Attachmate Worldwide  |   Contact Us  |   NetIQ.com
Home » Support » Solution Library

Technical Notes

New Features in Reflection for Secure IT UNIX Client and Server 7.0 and Release Notes
Technical Note 2274
Last Reviewed 21-Mar-2008
Applies To
Reflection for Secure IT UNIX Client version 7.0
Reflection for Secure IT UNIX Server version 7.0
Summary

Reflection for Secure IT UNIX Client and Server 7.0 have been redesigned using the most current tools and practices for secure software development. This technical note outlines the new features available in this release, as well as product release notes.

Note: If your environment requires support for PKI, FIPS, SecurID, or IPv6, do not upgrade to 7.0. Current plans include reintroducing these options in a future product release. Prior to upgrading, refer to Technical Note 1944 to verify that your UNIX platform is supported.

Redesigned Reflection for Secure IT UNIX Client and Server 7.0

Reflection for Secure IT UNIX Client and Server version 7.0 were designed and written by Attachmate using the most current tools and practices for secure software development. The most important changes are internal to the products, but there are significant visible improvements in the Reflection for Secure IT UNIX Client and Server 7.0 feature sets.

This note includes the following information:

Reflection for Secure IT UNIX 7.0 New Features
Obtaining Your Product Upgrade
Replacing Your Current SSH Product
Installing Reflection for Secure IT UNIX Client and Server 7.0

Reflection for Secure IT UNIX 7.0 New Features

In addition to new architecture, version 7.0 offers the following new features:

Improved Documentation

  • The UNIX User Guide now includes an appendix with detailed reference information about command-line options and configuration keywords.
  • The User Guide is available from http://support.attachmate.com/manuals/sshdocs.html in both PDF and HTML format.

Client Features

  • Enhanced support for Kerberos and mutual authentication. This enhancement adds gssapi-keyex support, which streamlines user account and credential administration by eliminating the need for host and user keys.
  • SSH connection re-use. Reduces authentication prompts to users who consume multiple secure shell sessions at one time, typically by running more than one secured client application at once (for example, sftp, interactive ssh session, X11 port forwarding).
  • Updated key generation utility. Ssh-keygen saves you time when creating host and user keys.
  • Strict Mode Checking. Strict Mode support enforces proper access controls of users' private keys during public key authentication. You can configure strict mode checking using the StrictModes keyword; the default value is Yes.

Server Features

  • Enhanced support for Kerberos and mutual authentication. This enhancement adds gssapi-with-mic support and gssapi-keyex support. Gssapi-keyex streamlines user account and credential administration by eliminating the need for host and user keys
  • Dead/idle client detection. Restores system resources consumed by active but unused server connections.
  • Strict Mode Checking. Strict Mode support enforces proper access controls for users' ssh authentication and authorization data during public key authentication. You can configure strict mode checking using the StrictModes keyword; the default value is Yes.
  • Privilege Separation. Privilege separation provides increased security against potential network attacks by containing corruptions within an unprivileged process. You can configure privilege separation using the UsePrivilegeSeparation keyword; the default value is Yes.
  • Uses OpenSSH format public keys. The Reflection for Secure IT server can read keys created by OpenSSH clients. You don't need to modify the key format.

Obtaining Your Product Upgrade

If you already obtained your product upgrade, disregard this section.

Maintained customers are eligible to download the latest product releases from the Attachmate Download Library web site: https://download.attachmate.com/Upgrades/.

You will be prompted to login and accept the Software License Agreement before you can select and download a file. For more information on using the Download Library web site, see Technical Note 0200.

Note: If you download a Sun Solaris, HP-UX, or IBM AIX package using Internet Explorer, the uppercase (.Z) extension is changed to lowercase (.z). You will need to rename the file name to use an uppercase Z before you can uncompress your files.

Replacing Your Current SSH Product

For information about replacing your current ssh product with Reflection for Secure IT UNIX Client and/or Server version 7.0, see Technical Note 2282.

Installing Reflection for Secure IT UNIX Client and Server 7.0

For information about installing Reflection, see the Installation topic in the User Guide: http://docs.attachmate.com/reflection/rsit-ssh/7.0/unix/en/help/rsit_unix_install_ch.htm.

Related Technical Notes
0200 Using the Attachmate Download Library (FAQ)
1944 Supported Platforms in Reflection for Secure IT Client and Server
2282 Replace an Existing Secure Shell Program with Reflection for Secure IT UNIX Client or Server 7.0
2340 Upgrading Reflection for Secure IT from an Evaluation Copy to a Licensed Copy

Did this technical note answer your question?

Yes    No    Somewhat     Not sure yet

Additional comments about this tech note:

Need further help? For technical support, please contact Support.