SSH Tectia 
PreviousNextUp[Contents] [Index]

    About This Document >>
    Installing SSH Tectia Server for IBM z/OS >>
    Using SSH Tectia Server for IBM z/OS >>
    Configuring the Server >>
    Configuring the Client >>
        Securing the Client >>
        Default ssh2_config Configuration File
    Authentication >>
    Troubleshooting SSH Tectia Server for IBM z/OS >>
    Examples of Use >>
    Man Pages >>
    Log Messages >>

Default ssh2_config Configuration File

The default ssh2_config configuration file is shown below. For more information on the configuration options, see Appendix ssh2_config

## SSH CONFIGURATION FILE FORMAT VERSION 1.1
## REGEX-SYNTAX egrep
## end of metaconfig
## (leave above lines intact!)
##
## ssh2_config
##
## SSH Tectia Server for IBM z/OS 5.3 - SSH2 Client Configuration File
##

## The ".*" is used for all hosts, but you can use other hosts as
## well. See examples at the end of the file.
.*:

## General

#       VerboseMode                     no
#       QuietMode                       no
#       DontReadStdin                   no
#       BatchMode                       no
#       Compression                     no
#       ForcePTTYAllocation             no
#       GoBackground                    no
#       EscapeChar                      ~
#       PasswordPrompt                  "%U@%H's password: "
#       PasswordPrompt                  "%U's password: "
#       AuthenticationSuccessMsg        yes
#       SetRemoteEnv                    FOOBAR=baz

## Network

#       Port                            22
#       NoDelay                         no
#       KeepAlive                       yes
#       SocksServer socks://mylogin@socks.example.com:1080/10.1.0.0/16
#       SocksServer socks://fw.example.com:1080/10.0.0.0/8,127.0.0.0/8
#       UseSocks5                       no

## Crypto

#       Ciphers                         AnyStdCipher 
#       MACs                            AnyStdMAC
#       StrictHostKeyChecking           ask     
#       RekeyIntervalSeconds            3600


# In order to maximize crypto hardware utilization,
# on z/OS we'll accept only 3des-cbc and hmac-sha1 by default
        Ciphers                         3des-cbc
        MACs                            hmac-sha1


## Crypto Hardware 

# UseCryptoHardware specifies whether hardware support is wanted for 
# certain algorithms. The support levels are
#   no          do not use crypto hardware
#   yes         use crypto hardware if available
#   must        use crypto hardware, do not fall back to software 
# 
# The level may be given alone as a default for all algorithms or 
# together with an algorithm. The algorithm names that may 
# be used are:
#   rng         random number generator
#   sha1        SHA1 digest algorithm
#   3des        Triple DES
#   dh          Diffie-Hellman
#   rsa         RSA
#
# UseCryptoHardware is a comma-delimited list of algorithm:support level
# pairs. It may start with a sole support level
#
# E.g. Must have support for 3des and sha1, all other should use software
#       UseCryptoHardware               no,3des:must,sha1:must
#
#       UseCryptoHardware               yes
#
# To enable FIPS certification, use
#       Ciphers                         3des-cbc,aes128-cbc
#       MACs                            hmac-sha1
#       UseCryptoHardware               must
#

## User public key authentication

#       IdentityFile                    identification
#       RandomSeedFile                  random_seed

## Tunneling

#       GatewayPorts                    no
#       ForwardAgent                    yes
#       ForwardX11                      yes
#       TrustX11Applications            no
#       XauthPath                       <set by configure by default>

# Tunnels that are set up upon login
#
#      LocalForward                    "110:pop3.example.com:110"
#      LocalForward                    "143:imap.example.com:143"
#      LocalForward                    "25:smtp.example.com:25"
#      RemoteForward                   "3000:localhost:22"

## SSH1 Compatibility

#       Ssh1InternalEmulation           yes
#       Ssh1Compatibility               no
#       Ssh1AgentCompatibility          none
#       Ssh1AgentCompatibility          traditional
#       Ssh1AgentCompatibility          ssh2
#       Ssh1Path                        /usr/local/bin/ssh1
#       Ssh1MaskPasswordLength          yes

## X.509 PKI
##

## X.509 certificate of the root CA which is trusted when validating 
## server certificates.

#       HostCA                          /etc/ssh2/TrustedRoot.ca
#       HostCAEkProvider                "zos-saf:KEYS(RING(HOSTCA))"
#       HostkeysEkProvider              "zos-saf:KEYS(RING(HOSTKEYS))"
#       Hostkeys.Cert.ValidationMethods saf
# Certificate is also validated in ssh-certd
#       Hostkeys.Cert.ValidationMethods saf,tectia 
# Server must send certificate
#       Hostkeys.Cert.Required          yes        

## Authentication 
## publickey, keyboard-interactive and password allowed by default
## Least interactive method should be usually attempted first.

#       AllowedAuthentications    publickey,keyboard-interactive,password
#       AllowedAuthentications    hostbased,publickey,password


# For ssh-signer2 (only effective if set in the global configuration
# file, usually /etc/ssh2/ssh2_config)

#       DefaultDomain                   example.com
#       SshSignerPath                   ssh-signer2

## Examples of per host configurations

#alpha.*:
#       Host                            alpha.example.org
#       User                            username_at_alpha
#       PasswordPrompt                  "%U:s password at %H: "
#       Ciphers                         aes

#foobar:
#       Host                            foobar.example
#       User                            foo_user

PreviousNextUp[Contents] [Index]


[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]

Copyright © 2006 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Copyright Notice