Show Contents / Index / Search

Table of Migrated Settings

When you install Reflection for Secure IT on systems with an F-Secure server or a version of the Reflection for Secure IT server prior to version 7.0, supported settings are migrated to the new xml configuration file. This table provides a summary of which settings are supported and how settings are migrated to the newer XML format.

ssh2_config Keyword

rsshd_config.xml Setting

AddGroupToToken

Not supported

AllowedAuthentications

 

Authentication.<xxx>.<xxx>

Values: allow = 2, require = 3, deny = 1

gssapi-with-mic > GSSAPI.
AllowGSSAPIAuthentication

publickey > PublicKey.AllowPublicKeyAuthentication

keyboard-interactive > KeyboardInteracitve.
AllowKeyboardInteracitveAuthentication

password > Password.AllowPasswordAuthentication

AllowedPasswordAuthentications

Not supported

AllowGroups

Not migrated

AllowTcpForwardingForGroups

Not supported

AllowTcpForwardingForUsers

Not supported

AllowUsers

Not migrated

AllowHosts

ClientHostAccessControl. ClientHostServer. ClientDomain. AllowAccess

sets AllowAccess to true

AllowTcpForwarding

Permission.PermitC2SPortForwarding

Permission.PermitS2CPortForwarding

AuthFailureErrorMessages

Not supported

AuthImmediateDisconnect

Not supported

AuthInteractiveFailureTimeout

Authentication.Password.Password-AttemptDelay

AuthKbdInt.NumOptional

Not supported

AuthKbdInt.Optional

Not supported

AuthKbdInt.Plugin

Not supported

AuthKbdInt.Required

Not supported

AuthKbdInt.Retries

Not supported

AuthorizationFile

Authentication.PublicKeys.Authorization-File

AuthPublicKey.MaxSize

Authentication.PublicKeys.PublicKey-MaxSize

AuthPublicKey.MinSize

Authentication.PublicKeys.PublicKey-MinSize

BadKeyName

Not supported

BannerMessageFile

General.BannerMessageFile

CachePasswords

Authentication.UsePasswordCache

Cert.RSA.Compat.HashScheme

Not supported

Ciphers

 

Encryption.Ciphers.<xxx>

aes128-ctr > not supported
aes128-cbc > aes128-cbc
aes128 > aes128-cbc
aes192-ctr > not supported
aes192-cbc > aes192-cbc
aes192 > aes192-cbc
aes256-ctr >not supported
aes256-cbc > aes256-cbc
aes256 > aes256-cbc
3des-ctr >not supported
3des-cbc > des3-cbc
3des > des3-cbc
blowfish-ctr > not supported
blowfish-cbc > blowfish-cbc
blowfish > blowfish-cbc
twofish > not supported
arcfour > Encryption.Ciphers.arcfour
cast128-ctr > not supported
cast128-cbc > cast128-cbc
cast128 > cast128-cbc
des-cbc@ssh.com > not supported
des > not supported
rc2-cbc@ssh.com > not supported

none > NoEncryption

Any > aes128-cbc, aes192-cbc, aes256-cbc, des3-cbc, blowfish-cbc, cast128-cbc, NoEncryption

AnyStd > aes128-cbc, aes192-cbc, aes256-cbc, des3-cbc, blowfish-cbc, cast128-cbc

AnyCipher > aes128-cbc, aes192-cbc, aes256-cbc, des3-cbc, blowfish-cbc, cast128-cbc

AnyStdCipher > aes128-cbc, aes192-cbc, aes256-cbc, des3-cbc, blowfish-cbc, cast128-cbc

Note: If the only unsupported ciphers are set, migration of ciphers setting will fail.

