Other administrative tasks

This topic describes how to deactivate weak SSH ciphers, set up special services, and clear PulseUno caches.

Deactivate legacy SSH ciphers and MACs

If you have security concerns, you can modify the security configuration of the Git SSH server and deactivate SSH ciphers and MAC (message authentication code) algorithms that may be considered less secure.

To deactivate encryption and MAC algorithms:

Create an ssh.xml file in your Git server's <git_data>\config directory. The file doesn't exist by default.

Default locations:

Operating system	Location
Windows	C:\ProgramData\OpenText\PulseUno\git_data\config
Linux	/opt/opentext/pulseuno/data/git_data/config

Copy the following code into the file. The <ciphers> element lists the supported SSH ciphers. The <mac> element lists the HMAC algorithms.

Copy code

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ssh-config>
    <port>2222</port>
    <algorithm>EC</algorithm>
    <ciphers>chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc</ciphers>
    <compressions>none,zlib,zlib@openssh.com</compressions>
    <macs>hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1</macs>
    <signatures>ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,sk-ecdsa-sha2-nistp256@openssh.com,sk-ssh-ed25519@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa</signatures>
</ssh-config>

From the <ciphers> element, delete the ciphers you want to deactivate.

For example, to deactivate the cbc ciphers, remove the last three entries:
Copy code
```
<ciphers>chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com</ciphers>
```
From the <macs> element, delete the HMAC algorithms that you consider less secure.
Save the ssh.xml file.

Deactivated encryption algorithms are no longer supported for communication with the Git server.

Set up special services

As an administrator, you can set up the servers that provide specialized services to PulseUno, such as Solutions Business Manager (SBM).

To configure an SBM server:

Go to Administration > Servers.

On the Servers page, enter the following details:

Field	Description
SBM URL	Enter the URL for the SBM user workspace, for example: http://sbm-server.example.com/tmtrack/tmtrack.dll?
Email address domain suffix	Enter the suffix that is automatically appended to usernames to form email addresses, for example: @example.com

Field

Description

SBM URL

Enter the URL for the SBM user workspace, for example:

http://sbm-server.example.com/tmtrack/tmtrack.dll?

Email address domain suffix

Enter the suffix that is automatically appended to usernames to form email addresses, for example:

@example.com

Click Save.

Clear PulseUno caches

If you have made a configuration change and it is not visible, try clearing the relevant cache.

To clear a cache:

Go to Administration > Caches.
On the Caches page, click Clear next to the cache you want to empty:
- Repository files cache
- Avatar images cache
- HTML file difference cache
To clear all caches, click Clear All.