Your browser does not allow this site to store cookies and other data. Some functionality on this site may not work without them. See Privacy Policy for details on how we would use cookies.

SSH Tectia 
PreviousNextUp[Contents] [Index]

    About This Document >>
    Installing SSH Tectia Server for IBM z/OS >>
    Using SSH Tectia Server for IBM z/OS >>
    Configuring the Server >>
    Configuring the Client >>
        Securing the Client >>
        Default ssh2_config Configuration File
    Authentication >>
    Troubleshooting SSH Tectia Server for IBM z/OS >>
    Examples of Use >>
    Man Pages >>
    Log Messages >>

Default ssh2_config Configuration File

The default ssh2_config configuration file is shown below. For more information on the configuration options, see Appendix ssh2_config

## SSH CONFIGURATION FILE FORMAT VERSION 1.1
## REGEX-SYNTAX egrep
## end of metaconfig
## (leave above lines intact!)
##
## ssh2_config
##
## SSH Tectia Server for IBM z/OS 5.3 - SSH2 Client Configuration File
##

## The ".*" is used for all hosts, but you can use other hosts as
## well. See examples at the end of the file.
.*:

## General

#       VerboseMode                     no
#       QuietMode                       no
#       DontReadStdin                   no
#       BatchMode                       no
#       Compression                     no
#       ForcePTTYAllocation             no
#       GoBackground                    no
#       EscapeChar                      ~
#       PasswordPrompt                  "%U@%H's password: "
#       PasswordPrompt                  "%U's password: "
#       AuthenticationSuccessMsg        yes
#       SetRemoteEnv                    FOOBAR=baz

## Network

#       Port                            22
#       NoDelay                         no
#       KeepAlive                       yes
#       SocksServer socks://mylogin@socks.example.com:1080/10.1.0.0/16
#       SocksServer socks://fw.example.com:1080/10.0.0.0/8,127.0.0.0/8
#       UseSocks5                       no

## Crypto

#       Ciphers                         AnyStdCipher 
#       MACs                            AnyStdMAC
#       StrictHostKeyChecking           ask     
#       RekeyIntervalSeconds            3600


# In order to maximize crypto hardware utilization,
# on z/OS we'll accept only 3des-cbc and hmac-sha1 by default
        Ciphers                         3des-cbc
        MACs                            hmac-sha1


## Crypto Hardware 

# UseCryptoHardware specifies whether hardware support is wanted for 
# certain algorithms. The support levels are
#   no          do not use crypto hardware
#   yes         use crypto hardware if available
#   must        use crypto hardware, do not fall back to software 
# 
# The level may be given alone as a default for all algorithms or 
# together with an algorithm. The algorithm names that may 
# be used are:
#   rng         random number generator
#   sha1        SHA1 digest algorithm
#   3des        Triple DES
#   dh          Diffie-Hellman
#   rsa         RSA
#
# UseCryptoHardware is a comma-delimited list of algorithm:support level
# pairs. It may start with a sole support level
#
# E.g. Must have support for 3des and sha1, all other should use software
#       UseCryptoHardware               no,3des:must,sha1:must
#
#       UseCryptoHardware               yes
#
# To enable FIPS certification, use
#       Ciphers                         3des-cbc,aes128-cbc
#       MACs                            hmac-sha1
#       UseCryptoHardware               must
#

## User public key authentication

#       IdentityFile                    identification
#       RandomSeedFile                  random_seed

## Tunneling

#       GatewayPorts                    no
#       ForwardAgent                    yes
#       ForwardX11                      yes
#       TrustX11Applications            no
#       XauthPath                       <set by configure by default>

# Tunnels that are set up upon login
#
#      LocalForward                    "110:pop3.example.com:110"
#      LocalForward                    "143:imap.example.com:143"
#      LocalForward                    "25:smtp.example.com:25"
#      RemoteForward                   "3000:localhost:22"

## SSH1 Compatibility

#       Ssh1InternalEmulation           yes
#       Ssh1Compatibility               no
#       Ssh1AgentCompatibility          none
#       Ssh1AgentCompatibility          traditional
#       Ssh1AgentCompatibility          ssh2
#       Ssh1Path                        /usr/local/bin/ssh1
#       Ssh1MaskPasswordLength          yes

## X.509 PKI
##

## X.509 certificate of the root CA which is trusted when validating 
## server certificates.

#       HostCA                          /etc/ssh2/TrustedRoot.ca
#       HostCAEkProvider                "zos-saf:KEYS(RING(HOSTCA))"
#       HostkeysEkProvider              "zos-saf:KEYS(RING(HOSTKEYS))"
#       Hostkeys.Cert.ValidationMethods saf
# Certificate is also validated in ssh-certd
#       Hostkeys.Cert.ValidationMethods saf,tectia 
# Server must send certificate
#       Hostkeys.Cert.Required          yes        

## Authentication 
## publickey, keyboard-interactive and password allowed by default
## Least interactive method should be usually attempted first.

#       AllowedAuthentications    publickey,keyboard-interactive,password
#       AllowedAuthentications    hostbased,publickey,password


# For ssh-signer2 (only effective if set in the global configuration
# file, usually /etc/ssh2/ssh2_config)

#       DefaultDomain                   example.com
#       SshSignerPath                   ssh-signer2

## Examples of per host configurations

#alpha.*:
#       Host                            alpha.example.org
#       User                            username_at_alpha
#       PasswordPrompt                  "%U:s password at %H: "
#       Ciphers                         aes

#foobar:
#       Host                            foobar.example
#       User                            foo_user

PreviousNextUp[Contents] [Index]


[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]

Copyright © 2006 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Copyright Notice

===AUTO_SCHEMA_MARKUP===