TCPware ECO kit announcement

The following ECO kit is now available for TCPware:

ECO: SSH_V572P010
Description: Assorted fixes including security fix
Release date: 26-JAN-2006
Ranking: 0
Max ranking: 0
Versions: 5.7-2
Requisites:

ftp://ftp.process.com/support/57_2/ssh_v572p010.zip

To search the TCPware ECO database, please visit the following URL:

http://vms.process.com/eco.html

For more information, contact Process Software via:

E-mail: support@process.com
Phone: 1-800-394-8700

The ECO kit README contents are below.

-----------------------------------------------------------

-------------------------------------------------------------------------
SSH patch kit (revision 1.0) for TCPware 5.7 16-Jan-2006

Copyright (c) 2006 by Process Software

This VMSinstallable saveset provides a new version of the
following SSH components:

- SSH client (SSH2.EXE)
- SSH1 server (SSHD.EXE)
- SSH2 server (SSHD2.EXE)
- SSH master control program (SSHD_MASTER.EXE)
- SSH identity agent program (SSH-AGENT2.EXE)
- SSH key generators (SSH-KEYGEN.EXE and SSH-KEYGEN2.EXE)
- SSH key signer (SSH-SIGNER2.EXE)
- SSH loadable executive image (SSHLEI.EXE)
- SSHLEI image controller (LOAD_SSHLEI.EXE & UNLOAD_SSHLEI.EXE
on VAX/AXP, CTRL_SSHLEI.EXE on I64)
- SSH agent identity manipulation program (SSH-ADD2.EXE)
- SSH file copy client (SCP2.EXE)
- SSH SFTP client (SFTP2.EXE)
- SSH file copy servers (SFTP-SERVER2.EXE and SCP-SERVER1.EXE)
- SSH certificate enrollment program (SSH-CERTENROLL2.EXE)
- SSH configuration procedure (SSH_CONTROL.COM)
- SSH Public Key Assistant (PUBLICKEY_ASSISTANT.EXE)
- SSH Public Key Server (PUBLICKEY-SERVER.EXE)
- SSH Certificate Viewer (SSH-CERTVIEW.EXE)
- SSH shared libraries (SSH_ZLIB.EXE, SSH_FSCLM.EXE, SSH_ACCPORNAM.EXE)

This patch is applicable to TCPware SSH on all supported
versions of OpenVMS VAX, OpenVMS Alpha, and OpenVMS I64

A system reboot is requred after installing this ECO, to load
the new software features.

This kit has an ECO ranking of 0 - Mandatory update: Process Software
recommends that all customers install this ECO kit.

*** Notes for Kerberos 5 Support ***

Support for Kerberos 5 is based on HP Kerberos V5 for OpenVMS.

SSH may be configured and used at any time, either with or
without Kerberos; however, Kerberos is required to perform Kerberos
authentication in the SSH server. If Kerberos is installed at some
later time after SSH is started, restarting SSH will allow it to
use Kerberos.

Chapter 26 of the TCPware Management Guide having to do with the
SSH2 server has been updated to reflect new server configuration
keywords enabled in this ECO (see the ECO release notes for details).
A new PDF file of this is supplied in this ECO, and has been copied
to the TCPWARE_COMMON:[TCPWARE] directory. These file is:

TW_MANAGEMENT_SSH2_SERVER_CH26.PDF

This ECO kit provides fixes for the following DE's:

- Correct a security vulnerability. [DE 10218]

- Users may be restricted from interactive, remote commands or
subsystems (SCP or SFTP) sessions by implementing the following
SSH2 server configuration keywords:

Terminal.AllowGroups
Terminal.DenyGroups
Terminal.AllowUsers
Terminal.DenyUsers

[DE 7845]

- A user could spawn multiple authentication agents (SSH-AGENT) causing
unpredictable results when trying to authenticate via the agent.
[DE 9932]

- Improved estimates of transferred file sizes to resolve problems with
transferring files in ASCII mode. [DE 10106]

- Corrected errors in the SCP/SFTP SRI decoding algorithm. [DE 10133]

- KRB5 passwords stopped working after a recent ECO. [DE 10163]

- Corrected some problems with using an absolute path name for the
file in a CHMOD request for SCP/SFTP. [DE 10169]

- Corrected a potential ACCVIO when downloading text files via SCP and
SFTP. [DE 10172]

- If the logical MULTINET_SFTP_DIRECTORY_WITH_CREATION_DATE is defined
to True, Yes or 1, then the creation date is displayed in the output
for DIRECTORY when operating in VMS mode instead of the modification
date. Note that the times are still adjusted by the local offset
from UTC. [DE 10179]

- If SSH is being executed in a VMS batch job, and it attempts to do a
remote command (e.g., "$ ssh lima.beans.com dir *.txt"), no output
would be displayed. [DE 10193]

---------------------------------------------------------------------------
Post Installation Notes

The old version of the replaced SSH components will be renamed to

TCPWARE_COMMON:[TCPWARE]SSH2.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SSHD.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SSHD2.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SSHD_MASTER.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SSH-AGENT2.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SSH-KEYGEN.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SSH-KEYGEN2.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SSH-SIGNER2.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SSHLEI.EXE_OLD
TCPWARE_COMMON:[TCPWARE]LOAD_SSHLEI.EXE_OLD on VAX/AXP
TCPWARE_COMMON:[TCPWARE]UNLOAD_SSHLEI.EXE_OLD on VAX/AXP
TCPWARE_COMMON:[TCPWARE]CTRL_SSHLEI.EXE_OLD on IA64
TCPWARE_COMMON:[TCPWARE]SSH-ADD2.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SCP2.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SFTP2.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SFTP-SERVER2.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SCP-SERVER1.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SSH-CERTENROLL2.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SSH_CONTROL.COM_OLD
TCPWARE_COMMON:[TCPWARE]PUBLICKEY_ASSISTANT.EXE_OLD
TCPWARE_COMMON:[TCPWARE]PUBLICKEY-SERVER.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SSH-CERTVIEW.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SSH_FSCLM.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SSH_ACCPORNAM.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SSH_ZLIB.EXE_OLD

Once installed, you may undo this patch by renaming the files
back to their original names, and restarting the SSH component.

NOTE: You must reboot your system after installing this ECO,
to load the new software features.

[End of ECO announcement]