ECO kit SSH_V572P050

----------------------------------------------------------------------------
SSH patch kit (revision 5.0) for TCPware 5.7                 5-Sep-2007

Copyright (c) 2006, 2007 by Process Software

         This VMSinstallable saveset provides a new version of the
         following SSH components:

         - SSH client (SSH2.EXE)
         - SSH1 server (SSHD.EXE)
         - SSH2 server (SSHD2.EXE)
         - SSH master control program (SSHD_MASTER.EXE)
         - SSH identity agent program (SSH-AGENT2.EXE)
         - SSH key generators (SSH-KEYGEN.EXE and SSH-KEYGEN2.EXE)
         - SSH key signer (SSH-SIGNER2.EXE)
         - SSH loadable executive image (SSHLEI.EXE, LOAD_SSHLEI.EXE,
           UNLOAD_SSHLEI.EXE)
         - SSH agent identity manipulation program (SSH-ADD2.EXE)
         - SSH file copy client (SCP2.EXE)
         - SSH SFTP client (SFTP2.EXE)
         - SSH file copy servers (SFTP-SERVER2.EXE and SCP-SERVER1.EXE)
         - SSH server configuration template file (SSHD2_CONFIG.TEMPLATE)
         - SSH certificate enrollment program (SSH-CMPCLIENT.EXE)
         - SSH configuration procedure (SSH_CONTROL.COM)
         - The SSH HELP (either in a standalone library or as part of 
           SYS$HELP:HELPLIB.HLB, as determined by the original TCPware install)
	 - SSH Public Key Assistant (PUBLICKEY_ASSISTANT.EXE)
         - SSH Certificate Viewer (SSH-CERTVIEW.EXE)
         - SSH shared libraries (SSH_ZLIB.EXE, SSH_FSCLM.EXE, SSH_ACCPORNAM.EXE)
	 - SSH Public Key Server (PUBLICKEY-SERVER.EXE)
         - SSH Certificate Viewer (SSH-CERTVIEW.EXE)
	 - SSH client configuration template (SSH2_CONFIG.TEMPLATE)
	 - LDAP authentication plugin using the VMS Authentication Module
	   (LDAP-PLUGIN.EXE)
	 - SecurID authentication plugin using the VMS Authentication Module
	   (SECURID-PLUGIN.EXE)
 	 - Startup file for the SSH1 server (START_SSHD1.COM)
 	 - Startup file for the SSH2 server (START_SSHD2.COM)

         This VMSinstallable saveset provides the following new SSH
         components:

	 - SSH X.509 certificate tool (SSH-CERTTOOL.EXE)

         A new version of the following common TCPware utilities are 
	 provided:

         - NETCU utility (NETCU.EXE)
         - TCPware command definitions (TCPWARE_COMMANDS.COM and
           TCPware.CLD)

         This patch is applicable to TCPware SSH on all supported 
         versions of OpenVMS VAX, OpenVMS Alpha and OpenVMS I64.

         A system reboot is requred after installing this ECO, to load 
	 the new software features.

	 NOTE: The TCPware ECO DRIVERS_V572P040 or later is required 
               and must be installed in order to run SSH after installing 
               the SSH_V572P040 ECO. 

         This kit has an ECO ranking of 2.

	 This kit includes the following corrections:
  
         o After logging out of an SSH2 session, the server process that was
           handling the session would occasionally enter a tight loop.
           [DE 10287]

         o On some systems, OPCOM session accept/reject messages from the
           SSH server would have garbage at the end of them.  [DE 10446]
     
         o For accounts with time-of-day access limitations in SYSUAF,
           sessions were allowed to continue past their allowable access
           time.  [DE 10512]
     
         o After applying the most recent SSH ECO's, login attempts would
           occasionally display messages of the form:
     
             Failed to write host key a.veeeeeeeeerrrrryyy.loooongg.domain
     
           [DE 10574]
     
         o Hostbased authentication would occasionally fail because the
           key signer was apparently hanging.   [DE 10548]
     
         o The SFTP server no longer returns error status of "no permission"
           for unimplemented requests to perform modifications to file
           attributes.  [DE 10557]
     
         o Corrected a problem with SFTP assuming that files that do not have
           a dot in their name to be directories and hence not being able to
           transfer them. [DE 10572]

                   *** Notes for Kerberos 5 Support ***

         Support for Kerberos 5 is based on HP Kerberos V5 for OpenVMS.

         SSH may be configured and used at any time, either with or
         without Kerberos; however, Kerberos is required to perform Kerberos 
         authentication in the SSH server.  If Kerberos is installed at some 
         later time after SSH is started, restarting SSH will allow it to 
         use Kerberos.


