In this tutorial, you will:
- Allow the configuration of SFTP servers and partners with the legacy SFTP algorithms
- Configure an SFTP partner to explicitly enable the use of a legacy cipher algorithm.
Step 1 | Edit the UDMG Server configuration file and set the AllowLegacyCiphers parameter to true: [sftp] |
---|---|
Step 2 | Restart the MFT Waarp Gateway linux service. The legacy ciphers are globally allowed but not used by default.
|
Step 3 | Login to UDMG Admin UI and navigate to Management > Partners |
Step 4 | Create a new partner wftpserver with the address demo.wftpserver.com and port 2222 |
Step 5 | With a specific tool or with the verbose mode of sftp client, check what are the algorithm that the rmote partner is supporting for cipher algorithms. For example, with a linux sftp (OpenSSH_7.4p1): $ sftp -vv -c aes128-cbc -P 2222 demo.wftpserver.com 2>&1 |grep -A 6 'server KEXINIT proposal' |grep -v stoc debug2: peer server KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: host key algorithms: ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa debug2: ciphers ctos: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,chacha20-poly1305@openssh.com debug2: MACs ctos: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com This shows that several algorithms are supported for each category and especially the legacy ciphers 'aes128-cbc' and '3des-cbc'. |
Step 6 | On the UDMG Server panel, click on the Configuration tab. The gray dot on the tab shows that configuration is still the default, all available algorithms are supported by the server and proposed to the clients.
|
Step 7 | Click Save and Confirm. |
Step 8 | The partner configuration is updated, The green dot on the tab shows that the configuration is customized. |