Troubleshooting
Problem
This document provides the steps necessary to generate an OpenSSH public key and convert it to the Tectia or SecSh format.
Resolving The Problem
The public keys generated by OpenSSH are not compatible with the public keys based on the Tectia or SecSh format. The Tectia or SecSh public keys are sometimes called Microsoft Windows readable or Windows friendly.
Prerequisites
5733SC1 IBM Portable Utilities for i5/OS *BASE & Option 1
5722SS1 Option 33 (Portable Application Solutions Environment)
5722SS1 Option 30 (Qshell)
Assumptions
This document assumes the following:
| o | The user has a home directory in the Integrated File System. |
| o | The user's home directory contains a .ssh subdirectory. |
Do the following to generate an OpenSSH public key and convert it to the Tectia or SecSh format:
| 1. | Sign on a system that is running V6R1 or higher. |
| 2. | On the operating system command line, run the CALL QP2TERM command to enter the PASE environment. You will have a screen similar to the following: |
| 3. | Run the change directory (cd) command to get into the user's ssh folder. The correct syntax follows: cd /some/directory/.ssh |
| 4. | Invoke the ssh-keygen utility to generate the OpenSSH public/private key pair. In this example, the private key is stored in file identity and the public key is stored in file identity.pub. Note: The -b option specifies the number of bits in the key to create. The SSH server determines the length of the keys that it will accept. ssh-keygen -f identity -t rsa -b 1024 -N "" Note: Alternatively, you can type ssh-keygen -f identity -t dsa -b 1024 -N "" and get DSA keys rather than RSA keys. |
| 5. | Convert the OpenSSH public key into the Tectia or SecSh format. The correct syntax follows. In this example, the converted key is stored in file identity_win.pub. ssh-keygen -e -f identity.pub > identity_win.pub |
| 6. | Change the file permissions on the identity_win.pub file. The correct syntax follows: chmod 644 identity_win.pub |
| 7. | Verify that the OpenSSH public key was converted correctly. The cat command can be used to display the contents of text files: cat identity.pub cat identity_win.pub |
| Notice the differences between the two public keys. The BEGIN and END SSH2 PUBLIC KEY statements in the identity_win.pub file signify that the converted key is in the Tectia or SecSh format. | |
| 8. | Move the identity_win.pub file to the SSH server. Typically, the identity_win.pub file should be placed in the authorization file in the user's .ssh2 folder on the server. Transfer the identity_win.pub file using FTP to the SSH server in binary mode. Alternatively, you can e-mail the identity_win.pub file to the administrators of the SSH server. Note: To convert Tectia or SecSh public keys into an OpenSSH format, use the following syntax. In this example, the Tectia or SecSh public key is named identity.pub and the converted key is stored in file identity_OpenSSH.pub: ssh-keygen -i -f identity.pub > identity_OpenSSH.pub For additional SSH configuration and connection information, refer to the following Rochester Support Center knowledgebase document: N1012710, Configuring the System i SSH, SFTP, and SCP Clients to Use Public-Key Authentication: |
[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"Platform":[{"code":"PF012","label":"IBM i"}],"Version":"6.1.0"}]
Historical Number
473349195
Was this topic helpful?
Document Information
Modified date:
18 December 2019
UID
nas8N1018798