Reflection for Secure IT, UNIX Client and Server

Reflection for Secure IT is a family of Secure Shell clients and servers for Windows and UNIX—all designed to protect data in motion. By replacing nonsecure Telnet and FTP with Reflection for Secure IT, administrators can safely transfer sensitive data, manage remote servers, and access corporate applications over encrypted connections.

VERSION 7.0 HIGHLIGHTS
UNIX CLIENT

Enhanced support for Kerberos through gssapi-keyex streamlines user account and credential administration by eliminating the need for host and user keys.
SSH connection reuse feature reduces authentication prompts to users running multiple SSH sessions at once.
Updated key generation utility enables faster creation of host and user keys.
Full range of documentation formats—PDF and HTML—provides quick answers to your
configuration questions.
Strict Mode support enforces proper access controls of users' private keys during public key authentication.

UNIX SERVER

Enhanced support for Kerberos through gssapi-keyex streamlines user account and credential administration by eliminating the need for host and user keys.
Dead and idle client detection restores valuable system resources consumed by active, but unused, server connections.
Full range of documentation formats—PDF and HTML—provides quick answers to your
configuration questions.
Strict Mode support enforces proper access controls for users' ssh authentication and authorization data during public key authentication.

Technical Specifications:

UNIX CLIENT

Secure File Transfer

SCP2
SFTP2
Unattended scheduled file transfers

Security Protocols

SSH2 (IETF SecSh Internet drafts and RFCs 4250–4254, 4256, 4462, 4345 and 4716)

Algorithms

Ciphers:
- AES (128, 192, and 256 bit)
- 3DES (3 56-bit key EDE)
- Blowfish (128 bit)
- CAST (128 bit)
- Arcfour (128 and 256 bit)
MACs:
- MD5
- SHA-1
- RIPEMD
Key exchange:
- RSA
- DSA
- Diffie-Hellman

Authentication

Password:
- Traditional password
Keyboard interactive:
- Traditional password
- PAM (Pluggable Authentication Module)
SSH user keys:
- RSA and DSA user keys
- Agent forwarding
Kerberos:
- User (gssapi-with-mic) and host (gssapi-keyex) authentication

Tunneling

Local
Remote
X11 protocol

Accounting

Notification of exceeded maximum password attempts

Operating Systems

HP-UX 11i v1 (PA-RISC)
HP-UX 11i v2 (Itanium)
IBM AIX 5.2 (POWER)
IBM AIX 5.3 (POWER)
Red Hat Enterprise Linux 4 (Itanium)
Red Hat Enterprise Linux 4 (x86)
Red Hat Enterprise Linux 4 (x86-64)
Red Hat Enterprise Linux 5 (x86)
Red Hat Enterprise Linux 5 (x86-64)
Sun Solaris 8 (SPARC)
Sun Solaris 9 (SPARC)
Sun Solaris 10 (SPARC)
Sun Solaris 10 (x86-64)
SUSE Linux Enterprise Server 9 (Itanium)
SUSE Linux Enterprise Server 9 (x86)
SUSE Linux Enterprise Server 9 (x86-64)
SUSE Linux Enterprise Server 10 (x86)
SUSE Linux Enterprise Server 10 (x86-64)

System Requirements

Any system that meets the minimum requirements for the UNIX/Linux operating system
Network interface card
For all Itanium systems, the library libunwind is required (HP-UX, Red Hat Enterprise Linux,
and SUSE Linux Enterprise Server)
For HP-UX 11i v1 on PA-RISC, the following patches (or their superseded patches) are
required:
- PHCO_28605 s700_800 11.11 libnss_files cumulative patch
- PHCO_31923 s700_800 11.11 libc cumulative header file patch
- PHCO_34275 s700_800 11.11 libc cumulative patch
- PHKL_34805 s700_800 11.11 JFS3.3 patch; mmap
- PHSS_33033 s700_800 11.11 ld(1) and linker tools cumulative patch
IBM AIX 5.3 Maintenance Level 5300-5
Sun Solaris UltraSPARC CPU