View previous topic :: View next topic
|
Author |
Message |
vasanthz
Global Moderator
Joined: 28 Aug 2007 Posts: 1742 Location: Tirupur, India
|
|
|
|
Hi,
I generate public-private ssh key pair using the below process
Code: |
# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/.ssh/id_rsa): doge_secure
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in doge_secure.
Your public key has been saved in doge_secure.pub.
The key fingerprint is:
xx:yy:zz:aa:bb WELLS@MAIN
# |
Could you please let me know if this process can be done through batch JCL. Maybe with BPXBATCH?
Currently we do this manually and it is difficult to do it for quite a large number of users.
Regards,
Vasanth.S |
|
Back to top |
|
|
Bill O'Boyle
CICS Moderator
Joined: 14 Jan 2008 Posts: 2501 Location: Atlanta, Georgia, USA
|
|
|
|
Would you be using Software ( IE: IBM Crypto ) or Hardware ( IE: RACAL or ATALLA box ) to generate these keys? What service are you using via BPXBATCH?
I know this can be done via a CALL to a RACAL/e-Thales box as the box doesn't care whether it's Batch or On-Line. Did this in the late 90's, with the box running in its own address space.
Regards, |
|
Back to top |
|
|
vasanthz
Global Moderator
Joined: 28 Aug 2007 Posts: 1742 Location: Tirupur, India
|
|
|
|
Thanks Bill for looking at this
Code: |
Would you be using Software ( IE: IBM Crypto ) or Hardware ( IE: RACAL or ATALLA box ) to generate these keys? What service are you using via BPXBATCH? |
Currently I use the SSH shell in Mainframe with "ssh-keygen -t rsa " command.
I've used BPXBATCH to execute some Unix commands, so thought we could run "ssh-keygen -t rsa" command as well using BPXBATCH.
The only problem is that ssh-keygen -t rsa command is interactive and requires user input for the key file name so I do not know how to implement this in batch JCL. |
|
Back to top |
|
|
Bill O'Boyle
CICS Moderator
Joined: 14 Jan 2008 Posts: 2501 Location: Atlanta, Georgia, USA
|
|
|
|
Could you write a CICS program which CALLS BPXBATCH, being invoked via an EXCI. When you return to the EXCI caller, place the BPXBATCH results in the commarea. Or perhaps, an MQ interface?
Regards, |
|
Back to top |
|
|
vasanthz
Global Moderator
Joined: 28 Aug 2007 Posts: 1742 Location: Tirupur, India
|
|
|
|
Found the solution after quite a bit of experimenting.
Code: |
//RUNSHEL1 EXEC PGM=BPXBATCH
//STDOUT DD SYSOUT=*
//STDERR DD SYSOUT=*
//STDPARM DD *
SH ssh-keygen -b 2048 -t rsa -f /u/keypath -q -N ""
/* |
|
|
Back to top |
|
|
Smita.t2
New User
Joined: 17 Apr 2012 Posts: 31 Location: Bangalore
|
|
|
|
Thanks Vasanth for sharing it. I wish there was a like button |
|
Back to top |
|
|
vasanthz
Global Moderator
Joined: 28 Aug 2007 Posts: 1742 Location: Tirupur, India
|
|
|
|
Glad it was helpful :-) |
|
Back to top |
|
|
|