Scott Ford wrote: >I read in the z/Os 2.3 doc that SSH requires the crypto >card and ICSF.
You did? Here's the link to the current PDF edition of the z/OS OpenSSH documentation: https://www-304.ibm.com/servers/resourcelink/svc00100.nsf/pages/zOSV2R3SC276806/$file/foto100_v2r3.pdf I don't see any claim that Crypto Express features (crypto cards) are required, although they would certainly be nice to have and are required to meet particular certifications and security requirements, if you have those requirements. CPACF (CP Assist for Cryptographic Functions) is recommended but not required for z/OS OpenSSH. The Integrated Cryptographic Service Facility (ICSF) is required at least for certain z/OS OpenSSH functions, as Matt pointed out. ICSF is a component of the base z/OS operating system, included at no additional charge. CPACF (Feature Code 3863) is a no additional charge machine feature, available in most countries. z/OS OpenSSH is provided with the base z/OS operating system starting from z/OS 2.2. z/OS OpenSSH is significantly updated in z/OS 2.3. I agree with Matthew that ICSF is practically universally implemented in z/OS installations. CPACF is on almost every machine, except in a very few countries. Crypto Express features may or may not be present, but they're common and getting more common. If you see an error in the documentation somewhere, please let IBM know. -------------------------------------------------------------------------------------------------------- Timothy Sipples IT Architect Executive, Industry Solutions, IBM Z & LinuxONE, Multi-Geography E-Mail: [email protected] ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
