Your browser does not allow storing cookies. We recommend enabling them.


Connection Broker

With respect to IPv6, the client is affected by the Connection Broker configuration as given in the following files:

  • Default configuration file (optional): /opt/tectia/etc/ssh-tectia/auxdata/ssh-broker-ng/ssh-broker-config-default.xml

  • Global configuration file (optional): /opt/tectia/etc/ssh-broker-config.xml

  • User-specific configuration file (optional): $HOME/.ssh2/ssh-broker-config.xml

  • A configuration file explicitly specified by the -f command-line option.

The common DTD for all these XML configuration files is: /opt/tectia/etc/ssh-tectia/auxdata/ssh-broker-ng/ssh-broker-ng-config-1.dtd. You can see the contents of the DTD also in the Tectia Server for IBM z/OS User Manual.

All of the above-mentioned configuration files are optional; if none are provided, the defaults, as defined in the DTD, are used. Files later in the above list override settings in their predecessors, if any.

For the purposes of IPv6 support, the address-family sub-element of the default-settings element is the first consideration:

<!-- Both ipv4 and ipv6 are enabled by default -->
<!ENTITY default-address-family-type            "any">

<!-- address-family mode setting ipv4 & ipv6-->
<!ELEMENT address-family        EMPTY>
<!ATTLIST address-family
          type          (any|inet|inet6) "&default-address-family-type;">

These lines in the DTD mean that address-family may be coded as any, inet, or inet6 and that if not specified, it defaults to any. Note that the default on the client side is the more permissive setting to support both IPv4 and IPv6, whereas the server defaults are generally more conservative, supporting IPv4 only, in the absence of explicit instructions.

In many other places in the Connection Broker configuration, such as in tunnel definitions, IP addresses or host names may be specified. Depending on the address-family chosen, IPv4 or IPv6 addresses are allowable.


Highlights from the SSH.COM blog:

  • Cryptomining with the SSH protocol: what big enterprises need to know about it

    Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency.
    Read more
  • SLAM the door shut on traditional privileged access management

    Did you know that something as trivial-sounding as granting access for your developers or third parties to a product development environment can throw a gorilla-sized monkey wrench into your operations and productivity?
    Read more
  • We broke the IT security perimeter

    Everyone understands the concept of a security perimeter. You only gain access if you are identified and authorized to do so.
    Read more