previous
next
When you install Reflection for Secure IT on systems with a Reflection 6.x server or F-Secure server, supported settings are migrated to the newer XML configuration file format. This table provides a summary of which settings are supported and how settings are migrated to the newer XML format.
NOTE:Settings for configuring certificate authentication are migrated when you install Reflection PKI Services Manager. For details, see Table of Migrated PKI Settings.
|
sshd2_config Keyword |
rsshd_config.xml Setting |
|---|---|
|
AddGroupToToken |
Not supported |
|
AllowedAuthentications |
Authentication.<xxx>.<xxx> Values: allow = 2, require = 3, deny = 1
publickey > PublicKey.AllowPublicKeyAuthentication
password > Password.AllowPasswordAuthentication |
|
AllowedPasswordAuthentications |
Authentication.Radius.UseRadius |
|
AllowGroups |
GroupAccessControl.GroupEntry.GroupName.AllowAccess sets AllowAccess to true |
|
AllowTcpForwardingForGroups |
Not supported |
|
AllowTcpForwardingForUsers |
Not supported |
|
AllowUsers |
Sets AllowAccess to true |
|
AllowHosts |
Sets AllowAccess to true |
|
AllowTcpForwarding |
Permission.PermitC2SPortForwarding Permission.PermitS2CPortForwarding |
|
AuthFailureErrorMessages |
Authentication.AuthFailureErrorMessages |
|
AuthImmediateDisconnect |
Authentication.AuthImmediateDisconnect |
|
AuthInteractiveFailureTimeout |
Authentication.Password.Password-AttemptDelay |
|
AuthKbdInt.NumOptional |
Not supported |
|
AuthKbdInt.Optional |
Authentication.RSASecurID.RSASecurIDAuthentication Set to '2' if 'securid' is present in the migrated setting |
|
AuthKbdInt.Plugin |
Not supported |
|
AuthKbdInt.Required |
Authentication.RSASecurID.RSASecurIDAuthentication Set to '3' if 'securid' present in the migrated setting |
|
AuthKbdInt.Retries |
Not supported |
|
AuthorizationFile |
Authentication.PublicKeys.Authorization-File |
|
AuthPublicKey.MaxSize |
Authentication.PublicKeys.PublicKey-MaxSize |
|
AuthPublicKey.MinSize |
Authentication.PublicKeys.PublicKey-MinSize |
|
BadKeyName |
Not supported |
|
BannerMessageFile |
General.BannerMessageFile |
|
CachePasswords |
Authentication.UsePasswordCache |
|
Cert.RSA.Compat.HashScheme |
Not supported |
|
Ciphers |
Encryption.Ciphers.<xxx>
none > NoEncryption Any > aes128-cbc, aes192-cbc, aes256-cbc, des3-cbc, blowfish-cbc, cast128-cbc, aes128-ctr, aes192-ctr, aes256-ctr, NoEncryption AnyStd > aes128-cbc, aes192-cbc, aes256-cbc, des3-cbc, blowfish-cbc, aes128-ctr, aes192-ctr, aes256-ctr AnyCipher > aes128-cbc, aes192-cbc, aes256-cbc, des3-cbc, blowfish-cbc, cast128-cbc, aes128-ctr, aes192-ctr, aes256-ctr AnyStdCipher > aes128-cbc, aes192-cbc, aes256-cbc, des3-cbc, blowfish-cbc, cast128-cbc, aes128-ctr, aes192-ctr, aes256-ctr NOTE:If only unsupported ciphers are set, migration of ciphers setting will fail. |
|
CRLFile |
Not supported |
|
DefaultDirectory |
Permission.TerminalDefaultDirectory |
|
DenyGroups |
Sets AllowAccess to false |
|
DenyHosts |
Sets AllowAccess to false |
|
DenyTcpForwardingForGroups |
Not supported |
|
DenyTcpForwardingForUsers |
Not supported |
|
DenyUsers |
Sets AllowAccess to false |
|
DisableVersionFallback |
SSH1 not supported by Reflection for Secure IT |
|
DoubleBackspace |
Not supported |
|
EmulationType |
Not supported |
|
EmulationTypeForCommands |
Not supported |
|
EmulationTypeForForcedCommand |
Not supported |
|
EnableLegacySubauthentication |
Not supported |
|
EventLogFilter |
EventLogging.EventLoggingLevel DebugLogging.DebugLoggingLevel
|
|
FipsMode |
Encryption.FipsMode |
|
ForwardACL |
Not supported |
|
GSSAPI.AllowedMethods |
Not supported |
|
GSSAPI.DelegateToken |
Not supported |
|
HostCertificateFile |
Identity.HostCertificateFile |
|
HostKeyFile |
Identity.HostKeyFile |
|
HostKeyEkInitString |
Not supported |
|
HostKeyEkProvider |
Not supported |
|
HostKeyEkTimeOut |
Not supported |
|
HostSpecificConfig |
Not supported |
|
IdleTimeOut |
General.IdleTimeout |
|
IsPasswordChangeAllowed |
Authentication.Password.Permit-PasswordChange |
|
KeepAlive |
Network.Binding.TCPKeepAlive |
|
LDAPServers |
Not supported |
|
LocalPki |
Not supported |
|
ListenAddress |
Network.Binding.ListenAddress (first binding) |
|
LogCertificateSubject |
Not supported |
