The ".pub" file represents the public key and is simply an ASCII text file. It should be transferred as a text file.
It needs to eventually end up in /"userid"/ssh/authorizedkeys (not sure of the spelling, it's in the doc) for the "userid" being used on the MF side. Beware. The permissions must be set appropriately or SFTP simply will not function. RACDCERT in the context of SFTP is used as a "container" to hold a public/private key pair. This is a different context than RACDCERT for the "e-commerce" market. Since you don't have a private key involved, this is overkill. For a great overview see http://www.dovetail.com/webinars.html In particular " IBM Ported Tools for z/OS: OpenSSH - Using Key Rings" And IBM Ported Tools for z/OS: OpenSSH - Key Authentication HTH, -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Tracy Adams Sent: Wednesday, March 1, 2017 1:04 PM To: [email protected] Subject: RACF and public keys I have a vendor that sent me a "public" key so they can SFTP into our mainframe from a Linux box without have to supply the RACF password. Yes they can sign in with a password and all works fine. I am new to RACF and loading keys and the whole SFTP / ssh thing so bear with me! When I look at the key provided it starts off with this "ssh-rsa AAAAB3NzaC1yc2EAAAABI".... The doc I have found from Dovetail for Co:z indicates to get the .pub file into a MVS dataset in "text" format then do a RACDCERT ADD command and then point to the RACF keyring in $HOME/.ssh/authorized_keys. The RACDCERT command fails indicating "The input data set does not contain a valid certificate." And the DEBUG option provides no additional information. I am thinking I must have done something wrong getting the file from Windows email to the mainframe... I simply used SFTP to move it from c:\temp and I have tried both ASCII (looks good) and BINARY (looks binary). Is the .pub file simple in the wrong format for RACF and needs to be converted? Any help would be greatly appreciated! Tracy ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ::DISCLAIMER:: ---------------------------------------------------------------------------------------------------------------------------------------------------- The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents (with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of authorized representative of HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any email and/or attachments, please check them for viruses and other defects. ---------------------------------------------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
