18 • Preface HP NonStop SSH Reference Manual
Changes in SSH2 release 89 that are incompatible with previous releases:
• Previous client mode owner policy was to use the Guardian user id to store client mode records. This
corresponds to value GUARDIANNAME for new parameter CLIENTMODEOWNERPOLICY. The default
value for this parameter is BOTH, i.e. in order to get the previous behavior the parameter
CLIENTMODEOWNERPOLICY must be explicitly set to GUARDIANNAME.
• With the introduction of parameter CLIENTMODEOWNERPOLICY it is no longer possible to execute
SSHCOM GENERATE KEY for an alias if CLIENTMODEOWNERPOLICY is set to GUARDIANNAME. In
previous releases this was possible although such a key had never been used (only those keys, which were
stored under the Guardian id underlying an alias.
• Users that are frozen in Safeguard are no longer accepted per default (new parameter
ALLOWFROZENSYSTEMUSER has default value FALSE). Previous releases allowed authentication and if
that was successful (methods none, publickey and gssapi-with-mic) the user was granted access. The previous
behavior can be re-established by setting parameter ALLOWFROZENSYSTEMUSER to TRUE.
• Auditing of executed SFTP commands for outgoing connections has been added. Previously there was such
support for incoming connections. If an SFTP[OSS] client of release 89 or later connects via an SSH2 process
of previous releases, an exception occurs (error 48) during audit initialization, i.e. an SFTP[OSS] client of
release 89 or later must be used with an SSH2 process of version 89 or later.
• The AUDIT messages have been modified to include the SESSION-LOG-ID to be able to relate AUDIT
messages to LOG messages and STATUS SESSION output.
• A different behavior has been implemented if an OBJECTTYPE USER record exists in Safeguard: parameter
sets FULLSSHCOMACCESSGROUP<j> and FULLSSHCOMACCESSUSER<i> will be ignored.
• SUPER.SUPER no longer has full access to SSHCOM if an OBJECTTYPE USER record exists which
explicitly denies SUPER.SUPER the Create authority. In previous releases SUPER.SUPER always had full
access, independent of the OBJECTTYPE USER record.
• The format of audit messages has changed. Main change is the addition of the SESSION-LOG-ID at the
beginning of each audit message (allowing to relate log messages and STATUS SESSION information to audit
messages).
• SFTP informational messages like "Uploading ..." and "Fetching ..." now display Guardian file names in
standard ssh format (Unix style with OSS prefix /G or /E) to better conform to the SFTP standard; before that,
the Guardian style was the default.
Version 3.6
Describes changes in SSH2 release 88.
Documentation for the following new features has been added:
• Description for SSH2 TCP/IP related parameters SOCKETSNDBUF and SOCKETRCVBUF have been added.
• Parameter KEEPALIVE has been renamed to SOCKETKEEPALIVE.
• The "ASLINEMODE" command has been added to SFTP client commands.
• Description of newly supported SFTP transfer modes.
• Added description for new parameter SFTPEXCLUSIONMODEREAD.
Version 3.5
Describes changes in SSH2 release 87.
Documentation for the following new features has been added:
To Next Page
Loading...
Need help?
General