login about faq

Tectia Client/Server/ConnectSecure and Server for IBM z/OS 6.4.8 were released on October 28. What's new in these releases?

asked Oct 28 '14 at 15:15

SSH%20KB's gravatar image

SSH KB ♦
509249246237


The 6.4.8 releases contain the following special items:

  • Tectia Client, Server and ConnectSecure now support Red Hat Enterprise Linux 7.

  • Tectia Client and Server now support Windows 8.1.

  • Tectia Server now supports defining an external script to extend the checks during the authentication of users to the server.

  • Tectia Server for IBM z/OS now accepts z/OS operator console modify and stop commands. This makes it possible for example to enable debug messages via the 'debug' modify command without having to restart the server.

All released products also include bug fixes and minor features.

Note also that the end of support date for all 6.4 Feature Releases has been extended!


The following includes a summary of the release notes for each product.

Tectia Client/ConnectSecure

New Features:

  • Tectia Client only: Windows: Added support for Windows 8.1 for Tectia Client and Server.

  • Linux: Added support for Red Hat Enterprise Linux 7 for Tectia Client, Server and ConnectSecure.

  • All Platforms: Added standard MACs hmac-sha2-256 and hmac-sha2-512 as specified in RFC 6668. This enables third-party compatibility when using SHA-2 MACs in Tectia products.

  • Windows: Added an "Authentication Method" drop-down list in the Quick Connect dialog of Tectia SSH Terminal GUI for selecting the authentication method to use regardless of what is specified in the configuration.

  • Windows: Tectia Client/ConnectSecure now provides SHA-2 support with certificates stored in tokens via MSCAPI.

Bug Fixes:

  • All Platforms: Fixed an issue in Tectia Client/ConnectSecure where short host name was accepted in host authentication with certificate. It is no longer possible to connect to a host without providing the FQDN.

  • Windows: When using the Charismatics PKCS#11 interface to access a smart card, the Connection Broker no longer crashes when inserting and removing a smart card from the card reader.

  • Windows: Fixed a possible crash when shutting down Tectia Connections Status GUI.

  • Windows: Fixed a crash in the Connection Broker that was triggered when attempting to use a certificate for authenticating and no valid signature algorithms were available.

  • Documentation: Generic documentation improvements.

Tectia Server

New Features:

  • Windows: Added support for Windows 8.1 for Tectia Client and Server.

  • Linux: Added support for Red Hat Enterprise Linux 7 for Tectia Client, Server and ConnectSecure.

  • All Platforms: Added the possibility to define an external application in the authentication/mapper element (in the authentication-methods block) to extend the checks when authenticating users to Tectia Server.

  • All Platforms: Added standard MACs hmac-sha2-256 and hmac-sha2-512 as specified in RFC 6668. This enables third-party compatibility when using SHA-2 MACs in Tectia products.

  • Linux: Tectia SSH Server will prevent write access to "/proc/self/{mem,maps}" when executing the sft-server-g3 subsystem.

Bug Fixes:

  • All Platforms: Tectia Server will now specify the "user-agent" when performing HTTP get requests during certificate validation, as it seems to be a requirement for some of the setups when downloading CA's via HTTP.

  • Unix: When an account's password is expired with "passwd -e" or "chage -d 0" and the inactivity period for the account is set, Tectia Server will no longer deny the account login. Instead, it will require that the account's password be changed.

  • Unix: Improved the management of accounts when the /etc/shadow file is in use.

  • Windows: Fixed a Tectia Server crash that occurred during authentication with users belonging to a large number of groups.

  • Windows: Tectia Server will no longer start if the ssh-server-config.xml file has wrong permissions. The owner of the file must be a member of the Administrators group, only Administrators and System may have full control of the file, users are not allowed to modify the file, and other accounts are not allowed not have access to the file. When upgrading to this version of Tectia Server on Windows Server 2003 or Windows XP, Power Users and "Terminal Server User" must be removed from the ACL manually or via the installer during the upgrade.

  • Windows: During a quiet upgrade of Tectia Server, if the ACL for an existing configuration file is incorrect, the server will by default be uninstalled. The default behavior can be overridden by specifying one of the following values to the SSHMSI_SSH_FILE_PERMISSIONS property of the MSI package:

  • Reset or 1 - reset permissions to default state.
  • Ignore or 2 - continue installation without modifying file permissions. In this case the server and configuration utility may not be able to start.

  • Windows: Fixed an issue that prevented login to Tectia Server on Windows using password authentication with a password containing certain special characters.

  • Windows: Fixed an issue with remote command execution when connecting from/to older versions of Tectia Client or Tectia Server on Windows with Japanese locale.

  • Windows: Enabled logging of messages with severity 'error' and 'warning' to system log before applying settings from the configuration file.

  • Windows: Tectia Server Configuration GUI no longer crashes when using a configuration file with the content copied straight from ssh-server-config-tutorial.xml.

  • Windows: Fixed a memory corruption that occurred when retrieving user groups failed, and could have caused a crash in Tectia Server.

  • Documentation: Generic documentation improvements.

Tectia Server for IBM z/OS

New Features:

  • Added standard MACs hmac-sha2-256 and hmac-sha2-512 as specified in RFC 6668. This enables third-party compatibility when using SHA-2 MACs in Tectia products.

  • Tectia Server for z/OS now accepts z/OS operator console modify and stop commands. This makes it possible for example to enable debug messages via the 'debug' modify command without having to restart the server. Please note that the syntax has changed to console commands for managing SSHD2 and SSHCERTD started tasks. When upgrading to this version and if it is desired to make use of modify-command support, shut down the existing started tasks, update the relevant PROCLIB members from the supplied samples newly installed in /opt/tectia/doc/zOS/SAMPLIB/ and then then start the new procedures. If you do not update the started-task procedures, the daemons will run under control of the old shell-scripts, responding to the old syntax, but not to modify commands.

Bug Fixes:

  • Fixed the line delimiter conversion in DOS files that are submitted from UNIX to JES.

  • Fixed an issue in Tectia Client where short host name was accepted in host authentication with certificate. It is no longer possible to connect to a host without providing the FQDN.

  • File transfer to a data set with existing prefix using PuTTY no longer fails.

  • Fixed an issue that occurred when an sput destination file name was a non-existing z/OS PDS dataset. A new PDS dataset is created when the destination file name is //__PDS(member) and FTADV directory_size is set.

  • The LIBPATH environment variable is no longer set by Tectia Server in the user's environment when logging in.

  • Fixed an issue in Tectia Server which caused a file transfer to fail when a third-party SSH client tried to fetch a data set with conversion.

  • Tectia Server for IBM z/OS Quick Start Guide has been rewritten into a more compact version.

  • Generic documentation improvements.


For further information about the products and changes between the different versions, and instructions on how to update the product, see the customer documentation and release notes at the SSH product documentation site.

link

answered Oct 28 '14 at 15:25

SSH%20KB's gravatar image

SSH KB ♦
509249246237

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×69
×60
×49
×34
×31

Asked: Oct 28 '14 at 15:15

Seen: 2,877 times

Last updated: Oct 28 '14 at 15:25

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.