SSH Tectia
Home Prev Up Next  

The Connection Broker Configuration

The Connection Broker reads three configuration files (if all are available):

  1. The ssh-broker-config-default.xml file is read first. It holds the factory default settings. It is not recommended to edit the file, but you can use it to view the default settings.

    This file must be available and correctly formatted for the Connection Broker to start.

  2. Next, the Connection Broker reads the global configuration file. The settings in the global configuration file override the default settings.

    If the global configuration file is missing or malformed, the Connection Broker will start normally, and will read the user-specific configuration file, instead. A malformed global configuration file is ignored and the default settings or user-specific settings, if they exist, are used instead.

  3. Last, the Connection Broker reads the user-specific configuration file, if it is available. The settings in the user-specific configuration file override the settings in the global configuration file, with the following exceptions:

    • The following settings from the user-specific configuration are combined with the settings of the global configuration file:

      • In general element, the key-stores and cert-validation settings

      • In profiles element, all settings

      • In static-tunnels element, all settings.

    • If a connection profile with the same name has been defined in both the global configuration file and user-specific configuration file, the latter one is used.

    • If the crypto-lib, strict-host-key-checking, host-key-always-ask, and accept-unknown-host-keys elements have different values in the global and user-specific configuration, the more secure of the values is used.

    • If the filter-engine settings have been defined in the global configuration file, and the file is valid (not malformed), those settings are used, and any filter-engine settings made in the user-specific configuration file are ignored.

    If the user-specific configuration file is missing, the Connection Broker will start using the previously read configuration files. However, if a user-specific configuration exists but is malformed, the Connection Broker will not start at all.

The default locations of the configuration files are listed in Configuration Files.

Home Prev Up Next  

Copyright 2008 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Contact Information