CRLFile

Not supported

DefaultDirectory

Not supported

DenyGroups

Not migrated

DenyHosts

ClientHostAccessControl. ClientHostServer. ClientDomain. AllowAccess

sets AllowAccess to false

DenyTcpForwardingForGroups

Not supported

DenyTcpForwardingForUsers

Not supported

DenyUsers

Not migrated

DoubleBackspace

Not supported

EmulationType

Not supported

EmulationTypeForCommands

Not supported

EmulationTypeForForcedCommand

Not supported

EnableLegacySubauthentication

Not supported

EventLogFilter

EventLogging.EventLoggingLevel

DebugLogging.DebugLoggingLevel

error - 1
error,warning - 2
error,warning,info - 3

FipsMode

Encryption.FipsMode

ForwardACL

Not supported

HostCertificateFile

Identity.HostCertificateFile

HostKeyFile

Identity.HostKeyFile

GSSAPI.AllowedMethods

Not supported

GSSAPI.DelegateToken

Not supported

HostSpecificConfig

Not supported

IdleTimeOut

General.IdleTimeout

IsPasswordChangeAllowed

Authentication.Password.Permit-PasswordChange

KeepAlive

Network.Binding.TCPKeepAlive

LDAPServers

Not supported

LocalPki

Not supported

ListenAddress

Network.Binding.ListenAddress (first binding)

LogCertificateSubject

Not supported

LoginGraceTime

Authentication.GraceLoginTimeout

MACs

 

Encryption.MACs.<xxx>

hmac-sha1 > hmac-sha1
hmac-md5 > hmac-md5
hmac-sha256 > Not supported
hmac-ripemd160 > hmac-ripemd160

none > NoProtection

Any > hmac-sha1, hmac-md5, hmac-ripemd160, NoProtection

AnyStd > hmac-sha1,hmac-md5, NoProtection

AnyMac > hmac-sha1, > hmac-md5, hmac-ripemd160

AnyStdMac > hmac-sha1, hmac-md5

MapFile

Not supported

MaxBroadcastsPerSecond

Not supported

MaxConnections

General.MaximumConnection

NoDelay

Not supported

OCSPResponder

Not supported

PasswordGuesses

Authentication.Password.Maximum-PasswordAttempts

PermitEmptyPasswords

Authentication.Password.Permit-EmptyPassword

PermitRootLogin

Not supported

PermitUserTerminal

Permission.PermitTerminalShell

Pki

Not supported

PkiDisableCrls

Not supported

PkiOcspMode

Not supported

Port

Network.Binding.Port

PrivateWindowStation

Not supported

ProtocolVersionString

Identity.ProtocolVersionString

PublicHostKeyfile

Public key is copied no XML setting

QuietMode

Not supported

RadiusKey

Not supported

RadiusServer

Not supported

RandomSeedFile

Not supported

RekeyIntervalSeconds

Encryption.KeyExchange.Rekey-IntervalSeconds

RemoteCommandPrefix

Permission.ExecutionRequestPrefix

RequiredAuthentications

Values: allow = 2, require = 3, deny = 1

gssapi-with-mic > GSSAPI.Allow-GSSAPIAuthentication

publickey > PublicKey.AllowPublic-KeyAuthentication

keyboard- > KeyboardInteracitve.Allow-KeyboardInteracitveAuthentication

password > Password.AllowPassword-Authentication

RequireReverseMapping

Network.Binding.RequireDNSLookup

ResolveClientHostName

Not supported

RevocationCa

Not supported

Sftp-AdminDirList

Not migrated

Sftp-AdminUsers

Not migrated

Sftp-DirList

Directories.SFTPAccessible-Directories.AccessibleDirectory

Sftp-Home

Directories.SFTPHomeDirectory

If Sftp-Home is empty, the server uses the first entry on Sftp_DirList, provided it is not a chrooted entry (forward slash).

SftpLogCategory6

EventLogging.EventLoggingLevel

DebugLogging.DebugLoggingLevel

error,warning,info - 3

Note: All SFTP log categories are now part of overall event/debug logging. By default, Error Warning Information logging levels provide at least the same or more information.

User Login/Logout > error,warning,info - 2

Uploads > error,warning,info - 2

Downloads > error,warning,info - 2

Directory Listings > error,warning,info - 2

Modifications > error,warning,info - 2

SocksServer

Not supported

SubAuthId

Not supported

Subsystem

Not applicable

Subsystem-sftp

Not applicable

TerminalDefaultDirectory

Not supported

TerminalProvider

Permission.TerminalShell

TryReverseMapping

Not supported

UserConfigDirectory

Authentication.PublicKeys.UserKey-Directory

UserSFTPDirectory

Not migrated

UserSpecificConfig

Not migrated