Replace an Earlier Version or other Existing Secure Shell Program

If you're installing on a system that is already running a Secure Shell client or server, you must uninstall the prior version before you install Reflection for Secure IT. This requirement applies to earlier versions of Reflection for Secure IT, as well as F-Secure SSH, OpenSSH, and other Secure Shell implementations.

To install on a system that is currently running Secure Shell

  1. Log in as root.
  2. (Server only) Stop the sshd service.
  3. Uninstall your existing Secure Shell product.
  4. (AIX only) Check for the existence of a hidden .toc file in the directory from which you ran installp to uninstall your previous version. If this file is present, remove or rename it.
  5. Install the Reflection for Secure IT client or server.
  6. If you use public key authentication, ensure that your files and directories are configured with correct permissions. This release of Reflection for Secure IT requires a greater degree of security than was required prior to version 7.2. If files and directories are not sufficiently protected, public key authentication will fail. For details, see File and Directory Permissions.

    Note: The StrictModes setting affects the level of protection required for files and directories used for public key authentication. To ensure enforcement of a satisfactory level of security, this setting is now enabled by default. Some file and directory permissions are enforced even when this setting is disabled.

  7. (Optional) If you had configured a non-default client or server configuration file, you will find a backup copy of your file in the configuration file directory. (For details see the note below.) Use these backup files to merge your non-default settings to the new configuration file.


  • The server installation package checks to see if an existing host key pair is already present. If no host key is found, the package creates a new host key pair and the server uses this pair for host authentication. If a host key already exists in /etc/ssh2, Reflection for Secure IT uses this key. If an OpenSSH host key is found in /etc/ssh, Reflection for Secure IT migrates the key to the correct format and location and uses the migrated key.
  • The details of how backup configuration files are created vary with the associated operating system.
    • On all platforms except AIX, if you have made any changes to the default client and/or server configuration file, the installer backs up the file when you uninstall. (The file extension added to this backup depends on the native installer.)
    • On AIX, no backup file is created when you uninstall; instead, a backup file is created if a non-default configuration file is present when you install Reflection for Secure IT.
  • Key pairs created with previous Reflection for Secure IT versions are compatible with the current version. No conversion is necessary.
  • The StrictModes default value is now "yes" for both the client and server.
  • If /etc/pam.d/ssh exists, it is backed up and a new file is put in place.
  • Subconfiguration files, if present, are not touched.

Related Topics

Install and Uninstall on Linux

Install and Uninstall on Sun Solaris

Install and Uninstall on HP-UX

Install and Uninstall on IBM AIX