Your browser does not allow storing cookies. We recommend enabling them.

SSH

Verifying that Cryptographic Hardware is Used

To verify that cryptographic hardware is being used, set the debug level for SecShPluginCipherZosIcsf to 10. Setting all debug to level 10 would have the same result, but you would end up with a large amount of data to look through.

You can use this command from USS to verify that cryptographic hardware is enabled:

> sshg3 -DSecShPluginCipherZosIcsf=10 127.0.0.1

The command should produce the following type of output:

Development-time debugging is enabled.
Setting debug level string to 'SecShPluginCipherZosIcsf=10'.
...

state_determine: Hardware for 3des-cbc:  CPACF
state_determine: Hardware for aes128-cbc: CPACF
state_determine: Hardware for aes192-cbc: CPACF
state_determine: Hardware for aes256-cbc: CPACF
...

Remote system type is POSIX (z/OS).
sftp>


 

 
What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.



    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH



    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now