1. Essentials Guide
  2. Introduction to the Core Session Manager S-CZ8.4.5
  3. Upgrade Information
  4. Upgrade and Downgrade Caveats

Upgrade and Downgrade Caveats

The following items provide key information about upgrading and downgrading with this software version.

Note:

Upgrading to this Release from releases earlier than S-CZ8.4.5:

The S-Cz8.4.5 release included significant changes that hardened the security posture of the CSM. These changes required your careful evaluation regarding functionality when upgrading to S-Cz8.4.5. These changes are also applicable to customers upgrading from releases prior to S-Cz8.4.5 to this release. Take care to review this information in the S-Cz8.4.0 Release Notes: Upgrade and Downgrade Caveats.

Update known_hosts File

While there are no usability changes to SSH and SFTP, the OCCSM will regenerate its SSH host certificate after upgrading to S-CZ8.4.5 from a previous version or downgrading from S-CZ8.4.5 to a previous version. Existing keys from prior releases will not work after the upgrade. To avoid warnings about mismatched fingerprints, remove the old host keys from the known_hosts file of a system that wants to connect to the OCCSM.

SSH Keys

Before upgrading to this release, delete any imported public keys using the ssh-pub-key delete <key-name> command. Because the commands for SSH key management have changed from 8.3 to 8.4, you will not be able to delete old 8.3-type SSH keys using 8.4 (or later) commands. After upgrading, re-import any required public keys. See "Manage SSH Keys" in the Configuration Guide.

SSH Keys and Push Receivers

The OCCSM acts as an SFTP client when push-receivers are configured. If you use push-receivers and upgrade to 8.4.0 or later:
  1. Because the OCCSM generates a new host key during an upgrade, the OCCSM's new host key needs to be copied to the authorized_keys file on the SFTP server.

    Use the command show security public-host-key rsa to view the OCCSM's new host key.

  2. Reimport the SFTP server's host key as a known-host into the OCCSM.

    See "SSH Key Management" in the Configuration Guide for importing a known-host key.

  3. In the push-receiver element, verify the public-key attribute is empty.

If you downgrade from 8.4.0 to a previous release, copy the public host key to the authorized_keys file of the SFTP server and reset the value of public-key in the push-receiver configuration element.