Reflection for Secure IT Help Topics
 Reflection for Secure IT features
Reflection for Secure IT, Client and Server for UNIX provides secure connections between computers. Use Reflection for Secure IT for secure file transfer, secure remote administration of computers, and to tunnel application traffic securely across a network. Both client and server installation packages are available. The server package installs all client features in addition to the server features.
Client features
- ssh (Secure Shell client)
- ssh2_config (client configuration file)
- sftp (secure file transfer)
- scp (secure file copy)
- ssh-keygen (key generation utility)
- ssh-agent (key agent)
- ssh-add (add identities to the agent)
- ssh-askpass (X11 passphrase utility)
- ssh-certtool (certificate management utility)
- ssh-certview (certificate viewing utility)
By default, client executables are installed to /usr/bin. (On Linux ssh-askpass is installed to /usr/libexec.) The global client configuration file is installed to /etc/ssh2/.
Server features
The Reflection for Secure IT server includes all of the client features listed above plus the following Secure Shell server features.
- sshd (Secure Shell daemon)
- sshd2_config (server configuration file)
- A host public/private key pair (see note below)
- sftp-server (file transfer subsystem used by the server)
By default, the sshd server is installed to /usr/sbin. The sftp-server is installed to /usr/bin. (On Linux sftp-server is installed to /usr/libexec.) The server configuration file is installed to /etc/ssh2.
Note: The server installation package checks to see if an existing host key pair is already present. If no host key is found, the package creates a new host key pair and the server uses this pair for host authentication. If a host key already exists in /etc/ssh2, Reflection for Secure IT uses this key. If an OpenSSH host key is found in /etc/ssh, Reflection for Secure IT migrates the key to the correct format and location and uses the migrated key.
Supported data encryption standards
Encryption protects the confidentiality of data in transit. This protection is accomplished by encrypting the data before it is sent using a secret key and cipher. The received data must be decrypted using the same key and cipher. The cipher used for a given session is the cipher highest in the client's order of preference that is also supported by the server.
Reflection for Secure IT supports the following data encryption standards:
- Arcfour, Arcfour128, and Arcfour256 (stream mode)
- TripleDES (168-bit) CBC mode
- Cast (128-bit) CBC mode
- Blowfish (128-bit) CBC mode
- AES, also known as Rijndael (128-, 192-, or 256-bit) CBC mode and CTR mode
Supported MAC algorithms
Data integrity ensures that data is not altered in transit.
Secure Shell connections use MACs (message authentication codes) to ensure data integrity. The client and server independently compute a hash for each packet of transferred data. If the message has changed in transit, the hash values are different and the packet is rejected. The MAC used for a given session is the MAC highest in the client's order of preference that is also supported by the server.
Reflection for Secure IT supports the following MAC standards:
- hmac-sha1
- hmac-md5
- hmac-sha1-96
- hmac-md5-96
- hmac-ripemd-160
- hmac-sha256
- hmac-sha2-256
- hmac-sha512
- hmac-sha2-512
Getting Started
Starting and stopping the server
Make an ssh connection
Transfer files using sftp
Transfer files using scp
Reference
Client configuration keywords (ssh2_config)
Client command options: ssh, sftp, scp, ssh-keygen, ssh-add, ssh-agent, ssh-certview, ssh-certtool
Server configuration keywords (sshd2_config)
Server command options: sshd
Technical Notes
Index of Reflection for Secure IT (UNIX) Technical Notes
Reflection for Secure IT Security Updates
Documentation on the Web
UNIX Client and Server
Windows Server
Windows Client
PKI Services Manager
| 