| | |
| ||
| ||
     |
Table 4.3 shows the differences in the
configuration settings. The left column lists all configuration options
used in the ssh2_config file in SSH Tectia client tools for z/OS 5.5. The right column
shows how the same thing can be configured in the
ssh-broker-config.xml file in SSH Tectia client tools for z/OS 6.x.
The table contains a reference to the correct element and/or attribute
used in the ssh-broker.config.xml file. Use the table together
with Chapter Configuring Connection Broker in
SSH Tectia Client 6.x User Manual, that describes the configuration settings
in detail. The references are presented using the XPath notation.
Table 4.3. SSH Tectia client tools for z/OS 5.5 and 6.x configuration options comparison
ssh2_config configuration option | Equivalent option in ssh-broker-config.xml |
|---|---|
AllowedAuthentications | authentication-methods/authentication-method[@name="..."], can be used in default-settings and profiles/profile. |
AuthenticationSuccessMsg | Not configurable. The 'Authentication successful' message is always shown. |
AuthPassword.AllowFromCommandLine | Not configurable. Passwords from command line are always allowed (but not recommended). |
BatchMode | Can be specified using the -B/--batch-mode
command-line option with sshg3, scpg3, and
sftpg3. |
Cert.DODPKI | general/cert-validation/dod-pki[@enable="yes"|"no"] |
Cert.EndpointIdentityCheck | general/cert-validation[@end-point-identity-check="yes"|"no"] |
CharsetConvert | Not configurable. The stdout data is always converted to EBCDIC. |
Ciphers | ciphers/cipher[@name="..."], can be used in default-settings and profiles/profile. |
ClearAllForwardings | Not available. |
Compression | compression[@name="..." @level="0..9"], can be used in default-settings and profiles/profile. |
DebugLogFile | Not available. Instead, when enabling debug with the -D command-line option, it is possible to redirect the debug output to file using option
-l <filename>. |
DefaultDomain | Not available. |
DisableVersionFallback | Not available. There should be no need to disable possible compatibility code. |
DontReadStdin | Can be specified using the -n command-line option with sshg3. (Unix only) |
EkInitString | general/key-stores/key-store[@init="..."] |
EkProvider | general/key-stores/key-store[@type="..."] |
EscapeChar | Can be specified using the -e/--escape-char command-line option with sshg3. |
ForcePTTYAllocation | Can be forced using the -t/--tty command-line option with sshg3. |
ForwardAgent | forwards/forward[@type="agent" @state="on"|"off"|"denied"], with the -a/+a command-line option in sshg3 it is possible to disable/enable agent forwarding. If state="denied", cannot be enabled using +a. |
GatewayPorts | profiles/profile/tunnels/local-tunnel[@allow-relay= "yes"|"no"] |
GoBackground | Can be specified using the -f command-line option with sshg3. |
Host | profile[@host="host_address"] |
HostCA | general/cert-validation/ca-certificate |
HostCAEkProvider | general/cert-validation/key-store |
HostCAEkProviderNoCRLs | general/cert-validation/key-store[@disable-crls="yes"|"no"] |
HostCANoCRLs | general/cert-validation/ca-certificate[@disable-crls="yes"|"no"] |
HostKeyFormat | general/known-hosts/key-store[@filename-format="hashed"|"plain"] |
HostKeys.Cert.Required | server-authentication-methods/authentication-method[@name="certificate"|"publickey"],
can be used in default-settings and profiles/profile. |
HostKeys.Cert.ValidationMethods | If the zos-saf provider is defined in
general/known-hosts/key-store, SAF validation is used.
Otherwise, SSH Tectia validation is used. SSH Tectia Server 6.0 for IBM z/OS does not support using both SAF
and SSH Tectia validation together. |
HostKeysEkProvider | general/known-hosts/key-store |
IdentityFile | Can be specified with general/key-stores/identification[@file="filename"], or
profiles/profile/authentication-methods/user-identities/identity[@identity-file="filename"]. |
IdentityKeyFile | Keys can be specified with general/key-stores/key-store[@type="software" @init="key_files(path_to_key)"], or
profiles/profile/authentication-methods/user-identities/identity[@file="keyfile"]. |
KeepAlive | Not configurable. Keepalive messages are always off. |
LdapServers | general/cert-validation/ldap-server |
LocalForward | profile/tunnels/local-tunnel |
MACs | macs/mac[@name="..."], can be used in default-settings and profiles/profile. |
NoDelay | Not configurable. No delay is always on. |
NumberofPasswordPrompts | Not available. There should be no need to set number of password prompts on client side. |
OCSPResponderURL | general/cert-validation/ocsp-responder |
PasswordPrompt | Not available. |
PidFile | Not available. The Connection Broker can be stopped, for example, by running "ssh-broker-ctl stop". |
Port | profile[@port="port_number"] |
ProxyServer | proxy[@ruleset="..."], can be used in default-settings and profiles/profile. For certificate validation, proxy settings are configured using general/cert-validation[@http-proxy-url="..." @socks-server-url="..."]. |
QuietMode | Can be specified using the -q command-line option with scpg3. |
RandomSeedFile | Not configurable. Default random seed is used. |
RekeyIntervalSeconds | rekey[@bytes="number_of_bytes"], can be used in default-settings and profiles/profile. |
RemoteForward | profile/tunnels/remote-tunnel |
SetRemoteEnv | remote-environment/environment, can be used in default-settings and profiles/profile. |
Ssh1AgentCompatibility | SSH1 compatibility is not supported. |
Ssh1Compatibility | SSH1 compatibility is not supported. |
Ssh1InternalEmulation | SSH1 compatibility is not supported. |
Ssh1MaskPasswordLength | SSH1 compatibility is not supported. |
Ssh1Path | SSH1 compatibility is not supported. |
SocksServer | See ProxyServer |
StrictHostKeyChecking | general/strict-host-key-checking[@enable="yes"|"no"] |
StrictModes | Not configurable. |
StrictModes.UserDirMaskBits | Not configurable. |
UseCryptoHardware | Not configurable. Crypto hardware is always used for the algorithms it is available for. |
User | profile[@user="user_name"] |
UserConfigDirectory | Not configurable. |
UseSocks5 | Configured directly in proxy[@ruleset="..."] in default-settings and profiles/profile. For certificate validation use cert-validation[@socks-server-url="socks5://..."] |
VerboseMode | Can be specified using the -v command-line option with sshg3 and scpg3. |
| |
Copyright 
2008 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Contact Information