Most of the time, the Tectia GUI applications effectively act as configuration editors, allowing users and administrators to change and save the configuration without worrying about the location or format of configuration files. In some other circumstances, however, an understanding of these details is useful, so we’ll provide a brief guided tour through the internal structure of Tectia’s configuration on Windows.
The system client configuration file ssh2_config is stored in the Tectia client installation folder. This file has the same format and function as the /etc/ssh2/ssh2_config file on Unix systems.[7.1.2.2]
Most other parts of the configuration are separately maintained
for each user, and are stored in the user profile folder[173] in the application data subfolder.[174] Tectia configuration files are collected in a subfolder
named SSH. This folder is analogous
to the user configuration folder on Unix systems (typically ~/.ssh2, but ultimately determined by the
UserConfigDirectory keyword),
although the specific files and folder layout are different for Windows,
as we’ll see. [5.3.1.5]
Warning
If roaming profiles are used, then the user profile folder is
replicated on a server, and files are transmitted to client machines
via the network, where they can be seen by anyone who is able to sniff
traffic en route. To prevent this, either disable roaming profiles for
Tectia users, or store the Tectia configuration files in a different,
local folder. If the SSHCLIENT_USERPROFILE environment variable
is set, its value specifies an alternate location to be used for the
Tectia configuration files, instead of the user profile folder.
The Tectia user configuration folder contains:
- RandomSeed
A pool of random data. [7.4.18]
- HostKeys
A subfolder to store public keys for known hosts. [7.4.3]
- UserKeys
A subfolder for storing user identities.
- identification
A list of keys used by the command-line client, ssh2.exe. This file can be produced automatically by the GUI client. [16.3] If the identification file is missing, then all keys in the UserKeys folder are used.
- *.ssh2
Profile settings for the GUI client, which are used to store configuration information based on the connection target (discussed shortly).
- global.dat
Global settings for the GUI client, which apply to all connections (discussed shortly).
- SSH Accessionconfig.cfg
The configuration settings for Accession Lite, stored in XML format.
The All Users profile folder is conceptually merged with each user profile folder.[175] Host keys and profile settings can be copied from a user profile folder to the All Users profile folder to provide systemwide access.
To provide a systemwide default configuration for Accession Lite, copy a suitably crafted config.cfg file from a user profile folder to the Accession Lite installation folder.
The *.ssh2 files for profile settings and the global.dat configuration file are usually updated by the GUI client (discussed shortly). However, they are ordinary text files that use the venerable DOS *.ini format and are easy to edit directly.
Settings are grouped in sections that are identified by names with square brackets, on separate lines. Each setting is a keyword and value, separated by an equals sign, with one pair per line. Values have prefixes to indicate the type of data:
- N:
Decimal number
- H:
Hexadecimal number
- S:
String
Boolean values are represented as decimal numbers, with zero and one indicating false and true, respectively. For example:
[Security]
...
FIPS mode=N:0Direct editing of these files is required to update a few settings that are not displayed by the GUI client: e.g., the FIPS mode setting. It is also occasionally convenient to use a script to generate a large number of profile setting files that differ only by a few settings.
The files default.ssh2 and defaultsftp.ssh2 contain default settings for the GUI client’s terminal and SFTP modes, respectively. If these files are missing, then hardwired default settings are used.
Profile settings files can be used in several ways:
Double-click on *.ssh2 files in Windows Explorer. This works because the installer arranges to associate the .ssh2 file suffix with the GUI client.
Create desktop shortcuts to the profile settings files, and then double-click on the desktop icons. The Tectia client installer automatically creates desktop shortcuts for the default profiles using the terminal and SFTP modes.
Click on the Profiles toolbar icon, and then select one of the defined profile settings from the drop-down menu.
Use the File/Profiles menu item to present the same drop-down menu.
The drop-down profiles menu also contains items that allow new profiles to be added, and existing profiles to be edited. When new connections are initiated using unsaved profile settings, a dialog is briefly displayed that allows the new profile settings to be added. The Settings toolbar icon or the Edit/Settings menu item provides access to the Profile Settings page of the Settings dialog for editing the current profile.
Use the File/Save Settings menu item to save the current profile settings, as well as the global settings. The File/Save Layout menu item performs the same function, but also records the current position of all the GUI client’s windows.
Profile settings include connection parameters (e.g., the remote hostname, username, and port number), encryption and MAC algorithms, authentication methods, optional port forwarding (which is discussed in the next section), and sftp file transfer modes.
Global settings include key pairs (which we’ve discussed previously: see Figure 16-4), host keys, other sftp options, and SOCKS firewall specifications.
Except for settings that are related to the appearance or behavior of the GUI client itself, all of the profile and global settings correspond to keywords discussed in Chapter 7.
[173] The user profile folder can be determined by examining the
value of the USERPROFILE
environment variable. It is typically C:Documents and
Settingsusername.hostname or (on older systems)
C:WINNTProfilesusername.
[174] The full pathname for the application data folder, including
the user profile folder components, can be found in the value of the
APPDATA environment variable. The
subfolder is typically named Application
Data.
[175] The All Users profile
folder can be determined by examining the value of the ALLUSERSPROFILE environment variable. It
is typically C:Documents and SettingsAll
Users or (on older systems) C:WINNTProfilesAll Users.