Archive-Date: Fri, 2 Jun 2006 12:47:28 -0400 Date: Fri, 02 Jun 2006 11:20:40 -0500 (EST) From: bryant@process.com Reply-To: Info-TCPware@process.com Subject: TCPware ECO kit available: SSH_V562P090 To: TCPware-Announce@TRITON.PROCESS.COM Message-ID: <01M35BQJ3J4200ADKE@DELTA.PROCESS.COM> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII Content-Transfer-Encoding: 7BIT TCPware ECO kit announcement The following ECO kit is now available for TCPware: ECO: SSH_V562P090 Description: Assorted fixes Release date: 2-JUN-2006 Ranking: 2 Max ranking: 0 Versions: 5.6-2 Requisites: DRIVERS_V562P052 ftp://ftp.process.com/support/56_2/ssh_v562p090.zip To search the TCPware ECO database, please visit the following URL: http://vms.process.com/eco.html For more information, contact Process Software via: E-mail: support@process.com Phone: 1-800-394-8700 The ECO kit README contents are below. ---------------------------------------------------------------------------- SSH patch kit (revision 9.0) for TCPware 5.6 31-May-2006 Copyright (c) 2002-2006 by Process Software This VMSinstallable saveset provides a new version of the following SSH components: - SSH client (SSH2.EXE) - SSH1 server (SSHD.EXE) - SSH2 server (SSHD2.EXE) - SSH master control program (SSHD_MASTER.EXE) - SSH identity agent program (SSH-AGENT2.EXE) - SSH key generators (SSH-KEYGEN.EXE and SSH-KEYGEN2.EXE) - SSH key signer (SSH-SIGNER2.EXE) - SSH loadable executive image (SSHLEI.EXE, LOAD_SSHLEI.EXE, UNLOAD_SSHLEI.EXE) - SSH agent identity manipulation program (SSH-ADD2.EXE) - SSH file copy client (SCP2.EXE) - SSH SFTP client (SFTP2.EXE) - SSH file copy servers (SFTP-SERVER2.EXE and SCP-SERVER1.EXE) - SSH certificate enrollment program (SSH-CERTENROLL2.EXE) - SSH server configuration template file (SSHD2_CONFIG.TEMPLATE) - SSH configuration procedure (SSH_CONTROL.COM) - The SSH HELP (either in a standalone library or as part of SYS$HELP:HELPLIB.HLB, as determined by the original TCPware install) - SSH Public Key Assistant (PUBLICKEY_ASSISTANT.EXE) - SSH Certificate Viewer (SSH-CERTVIEW.EXE) - SSH shared libraries (SSH_ZLIB.EXE, SSH_FSCLM.EXE, SSH_ACCPORNAM.EXE) - SSH Public Key Server (PUBLICKEY-SERVER.EXE) - SSH Certificate Viewer (SSH-CERTVIEW.EXE) - SSH client configuration template (SSH2_CONFIG.TEMPLATE) A new version of the following common TCPware utilities are provided: - NETCU utility (NETCU.EXE) - TCPware command definitions (TCPWARE_COMMANDS.COM and TCPware.CLD) This patch is applicable to TCPware SSH on all supported versions of OpenVMS VAX and OpenVMS Alpha. NOTE: The TCPware ECO DRIVERS_V562P052 or later is required and must be installed in order to run SSH after installing the SSH_V562P070 ECO. A system reboot is requred after installing this ECO, to load the new software features. This kit has an ECO ranking of 2, with an overall ranking of 0. *** Notes for Kerberos 5 Support *** Support for Kerberos 5 is based on HP Kerberos V5 for OpenVMS. Prior to installing and configuring the HP Kerberos product, the following TCPware ECO must be installed: - DRIVERS_V562P052 or later Once the above ECO has been applied, Kerberos may be installed and configured. SSH may be configured and used at any time, either with or without Kerberos; however, Kerberos is required to perform Kerberos authentication in the SSH server. If Kerberos is installed at some later time after SSH is started, restarting SSH will allow it to use Kerberos. Some chapters of the TCPware documentation having to do with SSH have been updated. New PDF files of these are supplied in this ECO, and are copied to the TCPWARE_COMMON:[TCPWARE] directory. These are: TW_MANAGEMENT_SSH1_SERVER_CH25.PDF TW_MANAGEMENT_SSH2_SERVER_CH26.PDF TW_USER_GUIDE_SSH_CLIENT_CH16.PDF TW_USER_GUIDE_FILE_XFER_CH17.PDF This ECO kit provides fixes for the following DE's: - Failed logins are not sent to the VMS audit log. [DE 9842] - For those clients that can support it (this includes the client used by all Process Software