Attachmate Worldwide  |   Contact Us  |   NetIQ.com
Home » Support » Solution Library

Technical Notes

Replace an Existing Secure Shell Program with Reflection for Secure IT UNIX Client or Server 7.0
Technical Note 2282
Last Reviewed 01-Feb-2008
Applies To
Reflection for Secure IT UNIX Client version 7.0 or higher
Reflection for Secure IT UNIX Server version 7.0 or higher
Summary

If you are installing on a system that is already running a Secure Shell client or server, you must uninstall the prior version before you install Reflection for Secure IT 7.0 or higher.

This requirement applies to versions of Reflection for Secure IT earlier than version 7.0, as well as F-Secure, OpenSSH, and other implementations.

To install on a system that is currently running Secure Shell, follow these steps:

  1. Log on as root.
  2. (Server only) Stop the server.
  3. Uninstall your existing Secure Shell product.
  4. (AIX only) Check for the existence of a hidden .toc file in the directory from which you ran installp to uninstall your previous version. If this file is present, remove or rename it.
  5. Install the Reflection for Secure IT client or server.
  6. (Optional) If you had configured a non-default client or server configuration file, you will find a backup copy of your file in the configuration file directory. Use these backup files to merge your non-default settings to the new configuration file.

Note the following:

  • The server installation package checks to see if an existing host key pair is already present. If no host key is found, the package creates a new host key pair and the server uses this pair for host authentication. If a host key already exists in /etc/ssh2, Reflection for Secure IT uses this key. If an OpenSSH host key is found in /etc/ssh, Reflection for Secure IT migrates the key to the correct format and location and uses the migrated key.
  • The details of how backup configuration files are created varies with the associated operating system.
    • On all platforms except AIX, if you have made any changes to the default client and/or server configuration file, the installer backs up the file when you uninstall. (The file extension added to this backup depends on the native installer.)
    • On AIX, no backup file is created when you uninstall; instead, a backup file is created if a non-default configuration file is present when you install Reflection for Secure IT.
  • Key pairs created in the user’s .ssh2 directory that were created with a previous Reflection for Secure IT product are compatible with Reflection for Secure IT 7.0. No conversion is necessary.
  • StrictModes default value is “yes” for both client and server.
    • Client—StrictModes specifies how the client checks file modes and ownership during public key authentication. When set to 'yes', the .ssh2 directory must not be group or world readable (permissions=700), and the private keys listed in the identification file must not be group or world readable (permissions=600). When set to 'no', the private key restrictions are still enforced, but not those of the .ssh2 directory. If these conditions aren't met, public key authentication fails. The allowed values are 'yes' and 'no'. The default is 'yes'.
    • Server—StrictModes specifies how the server checks file modes and ownership during public key authentication. When set to 'yes', the user's .ssh2 directory must be world and group read-only (no less protected than permissions=744), and the authorization file and key files must have a mode no less protected than 644. Ownership must be by root or the current user. If these conditions aren't met, public key authentication fails. The allowed values are 'yes' and 'no'. The default is 'yes'.
  • If /etc/pam.d/ssh exists, it is backed up and a new file is put in place.
  • Subconfiguration files, if present, are not touched.

Additional Resources

For additional information about installing Reflection for Secure IT UNIX Client or Server 7.0, see the Installation topic in the Reflection for Secure IT User Guide: http://docs.attachmate.com/reflection/rsit-ssh/7.0/unix/en/help/rsit_unix_install_ch.htm.

Reflection for Secure IT Documentation is available on the Attachmate Support site at http://support.attachmate.com/manuals/sshdocs.html.

Related Technical Notes
2274 New Features in Reflection for Secure IT UNIX Client and Server 7.0 and Release Notes

Did this technical note answer your question?

Yes    No    Somewhat     Not sure yet

Additional comments about this tech note:

Need further help? For technical support, please contact Support.