zERT SSH Session Attributes

Use the zERT SSH Session Data attributes to monitor all zERT SSH security sessions.

Origin Node Unique identifier for the TCP/IP stack being displayed.

System ID The SMF system ID. The format is a text string no longer than 4 characters.

TCPIP STC Name The jobname of the TCP/IP address space.

Sysplex Name The name of the sysplex that the monitored system is part of. The format is a text string no longer than 8 characters.

Collection Time The time and date of data sampling.

User ID The z/OS user ID associated with the socket.

Application Name The jobname associated with the application address space that opened and bound the socket associated with the security session.

IP Protocol The IP Protocol for the security session. The format is an unsigned integer that can have the following values:
6 - TCP
17 - UDP

Port Range Start The starting value for the server port range. The format is an unsigned integer.

Port Range End The ending value for the server port range. The format is an unsigned integer.

Client IP Address The client IP address. The format is a text string no longer than 45 characters. The IPV6 Session attribute indicates whether this is an IPV6 IP address or not.

Server IP Address The server IP address. The format is a text string no longer than 45 characters. The IPV6 Session attribute indicates whether this is an IPV6 IP address or not.

Session ID Session identifier that uniquely identifies a security session based on the server and client endpoints plus the significant security attributes for the session. The format is a text string no longer than 42 characters.