SSH products), expired password handling by the server has been modified to prompt for the new password, then the session will continue rather than being logged out. For those clients that don't support this, the old method of expired password handling is still used. There are some clients that may not support this method (an expired password causes an abrupt disconnect from the server system), but the server may not be able to identify them correctly. To handle those, if the logical name TCPWARE_SSH_USE_OLD_EXPIRED_PASSWORD_SCHEME is defined system-wide, the server will revert to its previous method of handling expired passwords. [DE 10260] - Corrected an error that causes our SFTP2/SCP2 client to ACCVIO when dealing with an SFTP server that speaks SFTP protocol version 2. [DE 10234] - Modified the SFTP server such that TCPWARE_SFTP_VMS_ALL_VERSIONS will cause all file versions to be displayed no matter what the remote (client) side is. Note that when a file is copied from the VMS system to the client, the filename will contain the version number. [DE 10238] - Allowed version numbers to be used for the local source specified on SCP2 command line, even when /VMS is not used. [DE 10242] - Fixed a ACCVIO that can occur when exiting from a command file. [DE 10251] - Put the /ASCII=VMS option back in. [DE 10259] - If the logical TCPWARE_SFTP_STAT_DESTINATION_FILE is defined to be FALSE, NO or 0 (zero) then the SFTP client will not attempt to do a STAT operation to check for the presence of the destination file before opening the destination file for write. The assumption is that the destination file does not exist. If the logical TCPWARE_SFTP_STAT_DESTINATION_DIRECTORY is defined to be FALSE, NO or 0 (zero) then the SFTP client will not attempt to do a STAT operation on the destination directory before opening the destination file for write. The assumption is that the destination directory exists. These two logicals should be defined to FALSE in order to have the SFTP client work with Sterling Commerce's Connect:Enterprise product. [DE 10276] - If the logical TCPWARE_SFTP_DONT_TRUNCATE is defined to Yes, True or 1 then the SFTP server will not perform truncate operations as part of FSETSTAT and SETSTAT operations. Some systems end up with unexpected file attributes when the truncate operation is performed and this provides a method of disabling it. [DE 10305] --------------------------------------------------------------------------- Post Installation Notes If you have NOT previously installed a TCPware 5.6 SSH patch kit, or are not sure if one was previously installed, you must perform the following procedure: - Save your old SSH2_DIR:SSHD2_CONFIG. file and create a new one from the new TCPWARE:SSHD2_CONFIG.TEMPLATE file: $ COPY SSH2_DIR:SSHD2_CONFIG. SSH2_DIR:SSHD2_CONFIG.OLD $ COPY TCPWARE:SSHD2_CONFIG.TEMPLATE SSH2_DIR:SSHD2_CONFIG. - If you previously customized your SSH2_DIR:SSHD2_CONFIG file (now renamed to ".OLD"), you must edit the new SSH2_DIR:SSHD2_CONFIG file and add your customizations to it. You MUST use the new file created from the new TCPWARE:SSHD2_CONFIG.TEMPLATE file for this. - Note that if you are in a clustered environment with a shared system disk, you must copy the TCPWARE:SSHD2_CONFIG.TEMPLATE from the node where the ECO was initially installed to the SSH2_DIR: directory on each of the other nodes in the cluster before making the new SSHD2_CONFIG file and making any changes as noted above. The old version of the replaced SSH components will be renamed to TCPWARE_COMMON:[TCPWARE]SSH2.EXE_OLD TCPWARE_COMMON:[TCPWARE]SSHD.EXE_OLD TCPWARE_COMMON:[TCPWARE]SSHD2.EXE_OLD TCPWARE_COMMON:[TCPWARE]SSHD_MASTER.EXE_OLD TCPWARE_COMMON:[TCPWARE]SSH-ADD2.EXE_OLD TCPWARE_COMMON:[TCPWARE]SSH-AGENT2.EXE_OLD TCPWARE_COMMON:[TCPWARE]SCP2.EXE_OLD TCPWARE_COMMON:[TCPWARE]SSH-KEYGEN.EXE_OLD TCPWARE_COMMON:[TCPWARE]SSH-KEYGEN2.EXE_OLD TCPWARE_COMMON:[TCPWARE]SSH-SIGNER2.EXE_OLD TCPWARE_COMMON:[TCPWARE]SCP-SERVER1.EXE_OLD