## SSH CONFIGURATION FILE FORMAT VERSION 1.1
## REGEX-SYNTAX egrep
## end of metaconfig
## (leave above lines intact!)
##
## ssh2_config
##
## SSH Tectia Server for IBM z/OS 5.3 - SSH2 Client Configuration File
##
## The ".*" is used for all hosts, but you can use other hosts as
## well. See examples at the end of the file.
.*:
## General
# VerboseMode no
# QuietMode no
# DontReadStdin no
# BatchMode no
# Compression no
# ForcePTTYAllocation no
# GoBackground no
# EscapeChar ~
# PasswordPrompt "%U@%H's password: "
# PasswordPrompt "%U's password: "
# AuthenticationSuccessMsg yes
# SetRemoteEnv FOOBAR=baz
## Network
# Port 22
# NoDelay no
# KeepAlive yes
# SocksServer socks://mylogin@socks.example.com:1080/10.1.0.0/16
# SocksServer socks://fw.example.com:1080/10.0.0.0/8,127.0.0.0/8
# UseSocks5 no
## Crypto
# Ciphers AnyStdCipher
# MACs AnyStdMAC
# StrictHostKeyChecking ask
# RekeyIntervalSeconds 3600
# In order to maximize crypto hardware utilization,
# on z/OS we'll accept only 3des-cbc and hmac-sha1 by default
Ciphers 3des-cbc
MACs hmac-sha1
## Crypto Hardware
# UseCryptoHardware specifies whether hardware support is wanted for
# certain algorithms. The support levels are
# no do not use crypto hardware
# yes use crypto hardware if available
# must use crypto hardware, do not fall back to software
#
# The level may be given alone as a default for all algorithms or
# together with an algorithm. The algorithm names that may
# be used are:
# rng random number generator
# sha1 SHA1 digest algorithm
# 3des Triple DES
# dh Diffie-Hellman
# rsa RSA
#
# UseCryptoHardware is a comma-delimited list of algorithm:support level
# pairs. It may start with a sole support level
#
# E.g. Must have support for 3des and sha1, all other should use software
# UseCryptoHardware no,3des:must,sha1:must
#
# UseCryptoHardware yes
#
# To enable FIPS certification, use
# Ciphers 3des-cbc,aes128-cbc
# MACs hmac-sha1
# UseCryptoHardware must
#
## User public key authentication
# IdentityFile identification
# RandomSeedFile random_seed
## Tunneling
# GatewayPorts no
# ForwardAgent yes
# ForwardX11 yes
# TrustX11Applications no
# XauthPath <set by configure by default>
# Tunnels that are set up upon login
#
# LocalForward "110:pop3.example.com:110"
# LocalForward "143:imap.example.com:143"
# LocalForward "25:smtp.example.com:25"
# RemoteForward "3000:localhost:22"
## SSH1 Compatibility
# Ssh1InternalEmulation yes
# Ssh1Compatibility no
# Ssh1AgentCompatibility none
# Ssh1AgentCompatibility traditional
# Ssh1AgentCompatibility ssh2
# Ssh1Path /usr/local/bin/ssh1
# Ssh1MaskPasswordLength yes
## X.509 PKI
##
## X.509 certificate of the root CA which is trusted when validating
## server certificates.
# HostCA /etc/ssh2/TrustedRoot.ca
# HostCAEkProvider "zos-saf:KEYS(RING(HOSTCA))"
# HostkeysEkProvider "zos-saf:KEYS(RING(HOSTKEYS))"
# Hostkeys.Cert.ValidationMethods saf
# Certificate is also validated in ssh-certd
# Hostkeys.Cert.ValidationMethods saf,tectia
# Server must send certificate
# Hostkeys.Cert.Required yes
## Authentication
## publickey, keyboard-interactive and password allowed by default
## Least interactive method should be usually attempted first.
# AllowedAuthentications publickey,keyboard-interactive,password
# AllowedAuthentications hostbased,publickey,password
# For ssh-signer2 (only effective if set in the global configuration
# file, usually /etc/ssh2/ssh2_config)
# DefaultDomain example.com
# SshSignerPath ssh-signer2
## Examples of per host configurations
#alpha.*:
# Host alpha.example.org
# User username_at_alpha
# PasswordPrompt "%U:s password at %H: "
# Ciphers aes
#foobar:
# Host foobar.example
# User foo_user
|