Listens to Connection Broker connections on a local address ADDR.

Sets the debug level string to LEVEL.

Reads the Connection Broker configuration file from FILE instead of the default location.

Dumps debug messages to FILE.

Stores the process ID of the Connection Broker to FILE.

Make the currently running Connection Broker exit. This will terminate all connections.

Re-reads the configuration file (ssh-broker-config.xml) and takes it into use.

Displays program version and exits.

Displays a short summary of command-line options and exits.

If this variable is not set correctly ssh-broker-g3 fails to start.

This variable defines that ssh-broker-g3 and the client processes are run in separate address spaces.

This variable defines an address to a separate Tectia Connection Broker process to which a connection is made.

This variable becomes necessary to define the location of the Connection Broker process, if you are running it from a non-default location, or using a userID other than that of the ssh-broker-g3 process owner.

This is the user-specific configuration file used by ssh-broker-g3 (and sshg3, scpg3, and sftpg3). The format of this file is described in ssh-broker-config(5). This file does not usually contain any sensitive information, but the recommended permissions are read/write for the user, and not accessible for others.

This file is used for seeding the random number generator. It contains sensitive data and its permissions should be read/write for the user and not accessible for others. This file is created the first time the program is run and it is updated automatically. You should never need to read or modify this file.

This file contains information on public keys and certificates used for user authentication when contacting remote hosts.

With Tectia Client G3, using the identification file is not necessary if all user keys are stored in the default directory and you allow all of them to be used for public-key and/or certificate authentication. If the identification file does not exist, the Connection Broker attempts to use each key found in the $HOME/.ssh2 directory. If the identification file exists, the keys listed in it are attempted first.

The identification file contains a list of private key filenames each preceded by the keyword IdKey (or CertKey). An example file is shown below:

IdKey       mykey

This directs the Connection Broker to use $HOME/.ssh2/mykey when attempting login using public-key authentication.

The files are by default assumed to be in the $HOME/.ssh2 directory, but also a path to the key file can be given. The path can be absolute or relative to the $HOME/.ssh2 directory. If there is more than one IdKey, they are tried in the order that they appear in the identification file.

This is the user-specific default directory for storing the public keys of server hosts. You are prompted to accept new or changed keys automatically when you connect to a server, unless you have set strict-host-key-checking to yes in the ssh-broker-config.xml file. You should verify the key fingerprint before accepting new or changed keys.

When the host key is received during the first connection to a remote host (or when the host key has changed) and you choose to save the key, its filename is stored by default in hashed format. The hashed host key format is a security feature to make address harvesting on the hosts difficult.

The storage format can be controlled with the filename-format attribute of the known-hosts element in the ssh-broker-config.xml configuration file. The attribute value must be plain or hash (default).

If you are adding the keys manually, the keys should be named with key_<port>_<host>.pub pattern, where <port> is the port the Secure Shell server is running on and <host> is the hostname you use when connecting to the server (for example, key_22_alpha.example.com.pub).

If both hashed and plain-text format keys exist, the hashed format takes precedence.

Note that the identification is different based on the host and port the client is connecting to. For example, the short hostname alpha is considered different from the fully qualified domain name alpha.example.com. Also a connection with an IP, for example 10.1.54.1, is considered a different host, as is a connection to the same host but different port, for example alpha.example.com#222.

For more information on host keys, see Server Authentication with Public Keys in File.

This is the initialization file for hashed host key names.

This is the configuration file used by ssh-broker-g3 (and sshg3, scpg3, and sftpg3) that contains the factory default settings. It is not recommended to edit the file, but you can use it to view the default settings. The format of this file is described in ssh-broker-config(5).

This is the global (system-wide) configuration file used by ssh-broker-g3 (and sshg3, scpg3, and sftpg3). The format of this file is described in ssh-broker-config(5).

If a host key is not found in the user-specific $HOME/.ssh2/hostkeys directory, this is the next location to be checked for all users. Host key files are not automatically put here but they have to be updated manually by the system administrator (root).

If the administrator obtains the host keys by connecting to each host, the keys will be by default in the hashed format. In this case, also the administrator's $HOME/.ssh2/hostkeys/salt file has to be copied to the /opt/tectia/etc/hostkeys directory.

This is the initialization file for hashed host key names. The file has to be copied here manually by the same administrator that obtains the host keys.

This is the default system-wide file used by OpenSSH clients for storing the public key data of known server hosts. It is supported also by Tectia client tools for z/OS.

If a host key is not found in the user-specific $HOME/.ssh/known_hosts file, this is the next location to be checked for all users.

The ssh_known_hosts file is never automatically updated by Tectia Client or ConnectSecure, since they store new host keys always in the Tectia user-specific directory $HOME/.ssh2/hostkeys.

This is the default user-specific file used by OpenSSH clients for storing the public key data of known server hosts. The known_hosts file is supported also by Tectia client tools for z/OS.

The known_hosts file contains a hashed or plain-text format entry of each known host key and the port used on the server, in case it is non-standard (other than 22). For more information on the format of the known_hosts file, see the OpenSSH sshd(8) man page.

The known_hosts file is never automatically updated by Tectia Client or ConnectSecure, since they store new host keys always in the Tectia directory $HOME/.ssh2/hostkeys.

This directory is the default location used by Tectia Server for the user public keys that are authorized for login.

On Tectia Server on Windows, the default directory for user public keys is %USERPROFILE%\.ssh2\authorized_keys.

This is the default file used by earlier versions of Tectia Server (sshd2) that lists the user public keys that are authorized for login. The file can optionally be used with Tectia Server G3 (ssh-server-g3) as well.

On Tectia Server on Windows, the authorization file is by default located in %USERPROFILE%\.ssh2\authorization.

For information on the format of this file, see the ssh-server-g3(8) man page.

This is the default file used by OpenSSH server (sshd) that contains the user public keys that are authorized for login.

For information on the format of this file, see the OpenSSH sshd(8) man page.