TCPWARE_COMMON:[TCPWARE]SFTP-SERVER2.EXE_OLD TCPWARE_COMMON:[TCPWARE]SSHD2_CONFIG.TEMPLATE_OLD TCPWARE_COMMON:[TCPWARE]SSHLEI.EXE_OLD TCPWARE_COMMON:[TCPWARE]LOAD_SSHLEI.EXE_OLD TCPWARE_COMMON:[TCPWARE]UNLOAD_SSHLEI.EXE_OLD TCPWARE_COMMON:[TCPWARE]SSH_FSCLM.EXE_OLD TCPWARE_COMMON:[TCPWARE]SSH_ACCPORNAM.EXE_OLD TCPWARE_COMMON:[TCPWARE]SSH_ZLIB.EXE_OLD TCPWARE_COMMON:[TCPWARE]NETCU.EXE_OLD TCPWARE_COMMON:[TCPWARE]SSH_CONTROL.COM_OLD TCPWARE_COMMON:[TCPWARE]TCPWARE_COMMANDS.COM_OLD Once installed, you may undo this patch by renaming the files back to their original names, and restarting the SSH component. NOTE: You must reboot your system after installing this ECO, to load the new software features. [End of ECO announcement] ================================================================================ Archive-Date: Fri, 2 Jun 2006 12:47:48 -0400 Date: Fri, 02 Jun 2006 11:21:08 -0500 (EST) From: bryant@process.com Reply-To: Info-TCPware@process.com Subject: TCPware ECO kit available: SSH_V572P020 To: TCPware-Announce@TRITON.PROCESS.COM Message-ID: <01M35BR4ILLE00ADKE@DELTA.PROCESS.COM> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII Content-Transfer-Encoding: 7BIT TCPware ECO kit announcement The following ECO kit is now available for TCPware: ECO: SSH_V572P020 Description: Assorted fixes Release date: 2-JUN-2006 Ranking: 2 Max ranking: 0 Versions: 5.7-2 Requisites: ftp://ftp.process.com/support/57_2/ssh_v572p020.zip To search the TCPware ECO database, please visit the following URL: http://vms.process.com/eco.html For more information, contact Process Software via: E-mail: support@process.com Phone: 1-800-394-8700 The ECO kit README contents are below. ------------------------------------------------------------------------- SSH patch kit (revision 2.0) for TCPware 5.7 31-May-2006 Copyright (c) 2006 by Process Software This VMSinstallable saveset provides a new version of the following SSH components: - SSH client (SSH2.EXE) - SSH1 server (SSHD.EXE) - SSH2 server (SSHD2.EXE) - SSH master control program (SSHD_MASTER.EXE) - SSH identity agent program (SSH-AGENT2.EXE) - SSH key generators (SSH-KEYGEN.EXE and SSH-KEYGEN2.EXE) - SSH key signer (SSH-SIGNER2.EXE) - SSH loadable executive image (SSHLEI.EXE) - SSHLEI image controller (LOAD_SSHLEI.EXE & UNLOAD_SSHLEI.EXE on VAX/AXP, CTRL_SSHLEI.EXE on I64) - SSH agent identity manipulation program (SSH-ADD2.EXE) - SSH file copy client (SCP2.EXE) - SSH SFTP client (SFTP2.EXE) - SSH file copy servers (SFTP-SERVER2.EXE and SCP-SERVER1.EXE) - SSH certificate enrollment program (SSH-CERTENROLL2.EXE) - SSH configuration procedure (SSH_CONTROL.COM) - SSH Public Key Assistant (PUBLICKEY_ASSISTANT.EXE) - SSH Public Key Server (PUBLICKEY-SERVER.EXE) - SSH Certificate Viewer (SSH-CERTVIEW.EXE) - SSH shared libraries (SSH_ZLIB.EXE, SSH_FSCLM.EXE, SSH_ACCPORNAM.EXE) This patch is applicable to TCPware SSH on all supported versions of OpenVMS VAX, OpenVMS Alpha, and OpenVMS I64 A system reboot is requred after installing this ECO, to load the new software features. This kit has an ECO ranking of 2, with an overall ranking of 0. *** Notes for Kerberos 5 Support *** Support for Kerberos 5 is based on HP Kerberos V5 for OpenVMS. SSH may be configured and used at any time, either with or without Kerberos; however, Kerberos is required to perform Kerberos authentication in the SSH server. If Kerberos is installed at some later time after SSH is started, restarting SSH will allow it to use Kerberos. Chapter 26 of the TCPware Management Guide having to do with the SSH2 server has been updated to reflect new server configuration keywords enabled in this ECO (see the ECO release notes for details). A new PDF file of this is supplied in this ECO, and has been copied to the TCPWARE_COMMON:[TCPWARE] directory. These file is: TW_MANAGEMENT_SSH2_SERVER_CH26.PDF This ECO kit provides fixes for the following DE's: - Failed logins are not sent to the VMS audit log. [DE 9842] - For those clients