Upgrading Previously Installed Tectia Client Software

	Note
	Before starting the upgrade, make backups of all configuration files where you have made modifications. See instructions in Backup of Configuration Files.

If you are running both Tectia Client and Tectia Server on the same machine, install the same release of each Tectia product, because there are dependencies between the common components.

Check if you have some Secure Shell software, for example earlier versions of Tectia products or OpenSSH server or client, running on the machine where you are planning to install the new Tectia versions.

Before installing Tectia Server on Unix platforms, stop any OpenSSH servers running on port 22, or change their listener port. You do not need to uninstall the OpenSSH software.

When upgrading on SUSE, also install the prerequisite packages:

# zypper install insserv-compat

The following table shows you which Tectia versions you need to uninstall before you can upgrade to Tectia Client 6.6. When upgrading versions marked upgrade on top, the earlier version is automatically removed during the upgrade procedure.

Table 2.2. Upgrade lines

Tectia version	AIX	HP-UX	Linux	Solaris	Windows
4.x	remove	remove	remove	remove	remove
5.x-6.0	upgrade on top	upgrade on top	upgrade on top	remove	remove
6.1-6.6	upgrade on top	upgrade on top	upgrade on top	remove	upgrade on top or remove if Transparent TCP Tunneling is installed

The configuration file format and file locations have been changed in Tectia Client 5.0 and the Unix DTD directories in version 6.2. Because of this, the configuration files behave differently when upgrading from 4.x and from 5.x-6.1 compared to when upgrading from 6.2 and later versions.

The 6.2-6.x configuration files are used by 6.6 as such and automatically taken into use.

Note

Any explicitly configured settings, for example Ciphers, MACs and KEXs will be retained when upgrading. These might include insecure algorithms such as SHA-1 in KEX, or in host key or public-key signature algorithms. Also, for example the Post Quantum Cryptography (PQC) Hybrid Key Exchange algorithms, that require the Tectia Quantum Safe Edition license, need to be prepended to any explicit KEX configuration(s) when upgrading from Tectia version 6.5 and below. Alternatively, the explicit configuration settings, for example all KEX algorithms, can be removed from the configuration to use the 6.6 defaults or the PQC hybrid KEX can be enforced.

The 5.x-6.1 configuration files are used by 6.6 as such and on Windows platforms automatically taken into use.

Note

Any explicitly configured settings, for example Ciphers and MACs will be retained when upgrading. These might include insecure algorithms. In Tectia 6.1 and earlier on Unix the default auxiliary data directory auxdata was located in /etc/ssh2/ssh-tectia/. If your Tectia Server configuration file (ssh-server-config.xml) or Tectia Client configuration file (ssh-broker-config.xml) was created for Tectia version 6.1 or earlier, please update its DOCTYPE declaration to contain the current path to the server configuration file DTD directory: /opt/tectia/share/auxdata/ssh-server-ng/ or the Connection Broker configuration file DTD directory: /opt/tectia/share/auxdata/ssh-broker-ng/.

The 4.x configuration files are not migrated to 6.6, but the default 6.6 configuration is used. However, the connection profiles are migrated from 4.x to 6.6 on Windows platforms.

When necessary, you can modify the configuration files by using the Tectia Connections Configuration GUI or by editing the XML configuration files manually with an ASCII text editor or an XML editor. Please see example files ssh-server-config-example.xml for Tectia Server and ssh-broker-config-example.xml for Tectia Client.

If you have the Transparent TCP Tunneling option installed, uninstall the previous version of the client before upgrading to the 6.6 Tectia Client and restart the computer after the uninstallation. See Removing from Windows .

	Note
	As of version 6.2.5 of Tectia Client, the Transparent TCP Tunneling option is no longer included in the Windows installation package. Transparent TCP Tunneling is available on Tectia ConnectSecure.

On Windows, a backup copy is automatically made of the earlier Tectia Client configuration files and stored in the user-specific directory:

"%APPDATA%\SSH\backup-<version>-<date>"

where <version> is the Tectia release and <date> is the date of the upgrade.