Note: Prior to z/OS V2R4, you must apply the PTF for APAR OA54299 ("NEW FUNCTION FOR OPENSSH : CPACF SUPPORT").
With this new function, OpenSSH will use z architecture CPACF instructions directly if available for selected Cipher and MAC algorithms. This results in reduced CPU overhead as compared to using the same CPACF enabled algorithms through ICSF. In addition, configuration changes and ICSF RACF/SAF rules are not necessary. We recommend that most users will want to use this approach, which is now the default.
Note: If you have previously configured z/OS OpenSSH to use ICSF for Cipher and MAC algorithms,
you may change this back to the default by removing the CiphersSource
and MACsSource
options
from your /etc/ssh/zos_ssh_config
and /etc/ssh/zos_sshd_config
files.
The new default for these options is CPACF
, which will use CPACF versions of algorithms if available and OpenSSL (software)
otherwise. If your setting for these options is any
, then CPACF will be selected first (if available), and then ICSF
for ICSF-compatible algorithms and then OpenSSL for the rest.
Note:If you have configured OpenSSH for FIPS mode, then ICSF must be used for all algorithms (this document does not support FIPS mode configurations).
In this section, you will review the Cipher and MAC algorithms that your ssh client and sshd server will use. Choosing algorithms implemented via CPACF will in general greatly reduce CPU consumption when compared to other algorithms, so this is important to understand and implement correctly.
Note: z/OS V2R4 users can skip to the section called “Configuring SSHD server Ciphers and MACs”, since the IBM sample client configuration files already prefer more efficent CPACF algorithms. We recommend that you read through anyway.
The default OpenSSH Cipher and MAC algorithm names can be seen (commented out)
in the sample /etc/ssh/ssh_config
(ssh client) and /etc/ssh/sshd_config
(sshd server)
configuration files.
Following the lines are the z/OS recommended defaults (for z/OS V2R3), which are uncommented (active). These defaults have been selected to best optimize CPACF acceleration while maintaining a high level of compatability with non-z/OS OpenSSH implementations. For reference, these are (each entry is a single line, shown wrapped below):
# /etc/ssh/ssh_config changes (ONE LINE EACH!) Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc, rijndael-cbc@lysator.liu.se,3des-cbc,aes256-gcm@openssh.com, aes128-gcm@openssh.com,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour MACs hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com,hmac-sha1-96-etm@openssh.com, hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-sha1-96, hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-md5-96, umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-ripemd160-etm@openssh.com, umac-64@openssh.com,umac-128@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com
These lists specify the Cipher and MAC algorithms that are supported by the ssh client and server. When an ssh client connects to an ssd server, they exchange these lists and negotiate which Cipher and MAC algorithm will be used for this session.
Cipher and MAC negotiation rule | |
---|---|
The first algorithm in the client list that appears anywhere in the server list will be selected. |
Note: The configuration in the new sample files (/etc/ssh/ssh_config
and /etc/ssh/sshd_config
) are a good start, since the client will try CPACF algorithms first during negotiation.
Some sites will want to modify the default configurations to insure that only CPACF enabled algorithms that
meet their security (strength) requirements are used.
Considering the ssh client configuration first, and mindful of the rule above,
you can customize the client configuration file (/etc/ssh/ssh_config
)),
with the following considerations:
Sites may want to list only Cipher algorithms that are implemented by CPACF with bit lengths supported on their processor (SHA-2 > 256 bits and AES > 128 bits require a z10 processor or above).
Sites may choose not to support older 3des-cbc algorithms, or other CPACF or non-CPACF Ciphers and MACs that do not meet their security requirements.
The Host and Match configuration keywords can be used in SSH client configuration files to conditionally assign different algorithm lists to specific hosts, userids, etc.
To implement a CPACF-only strategy for CPU reduction, update the /etc/ssh/ssh_config
file, comment out the existing
MACs
and Cipher
lines, and replace with the following
(each entry is a single line, shown wrapped below):
# /etc/ssh/ssh_config changes # Only allow AES ICSF/CPACF Ciphers (ONE LINE!): Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc # Only support ICSF/CPACF SHA-1 and SHA-2 MACs (ONE LINE!): MACs hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1,hmac-sha2-256,hmac-sha2-512
Note: Even though virtually all partner systems will support this configuration, sites with existing connections may wish to test or check SMF 119 type 94 records to see if other algorithms are in use.
The negotiation rule described above implies that your have fewer choices for selecting Ciphers and MACs in your
SSHD server configuration, since only the client's list determines preference.
Some sites may wish to only allow CPACF accelerated Ciphers and MACs and fail otherwise.
To do this, make the following changes to your /etc/ssh/sshd_config
file:
# /etc/ssh/sshd_config changes # Only support ICSF/CPACF SHA-1 and SHA-2 MACs (ONE LINE!) MACs hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1,hmac-sha2-256,hmac-sha2-512 # Only allow AES ICSF/CPACF Ciphers (ONE LINE!) Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc
Note: Even though virtually all partner systems will support this configuration, sites with existing connections may wish to test or check either zERT or OpenSSH SMF type 119 records to see if other algorithms are in use.