Environment
Reflection for Secure IT UNIX Server version 7.1 or higher
Situation
Resolution
The Reflection for Secure IT version 7.1 or higher installation includes a migration script, which you can use to migrate settings configured with any of the following products:
Reflection for Secure IT UNIX Client and Server version 7.0
Reflection for Secure IT UNIX Client and Server version 6.x
F-Secure UNIX clients and servers
The migration script is installed to /etc/ssh2/migrate.sh.
The script examines your configuration files to determine if setting changes are required. If changes are needed, you are prompted to confirm that you want to apply these changes. After you confirm the migration, new configuration files are created with the required updates along with backups of your original files.
All operations are detailed in the script’s output and log files. The log files identify which settings have been migrated and which cannot be migrated. Log files are created in the same directory as the converted file and have names based on the converted filename (for example, sshd2_config_migration.log).
To migrate global configuration files
When you run the migration script with no arguments, it migrates files located in the /etc/ssh2 directory. If /etc/ssh2/sshd2_config and /etc/ssh2/ssh2_config contain non-default settings, you are asked if you want to migrate these files.
If these settings contain default values (which is the expected state after you uninstall the prior version and then install the current version), the script looks for the most recent backup files (*.bak, *.old, *.saved, or *.rpmsave) and asks if you want to migrate settings in the backup files.
Installation
- Log in as root.
- Uninstall the prior version.
- Install the new version.
- Run the migration script with no arguments:
/etc/ssh2/migrate.sh
- Respond to the prompts.
- Review the migrated settings and the migration log and, where required, merge settings from the migrated backup files into sshd2_config and ssh2_config.
For example, on Linux, the migrated server configuration settings files are in /etc/ssh2/sshd2_config.rpmsave.new.
To migrate a user configuration file
- Log in as root.
- Run the migration script and specify the file you want to migrate. For example:
/etc/ssh2/migrate.sh client ~/.ssh2/ssh2_config
To migrate PKI settings
You can use the following procedure to migrate settings if Reflection PKI Services Manager is installed on a computer that has Reflection for Secure IT 6.x or F-Secure configuration files.
- Log in as root.
- Use pkid with the -m option to migrate settings from your prior version configuration files. Follow these examples:
To migrate PKI settings in sshd2_config and ssh2_config files located in /etc/ssh2/ and migrate these settings to pki_config and pki_map files in the PKI Manager configuration folder, enter
/usr/local/sbin/pkid -m /etc/ssh2/
To migrate PKI settings in sshd2_config.bak and create new PKI Manager configuration files in the specified output directory, enter
/usr/local/sbin/pkid -b /output/path/ -m /etc/ssh2/sshd2_config.bak
- Review the migration log, which is created in the logs directory located in the PKI Services Manager data directory. (By default, this log records at the “info” level, which shows if errors or warnings occurred. The level can be elevated using -d.)
Note: If the pki_config file in the destination folder already has a trust anchor configured, no migration occurs. This check helps to ensure that the migration won't override modifications you have already implemented.