ECO kit SSH_V572P050
----------------------------------------------------------------------------
SSH patch kit (revision 5.0) for TCPware 5.7 5-Sep-2007
Copyright (c) 2006, 2007 by Process Software
This VMSinstallable saveset provides a new version of the
following SSH components:
- SSH client (SSH2.EXE)
- SSH1 server (SSHD.EXE)
- SSH2 server (SSHD2.EXE)
- SSH master control program (SSHD_MASTER.EXE)
- SSH identity agent program (SSH-AGENT2.EXE)
- SSH key generators (SSH-KEYGEN.EXE and SSH-KEYGEN2.EXE)
- SSH key signer (SSH-SIGNER2.EXE)
- SSH loadable executive image (SSHLEI.EXE, LOAD_SSHLEI.EXE,
UNLOAD_SSHLEI.EXE)
- SSH agent identity manipulation program (SSH-ADD2.EXE)
- SSH file copy client (SCP2.EXE)
- SSH SFTP client (SFTP2.EXE)
- SSH file copy servers (SFTP-SERVER2.EXE and SCP-SERVER1.EXE)
- SSH server configuration template file (SSHD2_CONFIG.TEMPLATE)
- SSH certificate enrollment program (SSH-CMPCLIENT.EXE)
- SSH configuration procedure (SSH_CONTROL.COM)
- The SSH HELP (either in a standalone library or as part of
SYS$HELP:HELPLIB.HLB, as determined by the original TCPware install)
- SSH Public Key Assistant (PUBLICKEY_ASSISTANT.EXE)
- SSH Certificate Viewer (SSH-CERTVIEW.EXE)
- SSH shared libraries (SSH_ZLIB.EXE, SSH_FSCLM.EXE, SSH_ACCPORNAM.EXE)
- SSH Public Key Server (PUBLICKEY-SERVER.EXE)
- SSH Certificate Viewer (SSH-CERTVIEW.EXE)
- SSH client configuration template (SSH2_CONFIG.TEMPLATE)
- LDAP authentication plugin using the VMS Authentication Module
(LDAP-PLUGIN.EXE)
- SecurID authentication plugin using the VMS Authentication Module
(SECURID-PLUGIN.EXE)
- Startup file for the SSH1 server (START_SSHD1.COM)
- Startup file for the SSH2 server (START_SSHD2.COM)
This VMSinstallable saveset provides the following new SSH
components:
- SSH X.509 certificate tool (SSH-CERTTOOL.EXE)
A new version of the following common TCPware utilities are
provided:
- NETCU utility (NETCU.EXE)
- TCPware command definitions (TCPWARE_COMMANDS.COM and
TCPware.CLD)
This patch is applicable to TCPware SSH on all supported
versions of OpenVMS VAX, OpenVMS Alpha and OpenVMS I64.
A system reboot is requred after installing this ECO, to load
the new software features.
NOTE: The TCPware ECO DRIVERS_V572P040 or later is required
and must be installed in order to run SSH after installing
the SSH_V572P040 ECO.
This kit has an ECO ranking of 2.
This kit includes the following corrections:
o After logging out of an SSH2 session, the server process that was
handling the session would occasionally enter a tight loop.
[DE 10287]
o On some systems, OPCOM session accept/reject messages from the
SSH server would have garbage at the end of them. [DE 10446]
o For accounts with time-of-day access limitations in SYSUAF,
sessions were allowed to continue past their allowable access
time. [DE 10512]
o After applying the most recent SSH ECO's, login attempts would
occasionally display messages of the form:
Failed to write host key a.veeeeeeeeerrrrryyy.loooongg.domain
[DE 10574]
o Hostbased authentication would occasionally fail because the
key signer was apparently hanging. [DE 10548]
o The SFTP server no longer returns error status of "no permission"
for unimplemented requests to perform modifications to file
attributes. [DE 10557]
o Corrected a problem with SFTP assuming that files that do not have
a dot in their name to be directories and hence not being able to
transfer them. [DE 10572]
*** Notes for Kerberos 5 Support ***
Support for Kerberos 5 is based on HP Kerberos V5 for OpenVMS.
