SSH Access

Starting in S-Cz8.4.5 and later, and as a result of the change of SSH stack vendor, host certificates and stored keys will be regenerated / updated on first boot. You cannot use previous keys after upgrade. Specifically, any host keys which were cached in a client’s “known hosts” file do not match the new fingerprint, so manual steps are required to remove the stale entry and accept the new key.

SFTP Access

Supplementary administrators such as TACACS+ or RADIUS administrators no longer have write access to the /boot directory via SFTP. If a supplementary administrator needs to upload a boot image, use the /code/images directory and update the boot parameters to point to the uploaded file.

SSH Cipher Mapping

In S-Cz8.4.5 and later, the rijndael ciphers in the encr-algorithm attribute of the ssh-config element are mapped to their AES counterparts. Selecting rijndael128-cbc results in aes128-cbc. Selecting rijndael192-cbc results in aes192-cbc. Selecting rijndael256-cbc results in aes256-cbc.

Importing External SSH Host Keys

The OCCSM no longer supports importing externally generated SSH keys for use as the host key. If you want to regenerate the SSH host keys, you may use the command ssh-key private-key generate [rsa | dsa].

Data Partitions

Oracle recommends creating a single mount-point for data partitions, such as /mnt/app, and then using subfolders for specific purposes, such as /mnt/app/HDR or /mnt/app/CDR.

Minidump

The minidump file is no longer created during a crash. This change makes the other crash files more useful for debugging.

RADIUS Acme-User-Class

When the OCCSM uses RADIUS authentication in S-CZ8.4.5 and later, the Acme-User-Class VSA no longer supports the value SystemAdmin.

The value of Acme-User-Class must be lowercase: admin or user. Following the standard, the OCCSM rejects values with capitalization like Admin or User.