|
|
|
Readme: Features Introduced in Reflection for Secure IT UNIX Client and Server 6.1
Technical Note 1899
Last Reviewed 31-May-2006
Applies To
Reflection for Secure IT UNIX Client version 6.1
Reflection for Secure IT UNIX Server version 6.1
Summary
Technical Note 1899
Last Reviewed 31-May-2006
Applies To
Reflection for Secure IT UNIX Client version 6.1
Reflection for Secure IT UNIX Server version 6.1
Summary
This document lists the features introduced in Reflection for Secure IT UNIX Client and Server version 6.1. It also includes supported platforms, and provides information for obtaining this Reflection SSH product.
Note the following:
- Reflection for Secure IT version 7.0 is available beginning in February 2008. For a list of new features in 7.0, see Technical Note 2274. For information about purchasing Reflection for Secure IT, please e-mail us: SalesRecept@attachmate.com.
- This document supersedes the readme installed with the evaluation and shipping Reflection for Secure IT UNIX Client and Server 6.1 products.
This note includes the following topics:
Features Introduced in Version 6.1
Supported Platforms in Version 6.1
Obtaining Your Product Upgrade
Expanding .zip Files
Installing Update on IBM AIX Platforms
Supported Platforms in Version 6.1
Obtaining Your Product Upgrade
Expanding .zip Files
Installing Update on IBM AIX Platforms
Features Introduced in Version 6.1
The following new features are available in Reflection for Secure IT UNIX Client and Server version 6.1.
- Reflection for Secure IT now supports the SHA-256 hashing algorithm. To enable this, specify 'hmac-sha256' in the MACs keyword in the client and server configuration files.
- Ssh-certtool now supports creating PKCS#12 packages as well as PKCS#10 certificate requests.
- Ssh-certtool now defaults to RSA for new key requests.
- Ssh-certview now displays the certificate's public key fingerprint when running in verbose mode.
- The Solaris 10 Zones feature is now supported.
- Support for ulimit settings
A new configuration option, UsePamSessions, is available. When enabled (default is disabled), the PAM session-modules are run for the configured service ("ssh" by default) just before a new shell is launched. This enables modules such as pam_limits.so to be used for user sessions. To use this option:
- Open the /etc/ssh2/sshd2_config file and remove the pound symbol (#) in front of "UsePamSessions Yes" to enable this setting.
- Open the /etc/pam.d/ssh file and add a statement (if none is present) to require the pam_limits.so module for PAM sessions.
- Add any ulimit settings to the /etc/security/limits.conf file.
Note: The core file size and maximum number of open files requires both the soft and hard limits to be set. In addition, both the hard and soft limits for the core file size must be a numerical value.
Supported Platforms in Version 6.1
For information about platform support in Reflection for Secure IT, see Technical Note 1944.
Obtaining Your Product Upgrade
If you already obtained your product upgrade, disregard this section.
Maintained customers are eligible to download the latest product releases from the Attachmate Download Library web site: https://download.attachmate.com/Upgrades/.
You will be prompted to login and accept the Software License Agreement before you can select and download a file. For more information on using the Download Library web site, see Technical Note 0200.
Expanding .zip Files
For information about how to expand UNIX files that are packaged with a .zip extension, see Technical Note 1925.
Installing Update on IBM AIX Platforms
The following optional procedure supplements the installation instructions provided in the SSH for UNIX Client and Server Reference version 6.1 (page 12). You can use this procedure if you want the server to restart automatically if it dies for any reason.
After completing the installation as described in the manual, add the following command to /etc/inittab.
sshd:2345:respawn:/usr/sbin/sshd2 -oDontFork=yes > /var/adm/sshlog 2>&1This command configures sshd2 to run at runlevels 2-5 and restart automatically. Setting -oDontFork=yes makes the daemon run in foreground, so init can monitor its status.
For installation instructions for other platforms, see the SSH for UNIX Client and Server Reference version 6.1 available on the Support site at http://support.attachmate.com/manuals/sshdocs.html.
