Your browser does not allow storing cookies. We recommend enabling them.

SSH Tectia 
PreviousNextUp[Contents] [Index]

    About This Document >>
    Installing SSH Tectia Server for IBM z/OS >>
    Using SSH Tectia Server for IBM z/OS >>
        Configuration Files>>
            Recommended Algorithms for Mainframe Environment
            Crypto Hardware Support
            Configuration Options in Load-Balanced Environments
            Running SSH Tectia and OpenSSH in a z/OS Environment
        Running the Server >>
        Setting Up a Shell User>>
        Running Client Programs>>
        Handling MVS Datasets and HFS File System Access>>
        Listing Datasets with SFTP Clients>>
    Configuring the Server >>
    Configuring the Client >>
    Authentication >>
    Troubleshooting SSH Tectia Server for IBM z/OS >>
    Examples of Use >>
    Man Pages >>
    Log Messages >>

Crypto Hardware Support

The configuration file has a keyword, UseCryptoHardware, that governs the use of crypto hardware. The available support depends on the processor model and on the devices that are installed. In the table below, CPACF is standard on z890 and z990 machines but is not available on other machines. The CCA column includes the following devices: CCF, PCICC, PCIXCC and CEX2. The Accelerator column includes the PCICA device, PCIXCC and CEX2.

  CPACF CCA Accelerator
3DES-CBC x x
SHA1 x
RNG x
[RSA] [x] [x]
[DH] [x]
RACF certificate x

If any crypto hardware devices are to be used, the machine or the LPAR must be enabled for cryptography.

Note: The current release has no hardware support for RSA or DH.

FIPS Mode

FIPS mode is enabled when the IBM crypto hardware is used. FIPS mode is currently not available in SSH Tectia Server for IBM z/OS when the software crypto library is used.

Thus, if the UseCryptoHardware keyword defines algorithms for hardware acceleration, the FIPS mode is automatically enabled for the defined algorithms and cryptographic operations are performed according to the rules of the FIPS 140-2 certification standard. In all other configurations, FIPS mode is disabled.

PreviousNextUp[Contents] [Index]


[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]

Copyright © 2006 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Copyright Notice


 

 
What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.



    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH



    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now