SSH for OpenVMS V2.4 Release Notes February 2010 This document contains a list of new features and bug fixes that have been made since SSH for OpenVMS V2.3. Revision/Update Information: This document supersedes the SSH for OpenVMS V2.3 Release Notes Unpublished - all rights reserved under the copyright laws of the United States No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language or computer language, in any form or by any means electronic, mechanical, magnetic, optical, or otherwise without the prior written permission of: Process Software, LLC PO Box 922 Framingham, MA 01701 USA Voice: +1 508 879 6994 info@process.com Process Software, LLC ("Process") makes no representations or warranties with respect to the contents hereof and specifically disclaims any implied warranties of merchantability or fitness for any particular purpose. Furthermore, Process Software reserves the right to revise this publication and to make changes from time to time in the content hereof without obligation of Process Software to notify any person of such revision or changes. o Alpha AXP, AXP, MicroVAX, OpenVMS, VAX, VAX Notes, VMScluster, and VMS are registered trademarks of Hewlett-Packard Corporation. o Kerberos. Copyright © 1989, DES.C and PCBC_ENCRYPT.C Copyright © 1985, 1986, 1987, 1988 by Massachusetts Institute of Technology. Export of this software from the United States of America is assumed to require a specific license from the United States Government. It is the responsibility of any person or organization contemplating export to obtain such a license before exporting. WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. o MultiNet is a registered trademark of Process Software. o Secure Shell (SSH). Copyright © 2000. This License agreement, including the Exhibits (Agreement), effective as of the latter date of execution (Effective Date), is hereby made by and between Data Fellows, Inc., a California corporation, having principal offices at 675 N. First Street, 8th floor, San Jose, CA 95112170 (Data Fellows) and Process ii Software. o TCPware is a registered trademark of Process Software. o UNIX is a trademark of UNIX System Laboratories, Inc. o All other trademarks, service marks, registered trademarks, or registered service marks mentioned in this document are the property of their respective holders. o Copyright ©1997, 1998, 1999, 2000 Process Software Corporation. All rights reserved. Printed in USA. o Copyright ©2000, 2001, 2002, 2004, 2007 Process Software, LLC. All rights reserved. Printed in USA. o If the examples of URLs, domain names, internet addresses, and web sites we use in this documentation reflect any that actually exist, it is not intentional and should not be considered an endorsement, approval, or recommendation of the actual site, or any products or services located at any such site by Process Software. Any resemblance or duplication is strictly coincidental. iii ________________________________________________________________ Contents ________________________________________________________________ CHAPTER 1 INTRODUCTION 1-1 __________________________________________________________ 1.1 TYPOGRAPHICAL CONVENTIONS 1-1 __________________________________________________________ 1.2 OBTAINING TECHNICAL SUPPORT 1-2 1.2.1 Before Contacting Technical Support 1-3 1.2.2 Sending Electronic Mail 1-5 1.2.3 Calling Technical Support 1-5 __________________________________________________________ 1.3 OBTAINING ONLINE HELP 1-6 __________________________________________________________ 1.4 ACCESSING THE SSH FOR OPENVMS PUBLIC MAILING LIST 1-6 __________________________________________________________ 1.5 PROCESS SOFTWARE WORLD WIDE WEB SERVER 1-7 __________________________________________________________ 1.6 OBTAINING SOFTWARE PATCHES OVER THE INTERNET 1-7 __________________________________________________________ 1.7 DOCUMENTATION COMMENTS 1-8 __________________________________________________________ 1.8 CD-ROM CONTENTS 1-9 1.8.1 Online Documentation 1-9 1.8.1.1 PDF Format, 1-9 1.8.1.2 Using Acrobat Reader, 1-10 __________________________________________________________ 1.9 NOTE CONCERNING KERBEROS V5 1-11 __________________________________________________________ 1.10 NOTE CONCERNING VAX V5.5-2 1-11 __________________________________________________________ 1.11 NOTE: CONCERNING SSH SESSIONS 1-11 iii Contents ________________________________________________________________ CHAPTER 2 CHANGES AND ENHANCEMENTS 2-1 __________________________________________________________ 2.1 SSH FOR OPENVMS V2.4 INSTALLATION NOTE 2-1 __________________________________________________________ 2.2 SSH UPDATES 2-1 __________________________________________________________ 2.3 FIXED PROBLEMS 2-2 2.3.1 SFTP/SCP2 2-2 2.3.2 SSH 2-3 ________________________________________________________________ CHAPTER 3 DOCUMENTATION UPDATES 3-1 __________________________________________________________ 3.1 SSH FOR OPENVMS V2.4 3-1 __________________________________________________________ 3.2 CORRECTIONS TO THE SSH FOR OPENVMS V2.4 DOCUMENTATION 3-1 ________________________________________________________________ CHAPTER 4 KNOWN BUGS/ISSUES 4-1 ________________________________________________________________ TABLES 1-1 Typographical Conventions 1-1 1-2 System Information 1-4 iv _______________________________________________________ 1 Introduction These Release Notes describe the changes and enhancements made to the SSH for OpenVMS product in version 2.4. This chapter describes conventions used in the SSH for OpenVMS documentation set and the various methods to contact and receive technical support. o For information about product changes and enhancements in the SSH for OpenVMS V2.4 Consolidated Distribution, refer to Chapter 2 of these Release Notes. o For information about changes to the documentation set, refer to Chapter 3 of these Release Notes. __________________________________________________________ 1.1 Typographical Conventions Examples in these Release Notes use the following conventions: ________________________________________________________________ Table 1-1 Typographical Conventions _______________________________________________________ Convention_______Example__________Meaning______________ Angle brackets Represents a key on your keyboard. Angle brackets Indicates that you with a slash hold down the key labeled or while simultaneously pressing another key; in this example, the A key. 1-1 Introduction Typographical Conventions ________________________________________________________________ Table 1-1 (Cont.) Typographical Conventions _______________________________________________________ Convention_______Example__________Meaning______________ Square brackets [FULL] Indicates optional choices; you can enter none of the choices, or as many as you like. When shown as part of an example, square brackets are actual characters you should type. Underscore or file_name or Between words in hyphen file-name commands, indicates the item is a single ___________________________________________element._____________ __________________________________________________________ 1.2 Obtaining Technical Support Process Software provides technical support if you have a current Maintenance Service Agreement. If you obtained SSH for OpenVMS from an authorized distributor or partner, you receive your technical support directly from them. You can contact Technical Support by: o Sending electronic mail (Section 1.2.2) o Calling Technical Support (Section 1.2.3) 1-2 Introduction Obtaining Technical Support _____________________________ 1.2.1 Before Contacting Technical Support Before you call or send email: 1 Verify that your Maintenance Service Agreement is current. 2 Read the online Release Notes completely. 3 Have the following information available: o Your name o Your company name o Your email address o Your voice and fax telephone numbers o Your Maintenance Contract Number o OpenVMS architecture o OpenVMS version o SSH for OpenVMS layered products and versions 4 Have complete information about your configuration, error messages that appeared, and problem specifics. 5 Be prepared to let a development engineer connect to your system, either with TELNET or by dialing in using a modem. Be prepared to give the engineer access to a privileged account to diagnose your problem. You can obtain information about your OpenVMS architecture, OpenVMS version, SSH for OpenVMS version, and layered products with the SSH for OpenVMS SSHCTRL VERSION command and some VMS DCL commands. Execute the following commands on a fully loaded system and email the output to support@process.com: 1-3 Introduction Obtaining Technical Support $ sshctrl version SSHCTRL-S-SSHCTRLVERS, This is SSHCTRL V2.4 $ show system/noprocess OpenVMS V7.3 on node BEANS 16-APR-2007 13:49:19.16 Uptime 0 03:08:21 $ write sys$output f$getsyi("arch_name") VAX $ In this example: The machine or system architecture is VAX. The OpenVMS version is V7.3. The SSH for OpenVMS version is V2.4. Use the following table as a template to record the relevant information about your system: ________________________________________________________________ Table 1-2 System Information _______________________________________________________ Your System Required_Information_______________Information_________ Your name Company name Your email address Your voice and fax telephone numbers System architecture VAX or Alpha OpenVMS version _________SSH_for_OpenVMS_version________________________________ Please provide information about installed SSH for OpenVMS applications and patch kits, by sending a copy of MULTINET:SSH_VERSION.; file. 1-4 Introduction Obtaining Technical Support _____________________________ 1.2.2 Sending Electronic Mail For many questions, electronic mail is the preferred communication method. Technical Support via electronic mail is available to customers with a current support contract. Send electronic mail to support@process.com. At the beginning of your mail message, include the information listed in Section 1.2.1. Continue with the description of your situation and problem specifics. Include all relevant information to help your Technical Support Specialist process and track your electronic support request. Electronic mail is answered within the desired goal of two hours, during our normal business hours, Monday through Friday from 9:00 a.m. to 5:00 p.m., United States Eastern Time. _____________________________ 1.2.3 Calling Technical Support For regular support issues, call 800-394-8700 or 508- 628-5074 for support Monday through Friday from 9:00 a.m. to 5:00 p.m., United States Eastern Time. For our customers in North America with critical problems, an option for support 7 days per week, 24 hours per day is available at an additional charge. Please contact your Account Representative for further details. Before calling, have available the information described in Section 1.2.1. When you call, you will be connected to a Technical Support Specialist. Be prepared to discuss problem specifics with your Technical Support Specialist and to let that person connect to your system. If our Support Specialists are assisting other customers and you are put on hold, please stay on the line. Most calls are answered in less than five minutes. If you cannot wait for a Specialist to take your call, please take advantage of our automatic call 1-5 Introduction Obtaining Technical Support logging feature by sending email to support@process.com (see the Section on Sending Electronic Mail). __________________________________________________________ 1.3 Obtaining Online Help Extensive information about SSH for OpenVMS is provided in the SSH for OpenVMS help library. For more information, enter the following command: $ HELP SSH __________________________________________________________ 1.4 Accessing the SSH for OpenVMS Public Mailing List Process Software maintains two public mailing lists for SSH for OpenVMS customers: o Info-SSH@process.com o SSH-Announce@process.com The Info-SSH@process.com mailing list is a forum for discussion among SSH for OpenVMS system managers and programmers. Questions and problems regarding SSH for OpenVMS can be posted for a response by any of the subscribers. To subscribe to Info-SSH, send a mail message with the word SUBSCRIBE in the body to Info- SSH-request@process.com. 1-6 Introduction Accessing the SSH for OpenVMS Public Mailing List You can retrieve the Info-SSH archives by anonymous FTP to ftp.multinet.process.com. The archives are located in the directory [MAIL_ARCHIVES.INFO-SSH]. The SSH-Announce@process.com mailing list is a one-way communication (from Process Software to you) used to post announcements relating to SSH for OpenVMS (patch releases, product releases, etc.). To subscribe to SSH- Announce, send a mail message with the word SUBSCRIBE in the body to SSH-Announce-request@process.com. __________________________________________________________ 1.5 Process Software World Wide Web Server Electronic support is provided through the Process Software web site which you can access with any World Wide Web browser; the URL is https://www.process.com __________________________________________________________ 1.6 Obtaining Software Patches over the Internet Process Software provides software patches in save set and ZIP format on its anonymous FTP server, ftp.multinet.process.com. For the location of software patches, read the .WELCOME file in the top-level anonymous directory. This file refers you to the directories containing software patches. Enter the following at the FTP prompt: FTP.MULTINET.PROCESS.COM>CD [.PATCHES.SSHxxx] FTP.MULTINET.PROCESS.COM>GET update_filename In these commands: emailaddress is your email address in the standard user@host