...
By default, the following algorithms are enabled.
Category | Algorithms by order of preference, most preferred at the top |
---|
Key Exchange (KEX) | - curve25519-sha256@libssh.org
- ecdh-sha2-nistp256
- ecdh-sha2-nistp384
- ecdh-sha2-nistp521
- diffie-hellman-group1-sha1 (deprecated)
- diffie-hellman-group14-sha1 (deprecated)
|
---|
Encryption (cipher) | - aes128-gcm@openssh.com
- chacha20-poly1305@openssh.com
- aes128-ctr
- aes192-ctr
- aes256-ctr
The following ones can be enabled globally with the configuration parameter 'AllowLegacyCiphers', but still need to be enabled explicitly per server, see Tutorial - Use a Legacy Encryption Algorithm for an SFTP Partner - arcfour256
- arcfour128
- aes128-cbc
- 3des-cbc
- blowfish-cbc
|
---|
MAC | - hmac-sha2-256-etm@openssh.com
- hmac-sha2-256
- hmac-sha1 (deprecated)
- hmac-sha1-96 (deprecated)
|
---|
Host key | - ecdsa-sha2-nistp256
- ecdsa-sha2-nistp384
- ecdsa-sha2-nistp521
- rsa-sha2-512
- rsa-sha2-256
- ssh-rsa
- ssh-dss
- ssh-ed25519
|
---|
Step 1 | From the UDMG navigation pane, select Management > Servers. The Servers list displays. |
---|
Step 2 | Click New. The Server Details displays. - In the Server Name field, enter stonebranch-sftp-01
- In the Protocol field, select SFTP
- In the IP Address field, enter 0.0.0.0
- In the Port field, enter 4000
- In the Root Directory field, enter data
- In the Receive Directory field, enter sftp-01/in
- In the Send Directory field, enter sftp-01/out
- In the Temp Directory field, enter sftp-01/tmp
- In the Member of Business Service, select one of the available Business Services. More business Services can be added after the rule is created.
![](https://stonebranchdocs.atlassian.net/wiki/download/thumbnails/320734738/TCM1.png?version=1&modificationDate=1699023261053&cacheVersion=1&api=v2&width=484)
|
---|
Step 3 | Click Save and Confirm. |
---|
Step 4 | Generate a host key (private SSH key) for the server, for example: Code Block |
---|
$ ssh-keygen -t rsa -b 4096 -C "stonebranch-cert-01" -m PEM -f "stonebranch-cert-01.crt" -N ""
Generating public/private rsa key pair.
Your identification has been saved in stonebranch-cert-01.crt.
Your public key has been saved in stonebranch-cert-01.crt.pub. |
|
---|
Step 5 | Select the stonebranch-sftp-01 server from the Server list panel and click the Certificates tab. ![](https://stonebranchdocs.atlassian.net/wiki/download/thumbnails/320734738/TCM2.png?version=1&modificationDate=1699023260780&cacheVersion=1&api=v2&height=150)
|
---|
Step 6 | Click the Add Certificate button |
---|
Step 7 | The Certificate Details displays. - In the Name field, enter stonebranch-cert-01.
- In the Private Key field, select enter the content of the file stonebranch-cert-01.crt:
![](https://stonebranchdocs.atlassian.net/wiki/download/attachments/320734738/server_cert_new2.png?version=1&modificationDate=1699023258954&cacheVersion=1&api=v2)
|
---|
Step 8 | Click Save and Confirm. |
---|
Step 9 | The certificate record appears in the list: ![](https://stonebranchdocs.atlassian.net/wiki/download/thumbnails/320734738/server_key_list.png?version=1&modificationDate=1699023263936&cacheVersion=1&api=v2&height=250)
|
---|
Step 10 | To see more details about a specific server key, click the View (eye icon) button. The Key Details displaysrecord details popup is displayed, showing the following: - algorithm
- bits: the size of the key, only for RSA
- key type
- the MD5 fingerprint
- the SHA256 fingerprint
- a clean authorized keyline, without any comment or host specification
![](https://stonebranchdocs.atlassian.net/wiki/download/thumbnails/320734738/server_key_details.png?version=1&modificationDate=1699023263661&cacheVersion=1&api=v2&height=400)
If the record was just created or updated, click the Refresh button to reload the details. |
---|
Step 11 | Adjust the SFTP Protocol configuration, if needed, by: - Restricting the allowed Key Exchange algorithms
- Restricting the allowed Encryption (cipercipher) algorithms.
- Restricting the allowed MAC algorithms.
- Allowing file deletion.
- Allowing file rename.
- Enabling and configuring the host-based authentication method.
![](https://stonebranchdocs.atlassian.net/wiki/download/thumbnails/320734738/sftp_protocol_config.png?version=1&modificationDate=1699023258645&cacheVersion=1&api=v2&height=400)
Click Save to register the changes. The changes are effective after a restart of the local server. |
---|
Step 11 | Start the server by clicking on the start (play icon) button: ![](https://stonebranchdocs.atlassian.net/wiki/download/thumbnails/320734738/TCM5.png?version=1&modificationDate=1699023259834&cacheVersion=1&api=v2&width=852)
|
---|
Step 12 | Click on the MFT Server Status button to show the list of running services. The new server stonebranch-sftp-01 is listed and should appear with a green status which means there is now a SFTP server listening on the IP and port that we configured. ![](https://stonebranchdocs.atlassian.net/wiki/download/thumbnails/320734738/TCM6.png?version=1&modificationDate=1699023259449&cacheVersion=1&api=v2&height=400)
|
---|
Step 13 | The server status can be controlled with the following action buttons: ![](https://stonebranchdocs.atlassian.net/wiki/download/thumbnails/320734738/TCM.png?version=1&modificationDate=1699023259220&cacheVersion=1&api=v2&width=194)
- Enable: local server is set to start automatically when UDMG Server starts
- Disable: local server is not starting automatically when UDMG Server starts
- Start: initiate the start of the local server
- Stop: request to stop the local server
- Restart: request to stop and start the server
|
---|
Step 14 | Additional details can be attached to a local server. - Description
- Primary Contact Name
- Primary Contact Phone
- Primary Contact Email
- Secondary Contact Name
- Secondary Contact Phone
- Secondary Contact Email
- Customized fields
Go to the Details tab on the local server pane. ![](https://stonebranchdocs.atlassian.net/wiki/download/thumbnails/320734738/extended_info.png?version=1&modificationDate=1699023263335&cacheVersion=1&api=v2&height=400)
Fill in the needed details. New fields can be added with the 'plus' button at the bottom of the form. A custom field is comprised of a key and value pair. Press the Save button inside the tab to store the details. |
---|
...