> If so, then you need to transfer the PRIVATE/secret key to the z/OS
> host, and tell the sftp client which identity key to use.
Forgive me Stefan.
I strongly recommend NOT doing this.
Instead, use an /SSH agent/ on the workstation and NEVER let THAT
private key escape into the wild.
You will need agent proxy enabled on all systems, but then can ...
# from the workstation
ssh -A mvshost
# and once in the USS shell
ssh -A otherhost
# and from there
ssh -A original
Above example makes a loop, but the point is, with SSH agent service,
you can avoid the risk of multiple copies of your SSH private key (or of
multiple SSH private keys). MUCH better security posture and yet full
access to all systems of interest.
You can simplify the mechanics (and avoid having to add the "-A" flag
every time) by adding ...
ForwardAgent yes
... to your~/.ssh/config file.
-- Rick Troth, CISSP; <><
On 3/4/26 9:51 PM, Stefan Skoglund wrote:
Do you want to connect with ssh/scp/sftp from USS in z/OS to a linux
host ?
If so, then you need to transfer the PRIVATE/secret key to the z/OS
host, and tell the sftp client which identity key to use.
Personally i would prefer generating a key pair on z/OS and then
copying the public key to the linux host.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email [email protected] with the message: INFO IBM-MAIN
--
-- R; <><
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
