Jacobs <[email protected]>wrote: > No, what I'm looking to do is to perform a staged migration from OpenSSH > generated keypairs into RACF certificates. Our current situation is as > follows, we have many (several hundred) sftp processes, each running under > their own unique RACF userid with public/private keys already generated and > being used for production file transfer activities. > > Thanks to your assistance on the Dovetail bulletin board, I was able to > successfully convert a OpenSSH generated private key and import it into a > keyring associated with my personal userid. > > My goal is to convert and import, every users private key into a userid > specific key ring, and have that certificate used for authentication > purposes to the target server. I'm looking for a method to generically tell > OpenSSH to use the keyring/certificate that's defined for that RACF userid > without having to have a zos_user_ssh_config file for each user. > > Mark Jacobs > > > On 11/06/12 14:03, Kirk Wolf wrote: > >> Mark, >> >> IBM Ported Tools OpenSSH doesn't allow you to specify IdentityKeyRingLabel >> in the global /etc/ssh/zos_ssh_config file. >> >> You can also specify this option as a command line switch or environment >> variable, if that helps. >> >> Do you want to share the actual SAF(RACF/ACF2/TSS) key ring and private >> key >> between users? This can be done, but the required SAF permissions are >> a >> little tricky and not documented very well. >> >> Kirk Wolf >> Dovetailed Technologies >> http://dovetail.com >> +1 636.300.0901 >> >> On Tue, Nov 6, 2012 at 12:32 PM, Mark >> Jacobs<mark.jacobs@custserv.**com<[email protected]> >> >wrote: >> >> >> >>> Before I dig even further into the manuals, does anyone know if there's a >>> way to specify in a globally accessible ssh configuration file to use a >>> certificate attached to a key ring for the private key? >>> >>> I know I can use the user specific zos_user_ssh_config file, but I'd like >>> to utilize a single controlling configuration file, rather than a >>> plethora >>> of user files. >>> >>> -- >>> Mark Jacobs >>> Time Customer Service >>> Tampa, FL >>> ---- >>> >>> The quiet ones are the ones that change the universe... >>> The loud ones only take the credit. >>> >>> Londo Mollari - Babylon 5 >>> >>> ------------------------------****----------------------------** >>> --**---------- >>> >>> For IBM-MAIN subscribe / signoff / archive access instructions, >>> send email to [email protected] with the message: INFO IBM-MAIN >>> >>> >>> >> ------------------------------**------------------------------** >> ---------- >> For IBM-MAIN subscribe / signoff / archive access instructions, >> send email to [email protected] with the message: INFO IBM-MAIN >> >> >> > > > -- > Mark Jacobs > Time Customer Service > Tampa, FL > ---- > > The quiet ones are the ones that change the universe... > The loud ones only take the credit. > > Londo Mollari - Babylon 5 > > ------------------------------**------------------------------**---------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
