Migrating Settings to Reflection for Secure IT UNIX Client or Server Version 7.1 or Higher

  • 7021944
  • 02-Apr-2009
  • 02-Mar-2018

Environment

Reflection for Secure IT UNIX Client version 7.1 or higher
Reflection for Secure IT UNIX Server version 7.1 or higher

Situation

This technical note describes how to migrate settings to Reflection for Secure IT UNIX Client or Server version 7.1 or higher from existing configuration files of a previous version.

Resolution

The Reflection for Secure IT version 7.1 or higher installation includes a migration script, which you can use to migrate settings configured with any of the following products:

Reflection for Secure IT UNIX Client and Server version 7.0
Reflection for Secure IT UNIX Client and Server version 6.x
F-Secure UNIX clients and servers

The migration script is installed to /etc/ssh2/migrate.sh.

The script examines your configuration files to determine if setting changes are required. If changes are needed, you are prompted to confirm that you want to apply these changes. After you confirm the migration, new configuration files are created with the required updates along with backups of your original files.

All operations are detailed in the script’s output and log files. The log files identify which settings have been migrated and which cannot be migrated. Log files are created in the same directory as the converted file and have names based on the converted filename (for example, sshd2_config_migration.log).

To migrate global configuration files

When you run the migration script with no arguments, it migrates files located in the /etc/ssh2 directory. If /etc/ssh2/sshd2_config and /etc/ssh2/ssh2_config contain non-default settings, you are asked if you want to migrate these files.

If these settings contain default values (which is the expected state after you uninstall the prior version and then install the current version), the script looks for the most recent backup files (*.bak, *.old, *.saved, or *.rpmsave) and asks if you want to migrate settings in the backup files.

Installation

  1. Log in as root.
  2. Uninstall the prior version.
  3. Install the new version.
  4. Run the migration script with no arguments:
/etc/ssh2/migrate.sh
  1. Respond to the prompts.
  2. Review the migrated settings and the migration log and, where required, merge settings from the migrated backup files into sshd2_config and ssh2_config.

For example, on Linux, the migrated server configuration settings files are in /etc/ssh2/sshd2_config.rpmsave.new.

To migrate a user configuration file

  1. Log in as root.
  2. Run the migration script and specify the file you want to migrate. For example:
/etc/ssh2/migrate.sh client ~/.ssh2/ssh2_config

To migrate PKI settings

You can use the following procedure to migrate settings if Reflection PKI Services Manager is installed on a computer that has Reflection for Secure IT 6.x or F-Secure configuration files.

  1. Log in as root.
  2. Use pkid with the -m option to migrate settings from your prior version configuration files. Follow these examples:

To migrate PKI settings in sshd2_config and ssh2_config files located in /etc/ssh2/ and migrate these settings to pki_config and pki_map files in the PKI Manager configuration folder, enter

/usr/local/sbin/pkid -m /etc/ssh2/

To migrate PKI settings in sshd2_config.bak and create new PKI Manager configuration files in the specified output directory, enter

/usr/local/sbin/pkid -b /output/path/ -m /etc/ssh2/sshd2_config.bak
  1. Review the migration log, which is created in the logs directory located in the PKI Services Manager data directory. (By default, this log records at the “info” level, which shows if errors or warnings occurred. The level can be elevated using -d.)

Note: If the pki_config file in the destination folder already has a trust anchor configured, no migration occurs. This check helps to ensure that the migration won't override modifications you have already implemented.

Additional Information

Legacy KB ID

This document was originally published as Attachmate Technical Note 2422.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.