Your browser does not allow this site to store cookies and other data. Some functionality on this site may not work without them. See Privacy Policy for details on how we would use cookies.

SSH Tectia 
PreviousNextUp[Contents] [Index]

    About This Document >>
    Installing SSH Tectia Server for IBM z/OS >>
    Using SSH Tectia Server for IBM z/OS >>
    Configuring the Server >>
        Configuration Files >>
        Subconfigurations >>
        Ciphers and MACs
        Compression
        Configuring Root Logins
        Restricting User Logins
        Subsystems
        Auditing >>
        Securing the Server >>
        Default sshd2_config Configuration File
        Default ssh_certd_config Configuration File
    Configuring the Client >>
    Authentication >>
    Troubleshooting SSH Tectia Server for IBM z/OS >>
    Examples of Use >>
    Man Pages >>
    Log Messages >>

Ciphers and MACs

The algorithm(s) used for symmetric session encryption can be chosen in the sshd2_config and ssh2_config files:

Ciphers             aes128

The system will attempt to use the different encryption ciphers in the sequence specified on the line. Currently supported cipher names are the following:

  • 3des-cbc
  • aes128-cbc
  • aes192-cbc
  • aes256-cbc
  • arcfour
  • blowfish-cbc
  • cast128-cbc
  • twofish-cbc
  • twofish128-cbc
  • twofish192-cbc
  • twofish256-cbc
  • cast128-12-cbc@ssh.com
  • des-cbc@ssh.com
  • seed-cbc@ssh.com
  • rijndael-cbc@ssh.com

Special values for this option are the following:

  • Any: allows all the cipher values including none
  • AnyStd: allows only standard ciphers and none
  • none: forbids any use of encryption
  • AnyCipher: allows any available cipher apart from the non-encrypting cipher mode none
  • AnyStdCipher: the same as AnyCipher, but includes only those ciphers mentioned in IETF-SecSh-draft (excluding none). This is the default value.

The MAC (Message Authentication Code) algorithm(s) used for data integrity verification can be selected in the sshd2_config and ssh2_config files:

MACs                hmac-sha1,hmac-md5

The system will attempt to use the different HMAC algorithms in the sequence they are specified on the line. Supported MAC names are the following:

  • hmac-md5
  • hmac-md5-96
  • hmac-sha1
  • hmac-sha1-96
  • hmac-sha256@ssh.com
  • hmac-sha256-96@ssh.com

Special values for this option are the following:

  • Any: allows all the MAC values including none
  • AnyStd: allows only standard MACs and none
  • none: forbids any use of MACs
  • AnyMac: allows any available MAC apart from none
  • AnyStdMac: the same as AnyMac, but includes only those MACs mentioned in IETF-SecSh-draft (excluding none). This is the default value.

Both cipher and MAC can also be defined using command-line arguments with ssh2 and scp2:

$ scp2 -c twofish -m hmac-md5 foobar user@remote:./tmp  

Note: Algorithm names are case-sensitive.

PreviousNextUp[Contents] [Index]


[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]

Copyright © 2006 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Copyright Notice

===AUTO_SCHEMA_MARKUP===