Reflection for Secure IT UNIX Server version 7.2
This technical note outlines the features available in the Reflection for Secure IT UNIX Client and Server 7.2 release, as well as product release notes.
Note: For information about Reflection for Secure IT 8.0 Client and Server for UNIX new features and release notes, see Technical Note 2641.
Reflection for Secure IT UNIX Client and Server 7.2 New Features
The following list of features is available in both the UNIX Client and UNIX Server 7.2 release:
- The ssh-certview utility displays the name of the file if the file cannot be read.
- You can specify passphrase (-P or âpassphrase) or comment (-c) options with the ssh-certtool utility.
- SUSE Linux Enterprise Server 11 support enables you to run Reflection for Secure IT on the latest versions of SLES for x86 and x86-64 platforms.
- You can use the HPNDisabled keyword to configure whether or not Reflection for Secure IT uses High Performance Enabled (HPN) dynamic TCP window features to enhance file transfer performance.
- The server and client Compression configuration keyword allows numeric levels for more fine-grained tuning.
- Linux-based rpm packages include OpenSSH packages in the list of capabilities.
- The maximum packet size conforms to the SSH Transport RFC (RFC4253).
Client New Feature
- You can use the client configuration keyword SysLogFacility to specify the facility code used for logging messages from the client.
Server New Features
- The server displays generic platform names on Solaris 8/9, AIX 5.3/6.1 and HP-UX 11.23/11.31 ia64 when displaying product and version information.
- The PAM configuration file on Red Hat Enterprise Linux uses the 'include' control flag to include other pre-defined module stacks.
- The server checks the account status after each password attempt and immediately disconnects if the account / password has become locked.
- The server can be controlled by the AIX System Resource Controller central daemon process.
- Support for preventing the server (sshd) from detaching or becoming a daemon has been added using the âb switch.
- The default value for the server AccountManagement keyword has been changed to "password,pam" to ensure that a user is not improperly authenticated.
- The init.d script on SUSE Linux Enterprise Server contains fields for managing the boot sequence and setting flexible boot dependencies.
Resolved Issues in 7.2
The following issues were resolved in Reflection for Secure IT UNIX Client and Server 7.2:
Reflection for Secure IT UNIX Client
- Executing scp -r locally to copy the same local folder no longer creates subdirectories in an infinite loop.
- Using the sftp client on Solaris no longer produces an error when attempting to change directories from a directory with limited permissions.
- The user shell no longer hangs on exit when running a background command.
- Single file scp transfer (without wildcards) performance when the directory contains 300,000 plus files has been greatly improved.
Reflection for Secure IT UNIX Server
- The SettableEnvironmentVars configuration keyword now specifies which environment variables can be configured by the client.
- The directories added to the userâs home directory when using the ChrootSftpUsers and ChrootSftpGroups keywords have been documented.
- The soft core limit can now be set.
- The server service (network/ssh) running in Solaris non-global zones no longer prevents the global zone service from starting.
- Server and client configuration keywords SmartFileTransfer, SmartFileCopy and CheckpointResume have been added to the UNIX Userâs Guide.
- Recursive copy using an OpenSSH scp client no longer produces âprotocol error: received directory without ârâ.
- Enabling StrictModes permissions no longer prevents public key authentication in NFS environments.
- Debug messages no longer display on the screen when messages should be logged to a file using the âD switch.
- Permissions on /etc/nologin on Solaris platforms no longer need to be modified to prevent user access.
The following known issues have been found in the Reflection for Secure IT UNIX Client and Server 7.1 or higher.
In Reflection for Secure IT UNIX Client 7.2, you will receive the following error during a post installation step if the xauth binary cannot be found:
"error: %post(rsit-client-188.8.131.52-1.<architecture>) scriptlet failed, exit status 1"
This error does not affect the installation or the product functionality, unless you want to use Reflection for Secure IT's X11 features; in which case, you must install or correct the path to X11.
Default XAuthPath Must Be Edited in Config Files Before Using X11
When attempting to run an X application or session over an ssh connection, the connection fails with a "Can't open display" error message.
- Locate the xauth program, which is usually found in the user's path.
- Update your global configuration files (/etc/ssh2/ssh2_config and /etc/ssh2/sshd2_config, if present) with the absolute path to the xauth program, for example:
Reflection PKI Services Manager Does Not Automatically Shut Down or Start Up
After installing and starting Reflection PKI Services Manager, if the host system is restarted or rebooted, the PKI Manager does not automatically shut down or automatically restart when the system comes back up. See KB 7021869 for information about configuring your system's environment to start and stop the PKI Manager.
Obtaining Your Product Upgrade
Maintained customers are eligible to download the latest product releases from the Attachmate Download Library web site: https://download.attachmate.com/Upgrades/.
You will be prompted to login and accept the Software License Agreement before you can select and download a file. For more information on using the Download Library web site, see KB 7021965.
For information about purchasing Reflection for Secure IT, please e-mail us: SalesRecept@attachmate.com.
Replacing Your Current SSH Product
For information about replacing your current SSH product with Reflection for Secure IT UNIX Client or Server version 7.2, see KB 7021941.
For information about Reflection for Secure IT supported platforms, see KB 7022010.
Installing Reflection for Secure IT UNIX Client and Server 7.2
For information about installing Reflection, see the Installation topic in the User Guide, which is available from the documentation page, http://support.microfocus.com/manuals/rsit_unix.html.