SSH may be configured and used at any time, either with or
without Kerberos; however, Kerberos is required to perform Kerberos
authentication in the SSH server. If Kerberos is installed at some
later time after SSH is started, restarting SSH will allow it to
use Kerberos.
Some chapters of the TCPware documentation having to do with SSH
have been updated. New PDF files of these are supplied in this
ECO, and are copied to the TCPWARE_COMMON:[TCPWARE] directory.
These are:
TW_MANAGEMENT_SSH1_SERVER_CH25.PDF
TW_MANAGEMENT_SSH2_SERVER_CH26.PDF
TW_USER_GUIDE_SSH_CLIENT_CH16.PDF
TW_USER_GUIDE_FILE_XFER_CH17.PDF
---------------------------------------------------------------------------
Post Installation Notes
You must execute CNFNET to reconfigure SSH, which will cause some
new SSH parameters to be written out the the TCPware configuration
file. This must be done prior to rebooting the system after
installing this ECO. To reconfigure SSH, execute:
$ @TCPWARE:CNFNET SSH
Defaults may be taken for all questions if you do not wish to
reconfigure SSH.
If you have NOT previously installed a TCPware 5.7 SSH patch kit, or
are not sure if one was previously installed, you must perform the
following procedure:
- Save your old SSH2_DIR:SSHD2_CONFIG. file and create a new one from
the new TCPWARE:SSHD2_CONFIG.TEMPLATE file:
$ COPY SSH2_DIR:SSHD2_CONFIG. SSH2_DIR:SSHD2_CONFIG.OLD
$ COPY TCPWARE:SSHD2_CONFIG.TEMPLATE SSH2_DIR:SSHD2_CONFIG.
- If you previously customized your SSH2_DIR:SSHD2_CONFIG file (now
renamed to ".OLD"), you must edit the new SSH2_DIR:SSHD2_CONFIG
file and add your customizations to it. You MUST use the new
file created from the new TCPWARE:SSHD2_CONFIG.TEMPLATE file for
this.
- Note that if you are in a clustered environment with a shared
system disk, you must copy the TCPWARE:SSHD2_CONFIG.TEMPLATE from
the node where the ECO was initially installed to the SSH2_DIR:
directory on each of the other nodes in the cluster before making
the new SSHD2_CONFIG file and making any changes as noted above.
The old version of the replaced SSH components will be renamed to
TCPWARE_COMMON:[TCPWARE]SSH2.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SSHD.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SSHD2.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SSHD_MASTER.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SSH-ADD2.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SSH-AGENT2.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SCP2.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SSH-KEYGEN.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SSH-KEYGEN2.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SSH-SIGNER2.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SSH-CERTVIEW.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SSH-CERTENROLL2.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SCP-SERVER1.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SFTP-SERVER2.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SSHD2_CONFIG.TEMPLATE_OLD
TCPWARE_COMMON:[TCPWARE]SSHLEI.EXE_OLD
TCPWARE_COMMON:[TCPWARE]LOAD_SSHLEI.EXE_OLD
TCPWARE_COMMON:[TCPWARE]UNLOAD_SSHLEI.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SSH_FSCLM.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SSH_ACCPORNAM.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SSH_ZLIB.EXE_OLD
TCPWARE_COMMON:[TCPWARE]NETCU.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SSH_CONTROL.COM_OLD
TCPWARE_COMMON:[TCPWARE]TCPWARE_COMMANDS.COM_OLD
Once installed, you may undo this patch by renaming the files
back to their original names, and restarting the SSH component.
NOTE: You must reboot your system after installing this ECO,
to load the new software features.
TCPware ECO,
Process Software