that can support it (this includes the client used by all Process Software SSH products), expired password handling by the server has been modified to prompt for the new password, then the session will continue rather than being logged out. For those clients that don't support this, the old method of expired password handling is still used. There are some clients that may not support this method (an expired password causes an abrupt disconnect from the server system), but the server may not be able to identify them correctly. To handle those, if the logical name TCPWARE_SSH_USE_OLD_EXPIRED_PASSWORD_SCHEME is defined system-wide, the server will revert to its previous method of handling expired passwords. [DE 10260] - Corrected an error that causes our SFTP2/SCP2 client to ACCVIO when dealing with an SFTP server that speaks SFTP protocol version 2. [DE 10234] - Modified the SFTP server such that TCPWARE_SFTP_VMS_ALL_VERSIONS will cause all file versions to be displayed no matter what the remote (client) side is. Note that when a file is copied from the VMS system to the client, the filename will contain the version number. [DE 10238] - Allowed version numbers to be used for the local source specified on SCP2 command line, even when /VMS is not used. [DE 10242] - Fixed a ACCVIO that can occur when exiting from a command file. [DE 10251] - Put the /ASCII=VMS option back in. [DE 10259] - If the logical TCPWARE_SFTP_STAT_DESTINATION_FILE is defined to be FALSE, NO or 0 (zero) then the SFTP client will not attempt to do a STAT operation to check for the presence of the destination file before opening the destination file for write. The assumption is that the destination file does not exist. If the logical TCPWARE_SFTP_STAT_DESTINATION_DIRECTORY is defined to be FALSE, NO or 0 (zero) then the SFTP client will not attempt to do a STAT operation on the destination directory before opening the destination file for write. The assumption is that the destination directory exists. These two logicals should be defined to FALSE in order to have the SFTP client work with Sterling Commerce's Connect:Enterprise product. [DE 10276] - If the logical TCPWARE_SFTP_DONT_TRUNCATE is defined to Yes, True or 1 then the SFTP server will not perform truncate operations as part of FSETSTAT and SETSTAT operations. Some systems end up with unexpected file attributes when the truncate operation is performed and this provides a method of disabling it. [DE 10305] --------------------------------------------------------------------------- Post Installation Notes The old version of the replaced SSH components will be renamed to TCPWARE_COMMON:[TCPWARE]SSH2.EXE_OLD TCPWARE_COMMON:[TCPWARE]SSHD.EXE_OLD TCPWARE_COMMON:[TCPWARE]SSHD2.EXE_OLD TCPWARE_COMMON:[TCPWARE]SSHD_MASTER.EXE_OLD TCPWARE_COMMON:[TCPWARE]SSH-AGENT2.EXE_OLD TCPWARE_COMMON:[TCPWARE]SSH-KEYGEN.EXE_OLD TCPWARE_COMMON:[TCPWARE]SSH-KEYGEN2.EXE_OLD TCPWARE_COMMON:[TCPWARE]SSH-SIGNER2.EXE_OLD TCPWARE_COMMON:[TCPWARE]SSHLEI.EXE_OLD TCPWARE_COMMON:[TCPWARE]LOAD_SSHLEI.EXE_OLD on VAX/AXP TCPWARE_COMMON:[TCPWARE]UNLOAD_SSHLEI.EXE_OLD on VAX/AXP TCPWARE_COMMON:[TCPWARE]CTRL_SSHLEI.EXE_OLD on IA64 TCPWARE_COMMON:[TCPWARE]SSH-ADD2.EXE_OLD TCPWARE_COMMON:[TCPWARE]SCP2.EXE_OLD TCPWARE_COMMON:[TCPWARE]SFTP2.EXE_OLD TCPWARE_COMMON:[TCPWARE]SFTP-SERVER2.EXE_OLD TCPWARE_COMMON:[TCPWARE]SCP-SERVER1.EXE_OLD TCPWARE_COMMON:[TCPWARE]SSH-CERTENROLL2.EXE_OLD TCPWARE_COMMON:[TCPWARE]SSH_CONTROL.COM_OLD TCPWARE_COMMON:[TCPWARE]PUBLICKEY_ASSISTANT.EXE_OLD TCPWARE_COMMON:[TCPWARE]PUBLICKEY-SERVER.EXE_OLD TCPWARE_COMMON:[TCPWARE]SSH-CERTVIEW.EXE_OLD TCPWARE_COMMON:[TCPWARE]SSH_FSCLM.EXE_OLD TCPWARE_COMMON:[TCPWARE]SSH_ACCPORNAM.EXE_OLD TCPWARE_COMMON:[TCPWARE]SSH_ZLIB.EXE_OLD Once installed, you may undo this patch by renaming the files back to their original names, and restarting the SSH component. NOTE: You must reboot your system after installing this ECO, to load the new software features. [End of ECO announcement]