Source Source of the information of the security session. The format is an unsigned integer that can have the following values:
Unknown=0
Stream_Observed=1
Crypto_Protocol=2
Cryptographic Operation The type of cryptographic operation being used for the security session. The format is an unsigned integer that can have the following values:
Unknown=0
Pre_Shared_Key=16
Raw_Public_Key=64
Encrypt_Then_Mac=128
Protocol Version The protocol version being used for the security session. The format is an unsigned integer that can have the following values:
SSHv1=1
SSHv2=2
First Authentication Method The first or only authentication method used. The format is an unsigned integer that can have the following values:
Unknown=0
None=1
Password=2
Public-Key=3
Host-Based=4
RHosts=5
RHosts-RSA=6
RSA=7
Keyb-Intact=8
Chal-Resp=9
Cntl-Sock1=10
Gssapi-Mic=11
Gssapi-Kex=12
Last Authentication Method The last authentication method used if multiple methods are in use. The format is an unsigned integer that can have the following values:
Unknown=0
None=1
Password=2
Public-Key=3
Host-Based=4
RHosts=5
RHosts-RSA=6
RSA=7
Keyb-Intact=8
Chal-Resp=9
Cntl-Sock1=10
Gssapi-Mic=11
Gssapi-Kex=12
Encryption Inbound Traffic The encryption algorithm for inbound traffic. The format is an unsigned integer that can have the following values:
Unknown=0
None=1
DES=2
DES_40=3
3DES=4
RC2_40=5
RC2_128=6
RC2=7
RC4_40=8
RC4_128=9
RC4_256=10
RC4=11
AES_CBC_128=12
AES_CBC_192=13
AES_CBC_256=14
AES_CTR_128=15
AES_CTR_192=16
AES_CTR_256=17
AES_GCM 128=18
AES_GCM_256=19
AES_CCM_128=20
AES_CCM_256=21
AES_CCM8_128=22
AES_CCM8_256=23
AES_256=24
Blowfish=25
Blowfish_CBC=26
CAST_128_CBC=27
ARCFOUR_128=28
ARCFOUR_256=29
ARCFOUR=30
Rijndael_CBC=31
ACSS=32
ARIA_128_CBC=33
ARIA_256_CBC=34
ARIA_128_GCM=35
ARIA_256_GCM=36
Camellia_128_CBC=37
Camellia_256_CBC=38
Camellia_128_GCM=39
Camellia_256_GCM=40
ChaCha20_Poly1305=41
IDEA_CBC=42
SEED_CBC=43
Fortezza=44
GOST28147=45
TwoFish_CBC_256=46
TwoFish_CBC=47
TwoFish_CBC_192=48
TwoFish_CBC_128=49
Serpent_CBC_256=50
Serpent_CBC_192=51
Serpent_CBC_128=52
Inbound Message Authentication The message authentication algorithm used by the cipher suite for inbound messages. The format is an unsigned integer that can have the following values:
Unknown=0
None=1
MD2=2
HMAC-MD5=3
HMAC-SHA1=4
HMAC-SHA2-224=5
HMAC-SHA2-256=6
HMAC-SHA2-384=7
HMAC-SHA2-512=8
AES-GMAC-128=9
AES-GMAC-256=10
AES-128-XCBC-96=11
HMAC-SHA2-256-128=12
HMAC-SHA2-384-192=13
HMAC-SHA2-512-256=14
HMAC-MD5-96=15
HMAC-SHA1-96=16
UMAC-64=17
UMAC-128=18
RIPEMD-160=19
Key Exchange Method The key exchange method used by the cipher suite. The format is an unsigned integer that can have the following values:
Unknown=0
None=1
DH-GEX-SHA256=2
DH-GEX-SHA1=3
DH-G14-SHA1=4
DH-G1-SHA1=5
ECDH-SHA2-NISTP-256=6
ECDH-SHA2-NISTP-384=7
ECDH-SHA2-NISTP-521=8
GSS-G1-SHA1=9
GSS-G14-SHA1=10
GSS-GEX-SHA1=11
ECMQV-SHA2=12
GSS=13
RSA1024-SHA1=14
RSA2048-SHA256=15
DH-G14-SHA256-16
DH-G16-SHA512-17
DH-G18-SHA512-18
CRV-22519-SHA256=19
Encryption Outbound Traffic The encryption algorithm for outbound traffic. The format is an unsigned integer that can have the following values:
Unknown=0
None=1
DES=2
DES_40=3
3DES=4
RC2_40=5
RC2_128=6
RC2=7
RC4_40=8
RC4_128=9
RC4_256=10
RC4=11
AES_CBC_128=12
AES_CBC_192=13
AES_CBC_256=14
AES_CTR_128=15
AES_CTR_192=16
AES_CTR_256=17
AES_GCM 128=18
AES_GCM_256=19
AES_CCM_128=20
AES_CCM_256=21
AES_CCM8_128=22
AES_CCM8_256=23
AES_256=24
Blowfish=25
Blowfish_CBC=26
CAST_128_CBC=27
ARCFOUR_128=28
ARCFOUR_256=29
ARCFOUR=30
Rijndael_CBC=31
ACSS=32
ARIA_128_CBC=33
ARIA_256_CBC=34
ARIA_128_GCM=35
ARIA_256_GCM=36
Camellia_128_CBC=37
Camellia_256_CBC=38
Camellia_128_GCM=39
Camellia_256_GCM=40
ChaCha20_Poly1305=41
IDEA_CBC=42
SEED_CBC=43
Fortezza=44
GOST28147=45
TwoFish_CBC_256=46
TwoFish_CBC=47
TwoFish_CBC_192=48
TwoFish_CBC_128=49
Serpent_CBC_256=50
Serpent_CBC_192=51
Serpent_CBC_128=52
Outbound Message Authentication The message authentication algorithm used by the cipher suite for outbound messages. The format is an unsigned integer that can have the following values:
Unknown=0
None=1
MD2=2
HMAC-MD5=3
HMAC-SHA1=4
HMAC-SHA2-224=5
HMAC-SHA2-256=6
HMAC-SHA2-384=7
HMAC-SHA2-512=8
AES-GMAC-128=9
AES-GMAC-256=10
AES-128-XCBC-96=11
HMAC-SHA2-256-128=12
HMAC-SHA2-384-192=13
HMAC-SHA2-512-256=14
HMAC-MD5-96=15
HMAC-SHA1-96=16
UMAC-64=17
UMAC-128=18
RIPEMD-160=19
Server Raw Key Type The raw key type used by the cipher server. The format is an unsigned integer that can have the following values:
Unknown=0
None=1
RSA=2
DSA=3
DH=4
ECC=5
RSA1=6
RSA-CERT=7
DSA-CERT=8
ECDSA-CERT=9

Server Raw Key Length The raw key length used by the cipher server.

