Set up Connection Security for 6530
How do I get to this dialog box?
-
With a 6530 session open in Reflection, open the Settings window.
The steps depend on your user interface mode.
User interface mode Steps Ribbon or Browser From the Quick Access Toolbar, click . TouchUx Tap the Gear icon and then select Document Settings. -
Under Host Connection, select Set Up Connection Security.
This dialog is used to turn on and configure one of the security (encryption) options.
Note
For information about creating and editing macros, using file transfer, logging, and other features, see the 6530 Help available on the Session ribbon Help group.
Use SSL/TLS
Use these options to configure a session for SSL/TLS security.
Note
For information about creating and editing macros, using file transfer, logging, and other features, see the 6530 Help available on the Session ribbon Help group.
Server Authentication
This item selects the type of server authentication to use for the connection. Note that you can select multiple types.
Option | Description |
---|---|
Check for valid CA signature | If checked, the SSL/TLS Certificate is checked to verify that it has a valid CA signature. |
Certificate host name must match host being contacted | If checked, the host name specified in the certificate must match the host name you are connecting to. |
Perform CRL check | If checked, the certificate is checked against a Certificate Revocation List, and if the certificate has been revoked, the connection will fail. |
Client Certificate
If you require both host and client authentication, fill in this area.
Option | Description |
---|---|
Provide client certificate | If checked, the client certificate specified in the Client certificate file box will be sent to the host. |
Client certificate file | Enter the client certificate filename and path, or click on the Browse button to start a file open dialog. |
Client certificate file password | If the client certificate file has a password, enter it here. |
Secure File Transfer
This section is used to enable SSL/TLS (FTPS) for file transfers using the built-in FTP client.
Option | Description |
---|---|
Use FTPS | Check this item if you want to use FTPS to secure FTP sessions using the built-in FTP client. |
Port | Enter the port number to use for FTPS sessions using the built-in FTP client. |
SSL/TLS logging | Select whether or not to do diagnostic logging of the session, and what level of logging should be done. |
Leave the default (None) selected unless you have a problem with the connection. | |
The resulting log file, named SSLLog.log can be sent to support to help diagnose the problem. The log file is placed in the configuration directory, normally Documents\Micro Focus\Reflection\HPNonstop\Logs . | |
If Negotiation Only Data is selected the log file contains data related to the establishment of the session, and does not contain any sensitive data such as passwords. | |
If Negotiation and Session Data is selected the log file contains all data, including passwords. Since most SSL/TLS issues occur during negotiations this setting should only be selected if the session drops after negotiations are complete. |
Use SSH
Use these options to set up SSH connections to the NonStop host.
Note
For information about creating and editing macros, using file transfer, logging, and other features, see the 6530 Help available on the Session ribbon Help group.
This item selects the type of server authentication to use for the connection. Note that you can select multiple types.
Option | Description |
---|---|
User Authentication | This area is used to specify the type of authentication used when connecting to the SSH host. Valid choices are: |
User name | |
Password: Use Username/Password only to authenticate. | |
Public Key: Use keys only to authenticate. | |
Keyboard Interactive: Use Keyboard Interactive (host prompts for Username/Password). | |
GSSAPI: Use GSSAPI (Username/Passwordand/or keys are not required). | |
If Public Key or Password and Public Key are selected, enter the private key path and file name, or click the Browse button to select it. | |
If the private key file has a password, enter it in the Private key password field. | |
Note: If the private key file has a password but it is not entered here, you will be prompted for it when you connect. The password is encrypted in the configuration file. For better security, it is suggested that this field be left blank so that the user must enter the password when connecting. | |
Encryption | Use this field to specify the encryption strength. Valid choices are: |
Auto Select: Let the software decide picks strongest available | |
DES: Use DES encryption | |
Triple DES: Use triple DES encryption | |
AES: Use AES encryption | |
Blowfish: Use Blowfish encryption | |
Compression | Use this field to specify the compression level to use. The middle of the scale is a good combination of speed and compression. You can leave this set to Auto Select to have the software decide for you. |
Banner window | If checked, the greeting message from the host will appear in a separate window instead of on the emulation screen. |
Enable logging | If checked, the session is logged to SSHLog.log in the user configuration directory (normally Documents\Micro Focus\Reflection\HPNonStop\Logs ). This field is normally left unchecked unless you have problems connecting or during a session, in which case you should turn logging on, reproduce the problem, and send the resulting log file to support to aid in diagnoses. |
Port Forwarding | Use port forwarding: If this item is checked, the connection to the host is forwarded through the SSH server to the port specified in the Port field. |
Port: Enter the port to forward connections to. | |
Startup Options | Default shell: If this option is selected, you will get the default UNIX shell on the system you are connecting to. |
Execute command: If this option is selected, enter the command you wish to execute in the field below. The session will connect, run the command, and close the connection. | |
Run program: If this option is selected, enter the program to run in the field below. The session connects, runs the program, and when you exit the program, closes the connection. | |
Inactivity Timeout | Enable inactivity timeout: If this item is left unchecked the inactivity timeout is disabled. Otherwise fill in the field below with the timeout specified in seconds. |
Secure File Transfer | Use SFTP: Check this item to enable secure file transfers via SSH (SFTP) when using the built-in FTP client. |
Host Check | If set to No, all connections are accepted. If set to Yes and the host is not known, then the connection is refused. If set to Ask User, if the host is not yet known the user is prompted as to whether to accept the connection, and whether or not to trust this host in the future. |