Secure communications between your mainframe and the AMI is required. As part of acquiring and setting up the AMI, you would have setup general TCP/IP communications already. Now you must setup public / private key pairs between the controller in the AMI and the controller in z/OS so that they can communicate securely.
Refer to securing communications for detailed descriptions and instructions to generate a public private key on z/OS. Those instructions include how to generate a public private key on Linux which you can use for your AMI. However, that should not be necessary since the AMI generated the public private key automatically when it was launched.
connect> ls -al ~/.nacl
-r-------- 1 connect connect 109 Jul 29 03:31 id_nacl
-r--r--r-- 1 connect connect 83 Jun 23 19:04 id_nacl.pub
connect> ls -al $SQDATA_DAEMON_DIR
drwxr-xr-x 2 connect connect 62 Aug 3 21:00 cfg/
-r-------- 1 connect connect 109 Aug 3 21:12 id_nacl
-rwxr-xr-x 1 connect connect 83 Aug 3 21:10 nacl_auth_keys*- Stop your mainframe controller daemon.
- Add your AMI controller public key to your mainframe authorized dataset.
connect> cat ~/.nacl/id_nacl.pub v9z8+NGPUqhpCnh04tbn8OPmMnJELe6u6uEDxcmhqkw= connect@ip-172-31-13-104.ec2.internal - Restart your mainframe controller daemon.
To allow the AMI controller to communicate with your mainframe controller:
- Stop your AMI controller daemon.
connect> sqdstop_daemon - Add your mainframe controller public key to your AMI authorized file.
connect> echo "EORDPJ75Crm7ITdRpIeYLFaNAOBzXaEspg3DgsnfYhU= WWCJFA@ZOS1" >> $SQDATA_DAEMON_DIR/nacl_auth_keys connect> cat $SQDATA_DAEMON_DIR/nacl_auth_keys v9z8+NGPUqhpCnh04tbn8OPmMnJELe6u6uEDxcmhqkw= connect@ip-172-31-13-104.ec2.internal EORDPJ75Crm7ITdRpIeYLFaNAOBzXaEspg3DgsnfYhU= WWCJFA@ZOS1 - Restart your AMI controller daemon.
connect> sqdstart_daemon