Your browser does not allow this site to store cookies and other data. Some functionality on this site may not work without them. See Privacy Policy for details on how we would use cookies.

SSH Tectia 
PreviousNextUp[Contents] [Index]

    About This Document >>
    Installing SSH Tectia Server for IBM z/OS >>
    Getting Started with SSH Tectia Server for IBM z/OS >>
    Configuring the Server >>
        Server Configuration Files >>
        Defining Subconfigurations >>
        Configuring Ciphers and MACs
            Crypto Hardware Support
            Recommended Algorithms
        Configuring Root Logins
        Restricting User Logins
        Defining Subsystems
        Auditing >>
        Securing the Server >>
    Authentication >>
    File Transfer Using SFTP >>
    Secure File Transfer Using Transparent FTP Security >>
    Tunneling >>
    Troubleshooting SSH Tectia Server for IBM z/OS >>
    Man Pages and Default Configuration Files >>
    Log Messages >>

Configuring Ciphers and MACs

The algorithm(s) used for session encryption can be chosen in the sshd2_config file:

Ciphers             aes128-cbc,3des-cbc

The system will attempt to use the different encryption ciphers in the sequence specified on the line. Currently supported cipher names are the following:

  • 3des-cbc
  • aes128-cbc
  • aes192-cbc
  • aes256-cbc
  • arcfour
  • blowfish-cbc
  • cast128-cbc
  • twofish-cbc
  • twofish128-cbc
  • twofish192-cbc
  • twofish256-cbc
  • cast128-12-cbc@ssh.com
  • des-cbc@ssh.com
  • seed-cbc@ssh.com
  • rijndael-cbc@ssh.com
  • none: no encryption, connection will be in plaintext

Special values for this option are the following:

  • Any: allows all the cipher values including none
  • AnyStd: allows only standard ciphers and none
  • AnyCipher: allows any available cipher apart from the non-encrypting cipher mode none
  • AnyStdCipher: the same as AnyCipher, but includes only those ciphers mentioned in IETF-SecSh-draft (excluding none). This is the default value.

The MAC (Message Authentication Code) algorithm(s) used for data integrity verification can be selected in the sshd2_config file:

MACs                hmac-sha1,hmac-md5

The system will attempt to use the different HMAC algorithms in the sequence they are specified on the line. Supported MAC names are the following:

  • hmac-md5
  • hmac-md5-96
  • hmac-sha1
  • hmac-sha1-96
  • hmac-sha256@ssh.com
  • hmac-sha256-96@ssh.com
  • none: no data integrity checking

Special values for this option are the following:

  • Any: allows all the MAC values including none
  • AnyStd: allows only standard MACs and none
  • AnyMac: allows any available MAC apart from none
  • AnyStdMac: the same as AnyMac, but includes only those MACs mentioned in IETF-SecSh-draft (excluding none). This is the default value.

Note: Algorithm names are case-sensitive.

Crypto Hardware Support

Recommended Algorithms

PreviousNextUp[Contents] [Index]


[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]

Copyright © 2011 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Copyright Notice

===AUTO_SCHEMA_MARKUP===