Table of Migrated Settings

When you install Reflection for Secure IT on systems with a Reflection 6.x server or F-Secure server, supported settings are migrated to the newer XML configuration file format. This table provides a summary of which settings are supported and how settings are migrated to the newer XML format.

Note: Settings for configuring certificate authentication are migrated when you install Reflection PKI Services Manager. For details, see Table of Migrated PKI Settings.

sshd2_config Keyword	rsshd_config.xml Setting
AddGroupToToken	Not supported
AllowedAuthentications	Authentication.<xxx>.<xxx> Values: allow = 2, require = 3, deny = 1 gssapi-with-mic > GSSAPI. AllowGSSAPIAuthentication publickey > PublicKey.AllowPublicKeyAuthentication keyboard-interactive > KeyboardInteracitve. AllowKeyboardInteracitveAuthentication password > Password.AllowPasswordAuthentication
AllowedPasswordAuthentications	Authentication.Radius.UseRadius
AllowGroups	GroupAccessControl.GroupEntry.GroupName.AllowAccess sets AllowAccess to true
AllowTcpForwardingForGroups	Not supported
AllowTcpForwardingForUsers	Not supported
AllowUsers	UserAccessControl.UserEntry.UserName. AllowAccess Sets AllowAccess to true
AllowHosts	ClientHostAccessControl.ClientHostServer. ClientDomain.AllowAccess Sets AllowAccess to true
AllowTcpForwarding	Permission.PermitC2SPortForwarding Permission.PermitS2CPortForwarding
AuthFailureErrorMessages	Authentication.AuthFailureErrorMessages
AuthImmediateDisconnect	Authentication.AuthImmediateDisconnect
AuthInteractiveFailureTimeout	Authentication.Password.Password-AttemptDelay
AuthKbdInt.NumOptional	Not supported
AuthKbdInt.Optional	Authentication.RSASecurID.RSASecurIDAuthentication Set to '2' if 'securid' is present in the migrated setting
AuthKbdInt.Plugin	Not supported
AuthKbdInt.Required	Authentication.RSASecurID.RSASecurIDAuthentication Set to '3' if 'securid' present in the migrated setting
AuthKbdInt.Retries	Not supported
AuthorizationFile	Authentication.PublicKeys.Authorization-File
AuthPublicKey.MaxSize	Authentication.PublicKeys.PublicKey-MaxSize
AuthPublicKey.MinSize	Authentication.PublicKeys.PublicKey-MinSize
BadKeyName	Not supported
BannerMessageFile	General.BannerMessageFile
CachePasswords	Authentication.UsePasswordCache
Cert.RSA.Compat.HashScheme	Not supported
Ciphers	Encryption.Ciphers.<xxx> aes128-ctr > aes128-ctr aes128-cbc > aes128-cbc aes128 > aes128-cbc aes192-ctr > aes192-ctr aes192-cbc > aes192-cbc aes192 > aes192-cbc aes256-ctr >aes256-ctr aes256-cbc > aes256-cbc aes256 > aes256-cbc 3des-ctr > not supported 3des-cbc > des3-cbc 3des > des3-cbc blowfish-ctr > not supported blowfish-cbc > blowfish-cbc blowfish > blowfish-cbc twofish > not supported arcfour >arcfour-128,arcfour-256,arcfour cast128-ctr > not supported cast128-cbc > cast128-cbc cast128 > cast128-cbc des-cbc@ssh.com > not supported des > not supported rc2-cbc@ssh.com > not supported none > NoEncryption Any > aes128-cbc, aes192-cbc, aes256-cbc, des3-cbc, blowfish-cbc, cast128-cbc, aes128-ctr, aes192-ctr, aes256-ctr, NoEncryption AnyStd > aes128-cbc, aes192-cbc, aes256-cbc, des3-cbc, blowfish-cbc, aes128-ctr, aes192-ctr, aes256-ctr AnyCipher > aes128-cbc, aes192-cbc, aes256-cbc, des3-cbc, blowfish-cbc, cast128-cbc, aes128-ctr, aes192-ctr, aes256-ctr AnyStdCipher > aes128-cbc, aes192-cbc, aes256-cbc, des3-cbc, blowfish-cbc, cast128-cbc, aes128-ctr, aes192-ctr, aes256-ctr Note: If only unsupported ciphers are set, migration of ciphers setting will fail.
CRLFile	Not supported
DefaultDirectory	Permission.TerminalDefaultDirectory
DenyGroups	GroupAccessControl.GroupEntry.GroupName. AllowAccess Sets AllowAccess to false
DenyHosts	ClientHostAccessControl.ClientHostServer. ClientDomain.AllowAccess Sets AllowAccess to false
DenyTcpForwardingForGroups	Not supported
DenyTcpForwardingForUsers	Not supported
DenyUsers	UserAccessControl.UserEntry.UserName. AllowAccess Sets AllowAccess to false
DisableVersionFallback	SSH1 not supported by Reflection for Secure IT
DoubleBackspace	Not supported
EmulationType	Not supported
EmulationTypeForCommands	Not supported
EmulationTypeForForcedCommand	Not supported
EnableLegacySubauthentication	Not supported
EventLogFilter	EventLogging.EventLoggingLevel DebugLogging.DebugLoggingLevel error - 1 error,warning - 2 error,warning,info - 3
FipsMode	Encryption.FipsMode
ForwardACL	Not supported
GSSAPI.AllowedMethods	Not supported
GSSAPI.DelegateToken	Not supported
HostCertificateFile	Identity.HostCertificateFile
HostKeyFile	Identity.HostKeyFile
HostKeyEkInitString	Not supported
