Skip to content

Replace an Earlier Version or other Existing Secure Shell Program

If you're installing on a system that is already running a Secure Shell client or server, you must uninstall the prior version before you install Reflection for Secure IT UNIX Client and Server. This requirement applies to earlier versions of Reflection for Secure IT UNIX Client and Server, as well as F-Secure SSH, OpenSSH, and other Secure Shell implementations.

To install on a system that is currently running Secure Shell

  1. Log in as root.

  2. (Server only) Stop the sshd service.

  3. Uninstall your existing Secure Shell product.

  4. Install the Reflection for Secure IT UNIX Client and Server client or server.

  5. If you use public key authentication, ensure that your files and directories are configured with correct permissions. This release of Reflection for Secure IT UNIX Client and Server requires a greater degree of security than was required prior to version 7.2. If files and directories are not sufficiently protected, public key authentication will fail. For details, see File and Directory Permissions.

!!! note The StrictModes setting affects the level of protection required for files and directories used for public key authentication. To ensure enforcement of a satisfactory level of security, this setting is now enabled by default. Some file and directory permissions are enforced even when this setting is disabled.

  1. (Optional) If you had configured a non-default client or server configuration file, you will find a backup copy of your file in the configuration file directory. (For details see the note below.) Use these backup files to merge your non-default settings to the new configuration file.

    Note

    • The server installation package checks to see if an existing host key pair is already present. If no host key is found, the package creates a new host key pair and the server uses this pair for host authentication. If a host key already exists in /opt/microfocus/rsit/etc, Reflection for Secure IT UNIX Client and Server uses this key. If an OpenSSH host key is found in /etc/ssh, Reflection for Secure IT UNIX Client and Server migrates the key to the correct format and location and uses the migrated key.

    • The details of how backup configuration files are created vary with the associated operating system.

    • On all supported platforms, if you have made any changes to the default client and/or server configuration file, the installer backs up the file when you uninstall. (The file extension added to this backup depends on the native installer.)

    • Key pairs created with previous Reflection for Secure IT UNIX Client and Server versions are compatible with the current version. No conversion is necessary.

    • The StrictModes default value is now "yes" for both the client and server.

    • If /etc/pam.d/ssh exists, it is backed up and a new file is put in place.

    • Subconfiguration files, if present, are not touched.

More information