Tutorial - Creating and Manually Starting an SFTP Server

In this tutorial, you will:

  • Create an SFTP server.
  • Manually launch the server.
  • View server details.


By default, the following algorithms are enabled.

CategoryAlgorithms by order of preference, most preferred at the top
Key Exchange (KEX)
  • curve25519-sha256@libssh.org
  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521
  • diffie-hellman-group1-sha1 (deprecated)
  • diffie-hellman-group14-sha1 (deprecated)
Encryption (cipher)
  • aes128-gcm@openssh.com
  • chacha20-poly1305@openssh.com
  • aes128-ctr
  • aes192-ctr
  • aes256-ctr

The following ones can be enabled globally with the configuration parameter 'AllowLegacyCiphers', but still need to be enabled explicitly per server, see Tutorial - Use a Legacy Encryption Algorithm for an SFTP Partner

  • arcfour256
  • arcfour128
  • aes128-cbc
  • 3des-cbc
  • blowfish-cbc
MAC
  • hmac-sha2-256-etm@openssh.com
  • hmac-sha2-256
  • hmac-sha1 (deprecated)
  • hmac-sha1-96 (deprecated)
Host key
  • ecdsa-sha2-nistp256
  • ecdsa-sha2-nistp384
  • ecdsa-sha2-nistp521
  • rsa-sha2-512
  • rsa-sha2-256
  • ssh-rsa
  • ssh-dss
  • ssh-ed25519

Step 1

From the UDMG navigation pane, select Management > Servers. The Servers list displays.

Step 2

Click New. The Server Details displays.

  • In the Server Name field, enter stonebranch-sftp-01
  • In the Protocol field, select SFTP
  • In the IP Address field, enter 0.0.0.0
  • In the Port field, enter 4000
  • In the Root Directory field, enter data
  • In the Receive Directory field, enter sftp-01/in
  • In the Send Directory field, enter sftp-01/out
  • In the Temp Directory field, enter sftp-01/tmp
  • In the Member of Business Service, select one of the available Business Services. More business Services can be added after the rule is created. 

Step 3

Click Save and Confirm.

Step 4

Generate a host key (private SSH key) for the server, for example:

$ ssh-keygen -t rsa -b 4096 -C "stonebranch-cert-01" -m PEM -f "stonebranch-cert-01.crt" -N ""
Generating public/private rsa key pair.
Your identification has been saved in stonebranch-cert-01.crt.
Your public key has been saved in stonebranch-cert-01.crt.pub.
Step 5

Select the stonebranch-sftp-01 server from the Server list panel and click the Certificates tab.

Step 6

Click the Add Certificate button

Step 7

The Certificate Details displays.

  • In the Name field, enter stonebranch-cert-01.
  • In the Private Key field, select enter the content of the file stonebranch-cert-01.crt:


Step 8

Click Save and Confirm.

Step 9

The certificate record appears in the list:

Step 10

To see more details about a specific server key, click the View (eye icon) button.

The Key Details displays, showing the following:

  • algorithm
  • bits: size of the key, only for RSA
  • key type
  • the MD5 fingerprint
  • the SHA256 fingerprint
  • a clean authorized keyline, without any comment or host specification

If the record was just created or updated, click the Refresh button to reload the details.

Step 11

Adjust the SFTP Protocol configuration, if needed, by:

  • Restricting the allowed Key Exchange algorithms
  • Restricting the allowed Encryption (cipher) algorithms.
  • Restricting the allowed MAC algorithms.
  • Allowing file deletion.
  • Allowing file rename.
  • Enabling and configuring the host-based authentication method.

Click Save to register the changes.

Step 11

Start the server by clicking on the start (play icon) button:

Step 12

Click on the MFT Server Status button to show the list of running services.

The new server stonebranch-sftp-01 is listed and should appear with a green status which means there is now a SFTP server listening on the IP and port that we configured.

Step 13

The server status can be controlled with the following action buttons:

  • Enable: local server is set to start automatically when UDMG Server starts
  • Disable: local server is not starting automatically when UDMG Server starts
  • Start: initiate the start of the local server
  • Stop: request to stop the local server
  • Restart: request to stop and start the server
Step 14

Additional details can be attached to a local server. 

  • Description
  • Primary Contact Name
  • Primary Contact Phone
  • Primary Contact Email
  • Secondary Contact Name
  • Secondary Contact Phone
  • Secondary Contact Email
  • Customized fields

Go to the Details tab on the local server pane.

Fill in the needed details.

New fields can be added with the 'plus' button at the bottom of the form. A custom field is comprised of a key and value pair.

Press the Save button inside the tab to store the details.