HostKeyEkProvider	Not supported
HostKeyEkTimeOut	Not supported
HostSpecificConfig	Not supported
IdleTimeOut	General.IdleTimeout
IsPasswordChangeAllowed	Authentication.Password.Permit-PasswordChange
KeepAlive	Network.Binding.TCPKeepAlive
LDAPServers	Not supported
LocalPki	Not supported
ListenAddress	Network.Binding.ListenAddress (first binding)
LogCertificateSubject	Not supported
LoginGraceTime	Authentication.GraceLoginTimeout
LogPublicKeyFingerPrint	Not supported
MACs	Encryption.MACs.<xxx> hmac-sha1 > hmac-sha1 hmac-sha256 > hmac-sha256 hmac-sha512 > hmac-sha512 hmac-md5 > hmac-md5 hmac-sha256 > Not supported hmac-ripemd160 > hmac-ripemd160 none > NoProtection Any > hmac-sha1, hmac-sha256, hmac-sha512, hmac-md5, hmac-ripemd160, NoProtection AnyStd > hmac-sha1, hmac-sha256, hmac-sha512, hmac-md5, NoProtection AnyMac > hmac-sha1, > hmac-md5, hmac-ripemd160 AnyStdMac > hmac-sha1, hmac-md5
MapFile	Not supported
MaxBroadcastsPerSecond	Not supported
MaxConnections	General.MaximumConnection
NoDelay	Not supported
OCSPResponder	Not supported
PasswdPath	Not supported
PasswordGuesses	Authentication.Password.Maximum-PasswordAttempts
PermitEmptyPasswords	Authentication.Password.Permit-EmptyPassword
PermitRootLogin	Not supported
PermitUserTerminal	Permission.PermitTerminalShell
Pki	Not supported
PkiDisableCrls	Not supported
PkiOcspMode	Not supported
Port	Network.Binding.Port
PrivateWindowStation	Not supported
ProtocolVersionString	Identity.ProtocolVersionString
PublicHostKeyfile	Public key is copied – no XML setting
QuietMode	Not supported
RadiusKey	Authentication.Radius.RadiusServer.ServerSecret
RadiusServer	Authentication.Radius.RadiusServer.ServerName
RandomSeedFile	Not supported
RekeyIntervalSeconds	Encryption.KeyExchange.Rekey-IntervalSeconds
RemoteCommandPrefix	Permission.ExecutionRequestPrefix
RequiredAuthentications	Values: allow = 2, require = 3, deny = 1 gssapi-with-mic > GSSAPI.Allow-GSSAPIAuthentication publickey > PublicKey.AllowPublic-KeyAuthentication keyboard- > KeyboardInteracitve.Allow-KeyboardInteracitveAuthentication password > Password.AllowPassword-Authentication
RequireReverseMapping	Network.Binding.RequireDNSLookup
ResolveClientHostName	Not supported
RevocationCa	Not supported
SettableEnvironmentVars	Not supported
Sftp-AdminDirList	Not migrated
Sftp-AdminUsers	Not migrated
Sftp-DirList	SFTPDirectories.AccessibleDirectories. AccessibleDirectory Note:If a “/” chroot is defined, then this accessible directory will be marked allowed and others will be marked not allowed. Also, ‘Allow all’ setting will be unchecked.If multiple “/” chroot is found, migration only migrate the first entry of “/”. If no “/” chroot is defined, all accessible directory(s)will be marked allowed. Also, ‘Allow all’ setting will be checked. If the first entry of “/” chroot contains “$Drive”, migration will NOT migrate ANY accessible directory(s). If a non-chroot accessible directory contains “$Drive”, migration will skip this directory.
Sftp-Home	SFTPDirectories.UserLoginDirectory If Sftp-Home is empty, the server uses the first entry on Sftp_DirList, provided it is not a chrooted entry (forward slash). Note: If a “/” chroot is defined, then the user login directory will be set to “/” value. If multiple “/” chroot is found, then the first entry of “/” wins. If Sftp-Home directory is not one of accessible directory(s) or a child of one of the accessible directory(s), then user login directory will be set to “/”.
SftpLogCategory	EventLogging.EventLoggingLevel DebugLogging.DebugLoggingLevel error,warning,info - 3 Note: All SFTP log categories are now part of overall event/debug logging. By default, Error Warning Information logging levels provide at least the same or more information. User Login/Logout > error,warning,info - 2 Uploads > error,warning,info - 2 Downloads > error,warning,info - 2 Directory Listings > error,warning,info - 2 Modifications > error,warning,info - 2
SocksServer	Not supported
Ssh1Compatibility	SSH1 not supported by Reflection for Secure IT
Sshd1ConfigFile	SSH1 not supported by Reflection for Secure IT
Sshd1Path	SSH1 not supported by Reflection for Secure IT
SubAuthId	Not supported
Subsystem	Not applicable
Subsystem-sftp	Not applicable
TerminalProvider	Permission.TerminalShell
TryReverseMapping	Not supported
UserConfigDirectory	Authentication.PublicKeys.UserKey-Directory
UserSFTPDirectory	Pre 6.0 F-Secure keyword setting maps to SFTPDirectories.UserLoginDirectory Uses same logic as Sftp-Home
UserSpecificConfig	Not migrated
VerboseMode	Not supported