TCPware ECO kit announcement

The following ECO kit is now available for TCPware:

ECO: SSH_V572P020
Description: Assorted fixes
Release date: 2-JUN-2006
Ranking: 2
Max ranking: 0
Versions: 5.7-2
Requisites:

ftp://ftp.process.com/support/57_2/ssh_v572p020.zip

To search the TCPware ECO database, please visit the following URL:

http://vms.process.com/eco.html

For more information, contact Process Software via:

E-mail: support@process.com
Phone: 1-800-394-8700

The ECO kit README contents are below.

-------------------------------------------------------------------------
SSH patch kit (revision 2.0) for TCPware 5.7 31-May-2006

Copyright (c) 2006 by Process Software

This VMSinstallable saveset provides a new version of the
following SSH components:

- SSH client (SSH2.EXE)
- SSH1 server (SSHD.EXE)
- SSH2 server (SSHD2.EXE)
- SSH master control program (SSHD_MASTER.EXE)
- SSH identity agent program (SSH-AGENT2.EXE)
- SSH key generators (SSH-KEYGEN.EXE and SSH-KEYGEN2.EXE)
- SSH key signer (SSH-SIGNER2.EXE)
- SSH loadable executive image (SSHLEI.EXE)
- SSHLEI image controller (LOAD_SSHLEI.EXE & UNLOAD_SSHLEI.EXE
on VAX/AXP, CTRL_SSHLEI.EXE on I64)
- SSH agent identity manipulation program (SSH-ADD2.EXE)
- SSH file copy client (SCP2.EXE)
- SSH SFTP client (SFTP2.EXE)
- SSH file copy servers (SFTP-SERVER2.EXE and SCP-SERVER1.EXE)
- SSH certificate enrollment program (SSH-CERTENROLL2.EXE)
- SSH configuration procedure (SSH_CONTROL.COM)
- SSH Public Key Assistant (PUBLICKEY_ASSISTANT.EXE)
- SSH Public Key Server (PUBLICKEY-SERVER.EXE)
- SSH Certificate Viewer (SSH-CERTVIEW.EXE)
- SSH shared libraries (SSH_ZLIB.EXE, SSH_FSCLM.EXE, SSH_ACCPORNAM.EXE)

This patch is applicable to TCPware SSH on all supported
versions of OpenVMS VAX, OpenVMS Alpha, and OpenVMS I64

A system reboot is requred after installing this ECO, to load
the new software features.

This kit has an ECO ranking of 2, with an overall ranking of 0.

*** Notes for Kerberos 5 Support ***

Support for Kerberos 5 is based on HP Kerberos V5 for OpenVMS.

SSH may be configured and used at any time, either with or
without Kerberos; however, Kerberos is required to perform Kerberos
authentication in the SSH server. If Kerberos is installed at some
later time after SSH is started, restarting SSH will allow it to
use Kerberos.

Chapter 26 of the TCPware Management Guide having to do with the
SSH2 server has been updated to reflect new server configuration
keywords enabled in this ECO (see the ECO release notes for details).
A new PDF file of this is supplied in this ECO, and has been copied
to the TCPWARE_COMMON:[TCPWARE] directory. These file is:

TW_MANAGEMENT_SSH2_SERVER_CH26.PDF

This ECO kit provides fixes for the following DE's:

- Failed logins are not sent to the VMS audit log. [DE 9842]

- For those clients that can support it (this includes the client
used by all Process Software SSH products), expired password handling
by the server has been modified to prompt for the new password,
then the session will continue rather than being logged out. For
those clients that don't support this, the old method of expired
password handling is still used.

There are some clients that may not support this method (an expired
password causes an abrupt disconnect from the server system), but
the server may not be able to identify them correctly. To handle
those, if the logical name

TCPWARE_SSH_USE_OLD_EXPIRED_PASSWORD_SCHEME

is defined system-wide, the server will revert to its previous
method of handling expired passwords. [DE 10260]

- Corrected an error that causes our SFTP2/SCP2 client to ACCVIO when
dealing with an SFTP server that speaks SFTP protocol version 2.
[DE 10234]

- Modified the SFTP server such that TCPWARE_SFTP_VMS_ALL_VERSIONS
will cause all file versions to be displayed no matter what the
remote (client) side is. Note that when a file is copied from the
VMS system to the client, the filename will contain the version
number. [DE 10238]

- Allowed version numbers to be used for the local source specified on
SCP2 command line, even when /VMS is not used. [DE 10242]

- Fixed a ACCVIO that can occur when exiting from a command file.
[DE 10251]

- Put the /ASCII=VMS option back in. [DE 10259]

- If the logical TCPWARE_SFTP_STAT_DESTINATION_FILE is defined to be
FALSE, NO or 0 (zero) then the SFTP client will not attempt to do a
STAT operation to check for the presence of the destination file
before opening the destination file for write. The assumption is
that the destination file does not exist.

If the logical TCPWARE_SFTP_STAT_DESTINATION_DIRECTORY is defined
to be FALSE, NO or 0 (zero) then the SFTP client will not attempt
to do a STAT operation on the destination directory before opening
the destination file for write. The assumption is that the
destination directory exists.

These two logicals should be defined to FALSE in order to have the
SFTP client work with Sterling Commerce's Connect:Enterprise
product. [DE 10276]

- If the logical TCPWARE_SFTP_DONT_TRUNCATE is defined to Yes, True
or 1 then the SFTP server will not perform truncate operations as
part of FSETSTAT and SETSTAT operations. Some systems end up with
unexpected file attributes when the truncate operation is performed
and this provides a method of disabling it. [DE 10305]
---------------------------------------------------------------------------
Post Installation Notes

The old version of the replaced SSH components will be renamed to

TCPWARE_COMMON:[TCPWARE]SSH2.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SSHD.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SSHD2.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SSHD_MASTER.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SSH-AGENT2.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SSH-KEYGEN.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SSH-KEYGEN2.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SSH-SIGNER2.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SSHLEI.EXE_OLD
TCPWARE_COMMON:[TCPWARE]LOAD_SSHLEI.EXE_OLD on VAX/AXP
TCPWARE_COMMON:[TCPWARE]UNLOAD_SSHLEI.EXE_OLD on VAX/AXP
TCPWARE_COMMON:[TCPWARE]CTRL_SSHLEI.EXE_OLD on IA64
TCPWARE_COMMON:[TCPWARE]SSH-ADD2.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SCP2.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SFTP2.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SFTP-SERVER2.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SCP-SERVER1.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SSH-CERTENROLL2.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SSH_CONTROL.COM_OLD
TCPWARE_COMMON:[TCPWARE]PUBLICKEY_ASSISTANT.EXE_OLD
TCPWARE_COMMON:[TCPWARE]PUBLICKEY-SERVER.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SSH-CERTVIEW.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SSH_FSCLM.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SSH_ACCPORNAM.EXE_OLD
TCPWARE_COMMON:[TCPWARE]SSH_ZLIB.EXE_OLD

Once installed, you may undo this patch by renaming the files
back to their original names, and restarting the SSH component.

NOTE: You must reboot your system after installing this ECO,
to load the new software features.

[End of ECO announcement]