SSH Tectia  
Previous Next Up [Contents] [Index]

    About This Document >>
    Installing SSH Tectia Server for IBM z/OS >>
    Getting Started with SSH Tectia Server for IBM z/OS >>
    Configuring the Server >>
        Server Configuration Files >>
        Defining Subconfigurations >>
        Configuring Ciphers and MACs
            Crypto Hardware Support
            Recommended Algorithms
        Configuring Root Logins
        Restricting User Logins
        Defining Subsystems
        Auditing >>
        Securing the Server >>
    Authentication >>
    File Transfer Using SFTP >>
    Secure File Transfer Using Transparent FTP Security >>
    Tunneling >>
    Troubleshooting SSH Tectia Server for IBM z/OS >>
    Man Pages and Default Configuration Files >>
    Log Messages >>

Configuring Ciphers and MACs

The algorithm(s) used for session encryption can be chosen in the sshd2_config file:
Ciphers             aes128-cbc,3des-cbc

The system will attempt to use the different encryption ciphers in the sequence specified on the line. Currently supported cipher names are the following:

  • 3des-cbc
  • aes128-cbc
  • aes192-cbc
  • aes256-cbc
  • arcfour
  • blowfish-cbc
  • cast128-cbc
  • twofish-cbc
  • twofish128-cbc
  • twofish192-cbc
  • twofish256-cbc
  • cast128-12-cbc@ssh.com
  • des-cbc@ssh.com
  • seed-cbc@ssh.com
  • rijndael-cbc@ssh.com
  • none: no encryption, connection will be in plaintext

Special values for this option are the following:

  • Any: allows all the cipher values including none
  • AnyStd: allows only standard ciphers and none
  • AnyCipher: allows any available cipher apart from the non-encrypting cipher mode none
  • AnyStdCipher: the same as AnyCipher, but includes only those ciphers mentioned in IETF-SecSh-draft (excluding none). This is the default value.

The MAC (Message Authentication Code) algorithm(s) used for data integrity verification can be selected in the sshd2_config file:

MACs                hmac-sha1,hmac-md5

The system will attempt to use the different HMAC algorithms in the sequence they are specified on the line. Supported MAC names are the following:

  • hmac-md5
  • hmac-md5-96
  • hmac-sha1
  • hmac-sha1-96
  • hmac-sha256@ssh.com
  • hmac-sha256-96@ssh.com
  • none: no data integrity checking

Special values for this option are the following:

  • Any: allows all the MAC values including none
  • AnyStd: allows only standard MACs and none
  • AnyMac: allows any available MAC apart from none
  • AnyStdMac: the same as AnyMac, but includes only those MACs mentioned in IETF-SecSh-draft (excluding none). This is the default value.

Note: Algorithm names are case-sensitive.

Crypto Hardware Support

Recommended Algorithms

Previous Next Up [Contents] [Index]


[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]

Copyright © 2011 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Copyright Notice