db2scp, which uses both the db2locssh and db2remssh files
The db2ssh is an SSH wrapper. To use db2ssh, you must set up a dedicated non-root user i.e. <db2sshid>, with passwordless SSH on the hosts where GPFS is installed.
You can specify the <db2sshid> user in the /var/db2/db2ssh/db2ssh.cfg file.
Configuring db2ssh includes a set of private and public root keys that are generated in the /var/db2/db2ssh directory. The public keys on each host are exchanged with every other host's public keys. After you configure db2ssh, if you want to run a command on the remote host as the root user, you must invoke db2locssh utility on the local host as the root user.
The db2locssh utility digitally signs the command with the local host's private key and invokes the db2remssh through the SSH protocol as the <db2sshid> user on the remote host. Once on the remote host, db2remssh verifies the digital message signature by using the originating host's public key. At this point, replay attacks are prevented in one of two ways. For DB2 Version 10.5 FP2 or earlier, 20 seconds are allowed to pass from the time that the message originates to the time that it is received. As of DB2 Version 10.5 FP3, you configure the SSH protocol to protect itself from replay attacks. Regardless of the fix pack, the final steps are to run the command and to return the result to the originating host.