Client Raw Key Type The raw key type used by the client server. The format is an unsigned integer that can have the following values:
Unknown=0
None=1
RSA=2
DSA=3
DH=4
ECC=5
RSA1=6
RSA-CERT=7
DSA-CERT=8
ECDSA-CERT=9

Client Raw Key Length The raw key length used by the client server.

Server Certificate Signature The server certificate signature method. The format is an unsigned integer that can have the following values:
Unknown=0
None=1
RSA_with_MD2=2
RSA_with_MD5=3
RSA_with_SHA1=4
DSA_with_SHA1=5
RSA_with_SHA-224=6
RSA_with_SHA-256=7
RSA_with_SHA-384=8
RSA_with_SHA-512=9
ECDSA_with_SHA1=10
ECDSA_with_SHA-224=11
ECDSA_with_SHA-256=12
ECDSA_with_SHA-384=13
ECDSA_with_SHA-512=14
DSA_with_SHA-224=15
DSA_with_SHA-256=16
RSA_PSS_RSAE_with_SHA-256=17
RSA_PSS_RSAE_with_SHA-384=18
RSA_PSS_RSAE_with_SHA-512=19
ED_25519=20
ED_448=21
RSA_PSS_PSS_with_SHA-256=22
RSA_PSS_PSS_with_SHA-384=23
RSA_PSS_PSS_with_SHA-512=24
Server Certificate Encryption The server certificate encryption method. The format is an unsigned integer that can have the following values:
Unknown=0
None=1
RSA=2
DSA=3
ECDSA=4
Server Certificate Digest The server certificate digest algorithm. The format is an unsigned integer that can have the following values:
Unknown=0
None=1
MD2=2
MD5=3
SHA1=4
SHA-224=5
SHA-256=6
SHA-384=7
SHA-512=8
Server Certificate Key The server certificate key type. The format is an unsigned integer that can have the following values:
Unknown=0
None=1
RSA=2
DSA=3
DH=4
ECC=5
RSA1=6
RSA-CERT=7
DSA-CERT=8
ECDSA-CERT=9
ED25519=10
ED25519-CERT01=11

Server Certificate Key Length The server certificate key length. The format is an unsigned integer.

Client Certificate Signature The client certificate signature method. The format is an unsigned integer that can have the following values:
Unknown=0
None=1
RSA_with_MD2=2
RSA_with_MD5=3
RSA_with_SHA1=4
DSA_with_SHA1=5
RSA_with_SHA-224=6
RSA_with_SHA-256=7
RSA_with_SHA-384=8
RSA_with_SHA-512=9
ECDSA_with_SHA1=10
ECDSA_with_SHA-224=11
ECDSA_with_SHA-256=12
ECDSA_with_SHA-384=13
ECDSA_with_SHA-512=14
DSA_with_SHA-224=15
DSA_with_SHA-256=16
RSA_PSS_RSAE_with_SHA-256=17
RSA_PSS_RSAE_with_SHA-384=18
RSA_PSS_RSAE_with_SHA-512=19
ED_25519=20
ED_448=21
RSA_PSS_PSS_with_SHA-256=22
RSA_PSS_PSS_with_SHA-384=23
RSA_PSS_PSS_with_SHA-512=24
Client Certificate Encryption The client certificate encryption method. The format is an unsigned integer that can have the following values:
Unknown=0
None=1
RSA=2
DSA=3
ECDSA=4
Client Certificate Digest The client certificate digest algorithm. The format is an unsigned integer that can have the following values:
Unknown=0
None=1
MD2=2
MD5=3
SHA1=4
SHA-224=5
SHA-256=6
SHA-384=7
SHA-512=8
Client Certificate Key The client certificate key type. The format is an unsigned integer that can have the following values:
Unknown=0
None=1
RSA=2
DSA=3
DH=4
ECC=5

Client Certificate Key Length The client certificate key length. The format is an unsigned integer.