global.dat configuration file is separate for each user account. It is located in the user account's
Application Data\SSH directory (for example
C:\Documents and Settings\username\Application Data\SSH).
SSH Tectia Client can optionally be operated in FIPS mode, using a version of the cryptographic library that has been certified according to the Federal Information Processing Standard (FIPS) 140-2. In this mode, the cryptographic operations are performed according to the rules of the FIPS 140-2 certification.
The software uses standard libraries by default - the FIPS-140-2 certified libraries are available separately. For a list of platforms on which the FIPS library has been validated or tested, see SSH Tectia Client/Server Product Description.
Using the FIPS-certified library version can be controlled by editing the
global.dat configuration file. Locate the
FIPS mode=N: setting (under the
[Security] heading), and edit the digit after the colon (
:) accordingly (0 for FIPS mode off, 1 for on).
This setting affects the GUI client (only). See Section ssh2_config for instructions on using the FIPS mode with the command-line client.
RSA Certificate Hash Scheme
Older SSH Secure Shell clients and servers used hashes in an incoherent manner (sometimes MD5, sometimes SHA-1). It is possible to set the hash scheme used by RSA certificates by editing the value of the
Cert.RSA.Compat.HashScheme=S: setting (under the
[Security] heading). Possible values for the string after the colon (
sha1. The default value is
md5 which works in most cases.
It is also possible to disable fallback compatibility code for older, or otherwise incompatible versions of the software. Do not disable fallback compatibility unless you know what you are doing. The default value is
The fallback compatibility code can be disabled by editing the
DisableVersionFallback=N: value (under the
[Security] heading) to