format xxx is the version of SSH for OpenVMS you want to transfer update_filename is the name of the file you want to transfer 1-7 Introduction Obtaining Software Patches over the Internet To transfer files from Process Software directly to an OpenVMS system, you can use the GET command without any other FTP commands. However, if you need to transfer a software patch through an intermediate non-OpenVMS system, use BINARY mode to transfer the files to and from that system. In addition, if you are retrieving the software patch in save set format, make sure the save set record size is 2048 bytes when you transfer the file from the intermediate system to your OpenVMS system. o If you use the GET command to download the file size from the intermediate system, use the FTP RECORD- SIZE 2048 command before transferring the file. o If you use the PUT command to upload the file to your OpenVMS system, log into the intermediate system and use the FTP quote site rms recsize 2048 command before transferring the file. Process Software also supplies UNZIP utilities for OpenVMS VAX and Alpha for decompressing ZIP archives in the [PATCHES] directory. To use ZIP format kits, you need a copy of the UNZIP utility. The following example shows how to use UNZIP utility, assuming you have copied the appropriate version of UNZIP.EXE to your current default directory: $ UNZIP := $SYS$DISK:[]UNZIP.EXE $ UNZIP filename.ZIP Use VMSINSTAL to upgrade your SSH for OpenVMS system with the software patch. 1-8 __________________________________________________________ 1.8 CD-ROM Contents The directory structure on the CD is as follows: [MULTINET053] SSH for OpenVMS for VAX and Alpha systems [MULTINET_I64053] SSH for OpenVMS Kit for Integrity Systems [Documentation] PDF format (.pdf) Release Notes [BIND9-DOC] [VAX55-DECC-RTL] _____________________________ 1.8.1 Online Documentation The SSH for OpenVMS documentation set is available on the product CD in PDF format. The Release Notes are available on the product CD in text format. _____________________________ 1.8.1.1 PDF Format The SSH for OpenVMS documentation consists of the following PDF file: o SSH_OPENVMS.PDF (Administration and User's Guid) 1-9 Introduction CD-ROM Contents The PDF format is readable from a PC, a VAX, or an Alpha system. PCs running the Windows or NT operating system cannot read Process Software's CD. You cannot load files from the SSH for OpenVMS CD directly to a PC. Load them to your VAX or Alpha machine, then transfer them to your PC. We suggest using FTP to transfer these files. The following is an example using MS-DOS: C:> ftp node ftp> binary ftp> mget cd:*.pdf 1-10 Introduction Note Concerning Kerberos V5 __________________________________________________________ 1.9 Note Concerning Kerberos V5 SSH for OpenVMS supports Kerberos V5. Kerberos V5 requires Kerberos for HP OpenVMS. VMS V8 systems are distributed with Kerberos V5, and pre-V8 systems (OpenVMS VAX V7.3 and OpenVMS AXP v7.2-3, 7.3-*) can download Kerberos V5 from the HP website. The Kerberos V5 applications can also run with any Kerberos V5 compliant Key Distribution Center (KDC) software. __________________________________________________________ 1.10 Note Concerning VAX V5.5-2 You must install the DEC C 6.0 backport library on all OpenVMS VAX v5.5-2 systems prior to using SSH. This is the AACRT060.A file. You can find the ECO on the SSH for OpenVMS CD in the following directory: VAX55_DECC_ RTL.DIR. __________________________________________________________ 1.11 Note: Concerning SSH Sessions For each active SSH session two(2) channels are used. Please adjust the CHANNELCNT parameter to account for this usage. 1-11 _______________________________________________________ 2 Changes and Enhancements This chapter describes the changes and enhancements made for SSH for OpenVMS V2.4. __________________________________________________________ 2.1 SSH for OpenVMS V2.4 Installation Note SSH for OpenVMS V2.4 installations may only be performed from a random-access device (e.g., disk or CD-ROM). If the SSH for OpenVMS V2.4 installation is attempted from a sequential-access device (e.g., magtape or TKxx cartridge), the installation will fail. If the distribution savesets have been copied to a sequential-access device (for transporting them, for example), they must be copied to a disk for installation. __________________________________________________________ 2.2 SSH Updates SSH has been updated to the latest release from WRQ. This update contains: o Most privileged SSH functions have been consolidated in a single installed shareable image named SSHSHR. This has replaced the previous SSH_ACCPORNAM shareable image and drastically reduced the number of SSH images in, and therefore the size of, the SSH for OpenVMS distribution. o Support has been added to allow multiple SSHD_ MASTER processes on a system. This allows different addresses to be handled by each process, with possibly different configurations for each address. As the process of implementing this can be somewhat sensitive, those users who wish to do this should contact Process Software Technical Support for details. 