At line 1 changed 7 lines |
SFTP, SCP, and SSH Tunneling are supported in CrushFTP. A shell is not allowed as its often the method used in exploits. A shell has no purpose in file transfer. |
|
[Public / Private| UserManagerRestrictionsSSH] key authentication is supported too. The ciphers can be customized to prevent wasted CPU usage from inefficient ciphers. |
|
By default, there is an Idle Timeout set to 300 sec (5 min). Go to the SSH tab in the IP/Servers to change. In order for this change to take effect, you must restart the server for the IP. |
|
[attachments|sftp_ssh.png] |
A [RFC|https://www.sftp.net/servers] compliant pure __SFTP/SCP__ server implementation. SSH [Tunneling|tunnels] is supported in CrushFTP. An SSH shell is __not allowed__ as its often the method used in exploits. A shell has no purpose in file transfer.\\ |
\\ |
[Public / Private| UserManagerRestrictionsSSH] key authentication is supported too. The ciphers can be customized to prevent wasted CPU usage from inefficient ciphers.\\ |
\\ |
By default, there is an SFTP server listener configured with __compatible defaults__ bound to port __2222__ readily available on first deploy.\\ |
\\ |
\\ |
\\ |
[{Image src='sftp_ssh2.jpg' width='1140' height='..' align='left' style='..' class='..' }]\\ |
\\ |
!Supported ciphers: |
{{{ |
aes128-ctr,aes192-ctr,aes256-ctr,3des-ctr,3des-cbc,blowfish-cbc,arcfour,arcfour128,arcfour256,aes128-gcm@openssh.com,aes256-gcm@openssh.com |
}}} |
''aes128-cbc,aes192-cbc,aes256-cbc,chacha20-poly1305@openssh.com are also supported but not recommended due to their known insecurity.''\\ |
\\ |
!Supported KEX: |
{{{ |
curve25519-sha2@libssh.org,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group18-sha512,diffie-hellman-group17-sha512,diffie-hellman-group16-sha512,diffie-hellman-group15-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha1 |
}}} |
''diffie-hellman-group1-sha1 is also supported but it is not considered secure.''\\ |
\\ |
!Supported MACs: |
{{{ |
hmac-sha256,hmac-sha2-256,hmac-sha256@ssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-256-96,hmac-sha512,hmac-sha2-512,hmac-sha512@ssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-512-96,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-md5,hmac-md5-etm@openssh.com,hmac-md5-96 |
}}} |