Your browser does not allow storing cookies. We recommend enabling them.


Connection Broker

With respect to IPv6, the client is affected by the Connection Broker configuration as given in the following files:

  • Default configuration file (optional): /opt/tectia/etc/ssh-tectia/auxdata/ssh-broker-ng/ssh-broker-config-default.xml

  • Global configuration file (optional): /opt/tectia/etc/ssh-broker-config.xml

  • User-specific configuration file (optional): $HOME/.ssh2/ssh-broker-config.xml

  • A configuration file explicitly specified by the -f command-line option.

The common DTD for all these XML configuration files is: /opt/tectia/etc/ssh-tectia/auxdata/ssh-broker-ng/ssh-broker-ng-config-1.dtd. You can see the contents of the DTD also in the Tectia Server for IBM z/OS User Manual.

All of the above-mentioned configuration files are optional; if none are provided, the defaults, as defined in the DTD, are used. Files later in the above list override settings in their predecessors, if any.

For the purposes of IPv6 support, the address-family sub-element of the default-settings element is the first consideration:

<!-- Both ipv4 and ipv6 are enabled by default -->
<!ENTITY default-address-family-type            "any">

<!-- address-family mode setting ipv4 & ipv6-->
<!ELEMENT address-family        EMPTY>
<!ATTLIST address-family
          type          (any|inet|inet6) "&default-address-family-type;">

These lines in the DTD mean that address-family may be coded as any, inet, or inet6 and that if not specified, it defaults to any. Note that the default on the client side is the more permissive setting to support both IPv4 and IPv6, whereas the server defaults are generally more conservative, supporting IPv4 only, in the absence of explicit instructions.

In many other places in the Connection Broker configuration, such as in tunnel definitions, IP addresses or host names may be specified. Depending on the address-family chosen, IPv4 or IPv6 addresses are allowable.




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now