         Some chapters of the TCPware documentation having to do with SSH
         have been updated.  New PDF files of these are supplied in this
         ECO, and are copied to the TCPWARE_COMMON:[TCPWARE] directory.  
         These are:

             TW_MANAGEMENT_SSH1_SERVER_CH25.PDF
             TW_MANAGEMENT_SSH2_SERVER_CH26.PDF
             TW_USER_GUIDE_SSH_CLIENT_CH16.PDF
             TW_USER_GUIDE_FILE_XFER_CH17.PDF

---------------------------------------------------------------------------
			Post Installation Notes

    You must execute CNFNET to reconfigure SSH, which will cause some
    new SSH parameters to be written out the the TCPware configuration
    file.  This must be done prior to rebooting the system after 
    installing this ECO.   To reconfigure SSH, execute:

 		$ @TCPWARE:CNFNET SSH

    Defaults may be taken for all questions if you do not wish to
    reconfigure SSH.

    If you have NOT previously installed a TCPware 5.7 SSH patch kit, or
    are not sure if one was previously installed, you must perform the
    following procedure:

    - Save your old SSH2_DIR:SSHD2_CONFIG. file and create a new one from
      the new TCPWARE:SSHD2_CONFIG.TEMPLATE file:

	$ COPY SSH2_DIR:SSHD2_CONFIG. SSH2_DIR:SSHD2_CONFIG.OLD
	$ COPY TCPWARE:SSHD2_CONFIG.TEMPLATE SSH2_DIR:SSHD2_CONFIG.

    - If you previously customized your SSH2_DIR:SSHD2_CONFIG file (now
      renamed to ".OLD"), you must edit the new SSH2_DIR:SSHD2_CONFIG
      file and add your customizations to it.  You MUST use the new 
      file created from the new TCPWARE:SSHD2_CONFIG.TEMPLATE file for
      this.

    - Note that if you are in a clustered environment with a shared
      system disk, you must copy the TCPWARE:SSHD2_CONFIG.TEMPLATE from
      the node where the ECO was initially installed to the SSH2_DIR:
      directory on each of the other nodes in the cluster before making 
      the new SSHD2_CONFIG file and making any changes as noted above.

    The old version of the replaced SSH components will be renamed to

             TCPWARE_COMMON:[TCPWARE]SSH2.EXE_OLD
             TCPWARE_COMMON:[TCPWARE]SSHD.EXE_OLD
             TCPWARE_COMMON:[TCPWARE]SSHD2.EXE_OLD
             TCPWARE_COMMON:[TCPWARE]SSHD_MASTER.EXE_OLD
             TCPWARE_COMMON:[TCPWARE]SSH-ADD2.EXE_OLD
             TCPWARE_COMMON:[TCPWARE]SSH-AGENT2.EXE_OLD
             TCPWARE_COMMON:[TCPWARE]SCP2.EXE_OLD
             TCPWARE_COMMON:[TCPWARE]SSH-KEYGEN.EXE_OLD
             TCPWARE_COMMON:[TCPWARE]SSH-KEYGEN2.EXE_OLD
             TCPWARE_COMMON:[TCPWARE]SSH-SIGNER2.EXE_OLD
             TCPWARE_COMMON:[TCPWARE]SSH-CERTVIEW.EXE_OLD
             TCPWARE_COMMON:[TCPWARE]SSH-CERTENROLL2.EXE_OLD
             TCPWARE_COMMON:[TCPWARE]SCP-SERVER1.EXE_OLD
             TCPWARE_COMMON:[TCPWARE]SFTP-SERVER2.EXE_OLD
             TCPWARE_COMMON:[TCPWARE]SSHD2_CONFIG.TEMPLATE_OLD
             TCPWARE_COMMON:[TCPWARE]SSHLEI.EXE_OLD
             TCPWARE_COMMON:[TCPWARE]LOAD_SSHLEI.EXE_OLD
             TCPWARE_COMMON:[TCPWARE]UNLOAD_SSHLEI.EXE_OLD
	     TCPWARE_COMMON:[TCPWARE]SSH_FSCLM.EXE_OLD
	     TCPWARE_COMMON:[TCPWARE]SSH_ACCPORNAM.EXE_OLD
	     TCPWARE_COMMON:[TCPWARE]SSH_ZLIB.EXE_OLD
             TCPWARE_COMMON:[TCPWARE]NETCU.EXE_OLD
             TCPWARE_COMMON:[TCPWARE]SSH_CONTROL.COM_OLD
             TCPWARE_COMMON:[TCPWARE]TCPWARE_COMMANDS.COM_OLD

    Once installed, you may undo this patch by renaming the files
    back to their original names, and restarting the SSH component.

    NOTE: You must reboot your system after installing this ECO,
          to load the new software features.