ssh-keygen normally does the right thing with file permissions etc. To copy keys to remote systems I run:
ssh-copy-id <user>@<hostname> z/OS does not ship ssh-copy-id but it's easy to pipe into ssh and create the .ssh directory if it doesn't already exist. cat ~/.ssh/id_rsa.pub | ssh <user>@<hostname> 'umask 0077; mkdir -p .ssh; cat >> .ssh/authorized_keys && echo "Key copied"' On Tue, 2022-03-15 at 03:44 -0500, Jantje. wrote: > On Sun, 13 Mar 2022 10:38:36 +0400, Jake Anderson <[email protected]> > wrote: > > > > The certificate I have kept in my home directory of omvs. So from CENTOS I > > do SSH certificate_path Mainframeuser@ZOS > > still it asks for password. Is there any parameter within SSHD_CONFIG had > > to be tweaked ? > > > The devil is in the details... Ownership of all the files involved, > permissions on all the files involved, even their location in the directory > structure, it all must be just right on both server > and client side. And it is not just the certificate... your public key must > be known to the server and the server public key must be known to the client > (installed in the right file in the right > directory with the right ownership and permissions). > > You can use the -vvv option on your ssh command line on the client and wade > through the log that will produce. Overwhelming at first, but in the end you > will find some message indicating what is > wrong. > > How to fix it? You will want to read some documentation en GIYF. > > Cheers, > > Jantje. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
