Files Used by Reflection for Secure IT
Reflection for Secure IT stores files in the following location:
The default data folder location is: C:\ProgramData\Micro Focus\RSecureServer
Note
The files in the data folder (with the exception of the host public key) contain information that should remain secure. These files should not be readable by any one except SYSTEM and Administrators. These file permissions are set by default. At startup RSIT Windows Server checks these files and verifies that SYSTEM and Administrator are the only principals granted access. If any other principal is present they will be removed and an event will be logged.
| Filename | Description |
|---|---|
rsshd_config.xml |
Server configuration file. This file is in XML format. To minimize the chance of introducing errors, we recommend using the console whenever you want to modify your server settings. |
hostkey |
The default private key of the public/private key pair used to identify the server to clients. |
hostkey.pub |
The default public key of the public/private key pair used to authenticate the server to clients. |
RSITDatabase |
This file stores cached credentials and keys used for establishing connections to remote SFTP servers. The file is encrypted using AES 256. In addition, passwords within the database are encrypted using the same algorithm with a different, system-specific key unique to the user. Moving this file to another system is not supported unless the system is identical (such as in a failover environment). |
RSITDatabase.sec |
This file contains the key required to decrypt the credential cache and is required to use the cache. If it is deleted, you will need to recreate your credential |
migration |
This hidden file indicates that the server has migrated settings from a prior version. When this file is present, the server won't repeat an automated migration. This file has no effect on migrations done using the rsshd command line -m option. |
trustedWebService.cer |
(Reflection for Secure IT Gateway only) The certificate used to authenticate Reflection Gateway Administrator. This file is created when you click the Activate and Verify button on the Reflection Gateway Users pane. If Reflection Gateway Administrator sends a different certificate, Reflection Gateway users will not be able to connect to the Reflection for Secure IT Server. |
Log Files
By default, Reflection for Secure IT stores log files in a Logs subfolder in the data folder.
| Log File | Description |
|---|---|
Console_Validation.log |
Information about invalid settings values in the rsshd_config.xml configuration file. This file is created when you start the console. |
Server_Validation.log |
Information about invalid settings values in the rsshd_config.xml configuration file. This file is created when you start the server. |
RSSHD-yyyymmdd-...log |
Debug log file. (These files are not created by default. Enable text logging using the Debug Logging pane.) |
User-Specific Files
User-specific files control access to the server by individual client users. Reflection for Secure IT looks for user-specific files in the Windows user profile folder. The user profile folder is configurable by the Windows system administrator. The default is:
-
Windows Server 2003: \Documents and Settings\username\
-
Windows Server 2008: \Users\username\
| File or Directory | Description |
|---|---|
<user profile>\.ssh2 |
Default user key directory. Copy user public keys to this directory. |
<user profile>\.ssh2\authorization |
Default user authorization file. Add a line for each key using the format "key" followed by the public key name. For example: key mykey.pub |
More information