Other administrative tasks

This topic describes how to disable weak SSH ciphers, set up special services, and clear PulseUno caches.

Disable legacy SSH ciphers and MACs

If you have security concerns, you can modify the security configuration of the Git SSH server and disable SSH ciphers and MAC (message authentication code) algorithms that may be considered less secure.

To disable encryption and MAC algorithms:

  1. Create an ssh.xml file in your Git server's <git_data>\config directory. The file doesn't exist by default.

    Default locations:

    Windows C:\ProgramData\OpenText\PulseUno\git_data\config
    Linux /opt/opentext/pulseuno/data/git_data/config
  2. Copy the following code into the file. The <ciphers> element lists the supported SSH ciphers. The <mac> element lists the HMAC algorithms.

    Copy code
    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <ssh-config>
        <port>2222</port>
        <algorithm>EC</algorithm>
        <ciphers>chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc</ciphers>
        <compressions>none,zlib,zlib@openssh.com</compressions>
        <macs>hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1</macs>
        <signatures>ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,sk-ecdsa-sha2-nistp256@openssh.com,sk-ssh-ed25519@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa</signatures>
    </ssh-config>
  3. From the <ciphers> element, delete the ciphers you want to disable.

    For example, to disable the cbc ciphers, remove the last three entries:

    Copy code
    <ciphers>chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com</ciphers>
  4. From the <macs> element, delete the HMAC algorithms that you consider less secure.

  5. Save the ssh.xml file.

Disabled encryption algorithms are no longer supported for communication with the Git server.

Back to top

Set up special services

As an administrator, you can set up the servers that provide specialized services to PulseUno, such as Solutions Business Manager (SBM).

To configure an SBM server:

  1. Navigate to Administration > Servers.

  2. On the Servers page, enter the following details:

    SBM URL

    Enter the URL for the SBM user workspace, for example:

    http://sbm-server.example.com/tmtrack/tmtrack.dll?

    Email address domain suffix

    Enter the suffix that is automatically appended to usernames to form email addresses, for example:

    @example.com

  3. Click Save.

Back to top

Clear PulseUno caches

If you have made a configuration change and it is not visible, try clearing the relevant cache.

To clear a cache:

  1. Navigate to Administration > Caches.

  2. On the Caches page, click Clear next to the cache you want to empty:

    • Repository files cache

    • Avatar images cache

    • HTML file difference cache

  3. To clear all caches, click Clear All.

Back to top

See also: