Dovetailed Technologies

Name

saf-ssh-agent — Co:Z utility to enable ssh client authetication via SAF/RACF Digital Certificates

Synopsis

saf-ssh-agent -x [-f export_file] keyring[:label] 
saf-ssh-agent -b asn1_file  keyring[:label]
saf-ssh-agent -c keyring[:label] command [command_args...]
    

Description

This z/OS Co:Z utility is similar in function to the OpenSSH ssh-agent, but rather than automatically authenticating the ssh client with ssh keys, it provides for authentication with SAF/RACF Digital Certificates.

keyring[:label] is the keyring (and optional certifcate label) to use.

Options

-x

extract the public key from a SAF/RACF Digital Certificate in OpenSSH format.

-f export_file

The file to export the OpenSSH format key. If this option is omitted, the key will be written to stdout.

-b asn1-file

extract the public key (in binary ASN1 format) to a file. This option is used for diagnostic purposes.

-c

run command as a child process after initializing saf-ssh-agent. This enables command to authenticate with the supplied keyring[:label]. Generally, this option is used to run ssh as a child process, allowing it to take advantage of SAF RACDCERT authentication.

Examples

  1. This example shows how to extract an OpenSSH public key from a SAF/RACF Digital Certificate. In this case, the key is written to stdout.

    /dovetail/coz/bin: > saf-ssh-agent -x MY-RING
                                                                               
    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDVoW8HzKQYIfVqOZpEHgPLLfUkqg68fyBc
    XTDUpFyQiIoKWRh1rHHa4DlQxa80lMPzr+VvyzvJrgzXI0OVp9A09yLgr4XxtrkrfTY3nojT
    35y3bZqZXTefCX5atN8yaORfkXZeYl4H+ojdQK3ywHdDlqOMTSl1Cj4/9w67JNTXXw== CN=
    Stephen Goetze,OU=Development,O=Dovetailed Technologies,C=US      
  1. This example shows how to run ssh as a child process to execute the who command on the remote system linux.com. The ssh client will authenticate via the SAF RACDCERT contained in MY-RING.

    /dovetail/coz/bin: > saf-ssh-agent -c MY-RING ssh myid@linux.com who
                                                                               
    myid   tty7         2009-12-29 06:15 (:0)
    myid   pts/0        2009-12-29 11:23 (:0.0)
    myid   pts/1        2010-01-08 11:43 (:0.0)
    
Copyright© 2009-2017 Dovetailed Technologies, LLC. All rights reserved.
Co:Z® is a registered trademark of Dovetailed Technologies, LLC.