I have spent some time recently trying to understand how to create private/public keys. This is a summary of my understanding which may be of use to others.

Configuration for password-less communication between user a1 on VMS host v1 to user a2 on VMS host v2 using private/public key pairs.

1. sftp to both a1@v1 and a2@v2. This will create the [.ssh2] directory correctly.
2. in user a1 directory ssh2
$ @SYS$MANAGER:TCPIP$DEFINE_COMMANDS.COM
$ ssh_keygen "-P"
This produces private key ID_DSA_2048_A. and public key ID_DSA_2048_A.PUB
$ rename ID_DSA_2048_A. a1_v1.
$ rename ID_DSA_2048_A.PUB a1_v1.pub
$ set prot=w:r A.PUB a1_v1.pub ! Everybody can read public key
$ set prot=(g,w) A.PUB a1_v1. ! Private key remains private

$ create IDENTIFICATION.
Idkey ID_DSA_02048_A
$ create AUTHORIZATION.
KEY A2_V2.PUB
$ copy/ftp a1_v1.pub v2"a2 password"::[.ssh2]

3. repeat correspondingly for user a2

4. Now sftp should work in both directions
from a1
$ sftp a2@v2
From a2
$ sftp a1@v1

NB IDENTIFICATION. Is users private key (no '.')
AUTHORIZATION. Is list of strangers public keys



Comunication between a1 on VMS host v1 to a3 on Unix host u1
1. in a3
~> cd .ssh
~/.ssh> ssh-keygen -t rsa
This produces private key id_rsa and public key id_rsa.pub

2. convert public key to vms format
ssh-keygen -e -f key id_rsa.pub > a3_u1.pub

3. ftp a3_u1.pub to a1 directory ssh2
4. ftp a1_v1.pub from user a1 to .ssh as a1_v1.pub_vms
5. convert to OpenSSH format
Ssh_keygen -i -f a1_v1.pub_vms > a1_v1.pub
6. Add to authorized keys
Cat a1_v1.pub authorized_keys
7. sftp should now work
Sftp a1@v1

8. Repeat for user a2 on v2, but do
Cat a1_v1.pub a2_v2.pub > authorized_keys

9. In user a1 on host v1 append the line 'KEY a3_u1.PUB' to AUTHORIZATION.
10 sftp should now work
Sftp a3@u1