Skip to content

Set up Connection Security for 6530

How do I get to this dialog box?
  1. With a 6530 session open in Reflection, open the Settings window.

    The steps depend on your user interface mode.

    User interface mode Steps
    Ribbon or Browser From the Quick Access Toolbar, click .
    TouchUx Tap the Gear icon and then select Document Settings.
  2. Under Host Connection, select Set Up Connection Security.

This dialog is used to turn on and configure one of the security (encryption) options.

Note

For information about creating and editing macros, using file transfer, logging, and other features, see the 6530 Help available on the Session ribbon Help group.

Use SSL/TLS

Use these options to configure a session for SSL/TLS security.

Note

For information about creating and editing macros, using file transfer, logging, and other features, see the 6530 Help available on the Session ribbon Help group.

Server Authentication

This item selects the type of server authentication to use for the connection. Note that you can select multiple types.

Option Description
Check for valid CA signature If checked, the SSL/TLS Certificate is checked to verify that it has a valid CA signature.
Certificate host name must match host being contacted If checked, the host name specified in the certificate must match the host name you are connecting to.
Perform CRL check If checked, the certificate is checked against a Certificate Revocation List, and if the certificate has been revoked, the connection will fail.

Client Certificate

If you require both host and client authentication, fill in this area.

Option Description
Provide client certificate If checked, the client certificate specified in the Client certificate file box will be sent to the host.
Client certificate file Enter the client certificate filename and path, or click on the Browse button to start a file open dialog.
Client certificate file password If the client certificate file has a password, enter it here.

Secure File Transfer

This section is used to enable SSL/TLS (FTPS) for file transfers using the built-in FTP client.

Option Description
Use FTPS Check this item if you want to use FTPS to secure FTP sessions using the built-in FTP client.
Port Enter the port number to use for FTPS sessions using the built-in FTP client.
SSL/TLS logging Select whether or not to do diagnostic logging of the session, and what level of logging should be done.
Leave the default (None) selected unless you have a problem with the connection.
The resulting log file, named SSLLog.log can be sent to support to help diagnose the problem. The log file is placed in the configuration directory, normally Documents\Micro Focus\Reflection\HPNonstop\Logs.
If Negotiation Only Data is selected the log file contains data related to the establishment of the session, and does not contain any sensitive data such as passwords.
If Negotiation and Session Data is selected the log file contains all data, including passwords. Since most SSL/TLS issues occur during negotiations this setting should only be selected if the session drops after negotiations are complete.

Use SSH

Use these options to set up SSH connections to the NonStop host.

Note

For information about creating and editing macros, using file transfer, logging, and other features, see the 6530 Help available on the Session ribbon Help group.

This item selects the type of server authentication to use for the connection. Note that you can select multiple types.

Option Description
User Authentication This area is used to specify the type of authentication used when connecting to the SSH host. Valid choices are:
User name
Password: Use Username/Password only to authenticate.
Public Key: Use keys only to authenticate.
Keyboard Interactive: Use Keyboard Interactive (host prompts for Username/Password).
GSSAPI: Use GSSAPI (Username/Passwordand/or keys are not required).
If Public Key or Password and Public Key are selected, enter the private key path and file name, or click the Browse button to select it.
If the private key file has a password, enter it in the Private key password field.
Note: If the private key file has a password but it is not entered here, you will be prompted for it when you connect. The password is encrypted in the configuration file. For better security, it is suggested that this field be left blank so that the user must enter the password when connecting.
Encryption Use this field to specify the encryption strength. Valid choices are:
Auto Select: Let the software decide – picks strongest available
DES: Use DES encryption
Triple DES: Use triple DES encryption
AES: Use AES encryption
Blowfish: Use Blowfish encryption
Compression Use this field to specify the compression level to use. The middle of the scale is a good combination of speed and compression. You can leave this set to Auto Select to have the software decide for you.
Banner window If checked, the greeting message from the host will appear in a separate window instead of on the emulation screen.
Enable logging If checked, the session is logged to SSHLog.log in the user configuration directory (normally Documents\Micro Focus\Reflection\HPNonStop\Logs). This field is normally left unchecked unless you have problems connecting or during a session, in which case you should turn logging on, reproduce the problem, and send the resulting log file to support to aid in diagnoses.
Port Forwarding Use port forwarding: If this item is checked, the connection to the host is forwarded through the SSH server to the port specified in the Port field.
Port: Enter the port to forward connections to.
Startup Options Default shell: If this option is selected, you will get the default UNIX shell on the system you are connecting to.
Execute command: If this option is selected, enter the command you wish to execute in the field below. The session will connect, run the command, and close the connection.
Run program: If this option is selected, enter the program to run in the field below. The session connects, runs the program, and when you exit the program, closes the connection.
Inactivity Timeout Enable inactivity timeout: If this item is left unchecked the inactivity timeout is disabled. Otherwise fill in the field below with the timeout specified in seconds.
Secure File Transfer Use SFTP: Check this item to enable secure file transfers via SSH (SFTP) when using the built-in FTP client.
Host Check If set to No, all connections are accepted. If set to Yes and the host is not known, then the connection is refused. If set to Ask User, if the host is not yet known the user is prompted as to whether to accept the connection, and whether or not to trust this host in the future.