Technical Notes

Certificates in the new Reflection store can be used for host and user authentication during Reflection SSH and SSL/TLS sessions. Use the new Reflection Certificate Manager to manage these certificates. (Reflection continues to support authentication using certificates in the Windows certificate store.)

You can now import certificates into the Reflection Key Agent and have them available for user authentication for Secure Shell connections.

You can configure Reflection to use an LDAP server both for external CRL (Certificate Revocation List) checking and to store intermediate certificates. See the LDAP tab in the Reflection Certificate Manager.

Reflection now supports authentication using smart cards that conform to PKCS#11 specifications. See the PKCS #11 tab in the Reflection Certificate Manager.

If you have already created an SSH Config scheme, or configured settings for a particular host, you can easily use this configuration again. All configured hosts and schemes are now available for selection from a convenient drop-down list.

Use the Local Port Forwarding dialog box to configure Reflection to launch an application automatically after the Secure Shell connection has been established. This feature makes it easier to send data securely through the SSH Tunnel from any application installed on the local computer.

Use multi-hop connections when you need to establish secure connections through a series of SSH servers. This is useful if your network configuration doesn't allow direct access to a remote server, but does allow access via intermediate servers.

You can reuse an established SSH connection when you open multiple sessions to the same host—additional sessions don’t require re-authentication. To change this setting use the General tab of the Secure Shell Settings dialog box.

Reflection can now forward all FTP communications—including the FTP command channel and data channel(s)—through an existing secure SSH tunnel.

FIPS mode can now be configured on a per-session basis. Reflection also continues to support use of group policy to enforce FIPS mode for all sessions.

New keywords are available for configuring VT220 emulation for command line ssh and ssh2 sessions. These can be configured in the Secure Shell configuration file, or by using the -o command line switch. To see a list of these new terminal settings, see "Secure Shell, configuration file keywords (terminal settings)" in the Reflection application Help index.

The ssh, scp, and sftp command line utilities now support the full range of command line switches provided by equivalent OpenSSH-style utilities. New ssh2, scp2, and sftp2 utilities have been added for customers who are migrating from F-Secure and need to maintain scripts written for the F-Secure command line utilities.

The scp and scp2 command line utilities now use the sftp subsystem to transfer files securely. (Backwards compatibility for OpenSSH-style scp transfer, which uses rcp through the SSH tunnel, is available using the -1 switch.)