|
LoginGraceTime |
Authentication.GraceLoginTimeout |
|
LogPublicKeyFingerPrint |
Not supported |
|
MACs |
Encryption.MACs.<xxx>
none > NoProtection Any > hmac-sha1, hmac-sha256, hmac-sha512, hmac-md5, hmac-ripemd160, NoProtection AnyStd > hmac-sha1, hmac-sha256, hmac-sha512, hmac-md5, NoProtection AnyMac > hmac-sha1, > hmac-md5, hmac-ripemd160 AnyStdMac > hmac-sha1, hmac-md5 |
|
MapFile |
Not supported |
|
MaxBroadcastsPerSecond |
Not supported |
|
MaxConnections |
General.MaximumConnection |
|
NoDelay |
Not supported |
|
OCSPResponder |
Not supported |
|
PasswdPath |
Not supported |
|
PasswordGuesses |
Authentication.Password.Maximum-PasswordAttempts |
|
PermitEmptyPasswords |
Authentication.Password.Permit-EmptyPassword |
|
PermitRootLogin |
Not supported |
|
PermitUserTerminal |
Permission.PermitTerminalShell |
|
Pki |
Not supported |
|
PkiDisableCrls |
Not supported |
|
PkiOcspMode |
Not supported |
|
Port |
Network.Binding.Port |
|
PrivateWindowStation |
Not supported |
|
ProtocolVersionString |
Identity.ProtocolVersionString |
|
PublicHostKeyfile |
Public key is copied – no XML setting |
|
QuietMode |
Not supported |
|
RadiusKey |
Authentication.Radius.RadiusServer.ServerSecret |
|
RadiusServer |
Authentication.Radius.RadiusServer.ServerName |
|
RandomSeedFile |
Not supported |
|
RekeyIntervalSeconds |
Encryption.KeyExchange.Rekey-IntervalSeconds |
|
RemoteCommandPrefix |
Permission.ExecutionRequestPrefix |
|
RequiredAuthentications |
Values: allow = 2, require = 3, deny = 1 gssapi-with-mic > GSSAPI.Allow-GSSAPIAuthentication publickey > PublicKey.AllowPublic-KeyAuthentication keyboard- > KeyboardInteracitve.Allow-KeyboardInteracitveAuthentication password > Password.AllowPassword-Authentication |
|
RequireReverseMapping |
Network.Binding.RequireDNSLookup |
|
ResolveClientHostName |
Not supported |
|
RevocationCa |
Not supported |
|
SettableEnvironmentVars |
Not supported |
|
Sftp-AdminDirList |
Not migrated |
|
Sftp-AdminUsers |
Not migrated |
|
Sftp-DirList |
Note:If a “/” chroot is defined, then this accessible directory will be marked allowed and others will be marked not allowed. Also, ‘Allow all’ setting will be unchecked.If multiple “/” chroot is found, migration only migrate the first entry of “/”. If no “/” chroot is defined, all accessible directory(s)will be marked allowed. Also, ‘Allow all’ setting will be checked. If the first entry of “/” chroot contains “$Drive”, migration will NOT migrate ANY accessible directory(s). If a non-chroot accessible directory contains “$Drive”, migration will skip this directory. |
|
Sftp-Home |
SFTPDirectories.UserLoginDirectory If Sftp-Home is empty, the server uses the first entry on Sftp_DirList, provided it is not a chrooted entry (forward slash). Note: If a “/” chroot is defined, then the user login directory will be set to “/” value. If multiple “/” chroot is found, then the first entry of “/” wins. If Sftp-Home directory is not one of accessible directory(s) or a child of one of the accessible directory(s), then user login directory will be set to “/”. |
|
SftpLogCategory |
EventLogging.EventLoggingLevel DebugLogging.DebugLoggingLevel error,warning,info - 3 NOTE:All SFTP log categories are now part of overall event/debug logging. By default, Error Warning Information logging levels provide at least the same or more information. User Login/Logout > error,warning,info - 2 Uploads > error,warning,info - 2 Downloads > error,warning,info - 2 Directory Listings > error,warning,info - 2 Modifications > error,warning,info - 2 |
|
SocksServer |
Not supported |
|
Ssh1Compatibility |
SSH1 not supported by Reflection for Secure IT |
|
Sshd1ConfigFile |
SSH1 not supported by Reflection for Secure IT |
|
Sshd1Path |
SSH1 not supported by Reflection for Secure IT |
|
SubAuthId |
Not supported |
|
Subsystem |
Not applicable |
|
Subsystem-sftp |
Not applicable |
|
TerminalProvider |
Permission.TerminalShell |
|
TryReverseMapping |
Not supported |
|
UserConfigDirectory |
Authentication.PublicKeys.UserKey-Directory |
|
UserSFTPDirectory |
Pre 6.0 F-Secure keyword setting maps to SFTPDirectories.UserLoginDirectory Uses same logic as Sftp-Home |
|
UserSpecificConfig |
Not migrated |
|
VerboseMode |
Not supported |