HPE Community
ProLiant Servers (ML,DL,SL)
1753805 Members
7858 Online
108805 Solutions
New Discussion юеВ

Re: Using F-Secure instead of OpenSSH

 
Wesley Hutton
Occasional Advisor

тАО01-19-2007 08:37 AM

тАО01-19-2007 08:37 AM

Using F-Secure instead of OpenSSH

My company has standardized on F-Secure as the default server software. I am looking for documentation on how to configure SIM to use F-Secure protocal.
0 Kudos
5 REPLIES 5
Wesley Hutton
Occasional Advisor

тАО01-19-2007 12:56 PM

тАО01-19-2007 12:56 PM

Re: Using F-Secure instead of OpenSSH

Sorry - I meant Protocol :-)
0 Kudos
Wesley Hutton
Occasional Advisor

тАО01-30-2007 11:46 AM

тАО01-30-2007 11:46 AM

Re: Using F-Secure instead of OpenSSH

Hey - who do I have to sleep with to get a response on my question?

If it's a stupid question I apologize but so far I haven't found any documents about using F-Secure instead of OpenSSH
0 Kudos
Matti_Kurkela
Honored Contributor

тАО01-30-2007 10:50 PM

тАО01-30-2007 10:50 PM

Re: Using F-Secure instead of OpenSSH

Looks like nobody knows the answer :-(

Anyway, I'll hazard a guess. I'm not familiar at all with SIM, but have plenty of experience on both OpenSSH and F-Secure SSH.

F-Secure SSH is compatible with OpenSSH, but it has some differences in key management and "scp" handling.
(OpenSSH's scp uses a protocol that is similar to rcp over SSH, while F-Secure's scp actually uses sftp protocol extension of SSH, which is supported by OpenSSH too. So using a F-Secure scp client with OpenSSH server works, but using a OpenSSH scp client with a F-Secure server fails.)

If you have SIM configuration instructions for OpenSSH, find any SSH-key-related parts of those instructions and figure out the equivalent actions in F-Secure style. Since you've standardized on F-Secure SSH, I assume you are familiar with the necessary actions. (If not, please read the F-Secure SSH documentation.)

The necessary changes are probably minimal, unless SIM tries to automate the key setup.

As you have standardized on F-Secure SSH, the scp caveat I mentioned above will probably not cause any trouble at all. If it does, there is a work-around: find a suitable OpenSSH "scp" binary and install it to your server as "scp1". F-Secure SSH server will detect the attempt to use OpenSSH-style scp (or SSH1-era scp, as it's also known). If the "SSH1 compatibility" is enabled, the server will start the "scp1" binary to handle the file transfer. There will be a message like "warning: using obsolete scp1" but the file transfer will succeed.

And if you're worried that introducing OpenSSH "scp" to your system will add security worries... the OpenSSH scp does not contain *any* cryptography or network code. It uses "ssh" binary (when client-side) or is used by "sshd" (when server-side) to handle the file reading/writing. The cryptography and network access is handled by ssh/sshd as usual. Read the source code of OpenSSH scp if you don't believe me.
MK
0 Kudos
David Claypool
Honored Contributor

тАО01-31-2007 02:53 AM

тАО01-31-2007 02:53 AM

Re: Using F-Secure instead of OpenSSH

If you only need SSH for locally-run commands on the HP SIM CMS, HP SIM 5.1 allows you to dispense with SSH completely...
0 Kudos
Wesley Hutton
Occasional Advisor

тАО01-31-2007 03:48 AM

тАО01-31-2007 03:48 AM

Re: Using F-Secure instead of OpenSSH

Unfortunately I am not by any means an expert on SSH so will take the response to someone inside my organization who hopefully can interpret the response :-)
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.