2-1 Changes and Enhancements Fixed Problems __________________________________________________________ 2.3__Fixed_Problems__________ 2.3.1 SFTP/SCP2 o A problem which could cause the SFTP or SCP client to ACCVIO has been resolved. o The SFTP server no longer returns error status of "no permission" for unimplemented requests to perform modifications to file attributes. [DE 10557] o Corrected a problem with SFTP assuming that files that do not have a dot in their name to be directories and hence not being able to transfer them. [DE 10572] o SFTP now disables the SMG unsolicited input mailbox. This should correct some cases where SFTP can not start SSH. [DE 10602] o Removed code that attempts to resolve the proper setting of the "execute" bit on files as this has a very different meaning on VMS than it does on UNIX. [DE 10622] o SFTP no longer writes output to the terminal one character at a time. This makes batch logs readable. [DE 10638] o Problems with SCP-SERVER1 on Alpha have been corrected. [DE 10651] o Carats (^) are now added where necessary in ODS5 file specifications. [DE 10654] o Corrected errors in processing when attempting to disable SRI encoding on ODS2 disks by defining the logical: MULTINET_SFTP_ODS2_SRI_ENCODING to FALSE. [DE 10671] o Improvements in handling SFTP realpath operations. [DE 10656, 10700] o Improvements in SFTP access controls (directory and operation restrictions). [DE 10701] 2-2 Changes and Enhancements Fixed Problems o Problems which caused SFTP>LS directory_ specification to list the directory file instead of the contents of the directory, on Alpha processors, has been corrected. [DE 10171] o Changed "Unexpected error" message when there are no files in a directory to "No matching files". [DE 10727] o Corrected problems with large file transfers and directory of files larger than 4GB. [DE 10735] _____________________________ 2.3.2 SSH o On VMS 8.x systems and some 7.3-2 systems after applying some VMS ECO's, SSH sessions would fail with the log file showing an error of "Failed to get handed-off socket: errno 6". [DE 10524] o After upgrading to SSH for OpenVMS 2.3, log output might contain one character per line. [10624] o An assertion in SSHADT in the SSHD2 server could fail, causing the server to abort. [10967] o After logging out of an SSH2 session, the server process that was handling the session would occasionally enter a tight loop. [DE 10287] o For accounts with time-of-day access limitations in SYSUAF, sessions were allowed to continue past their allowable access time. [DE 10512] o If a public key has variable record format, operations involving that key, such as publickey authentication, will fail. [DE 10522] o Hostbased authentication would occasionally fail because the key signer was apparently hanging. [DE 10548] o When file transfers were done in batch jobs, the SSH client would sometimes enter an infinite loop. [DE 10592] o The SSH client would sometimes enter an infinite loop when run in a DCL command procedure. [DE 10614] 2-3 Changes and Enhancements Fixed Problems o SSH OPCOM session accept and session reject messages would sometimes display garbage at the end of the message. [DE 10629] o Corrected an ACCVIO when public key authentication fails in batch mode. [DE 10675] 2-4 _______________________________________________________ 3 Documentation Updates This chapter contains a summary of changes to the documentation for SSH for OpenVMS V2.4. __________________________________________________________ 3.1 SSH for OpenVMS V2.4 o Changed the SSH for OpenVMS version number to read V2.4. __________________________________________________________ 3.2 Corrections to the SSH for OpenVMS V2.4 documentation 3-1 _______________________________________________________ 4 Known Bugs/Issues The following are known bugs and issues with SSH for OpenVMS V2.4. o The SFTP2 and SCP2 client programs do not properly operate when SFTP protocol version 2 is in use. Very few implementations are still using protocol version 2, most are using verion 3 or version 4. 4-1