SFTP servers rely on several layers of tools and sub-applications to securely authenticate users and deliver files. In this post, we’ll cover the three most common areas where your SFTP server will use third-party applications, and provide links to resources for those applications.
SSH command libraries
We’ll start with the foundational network protocol that enables SFTP transfers: Secure Shell (SSH). The SSH protocol provides both authentication and transfer encryption, and can be implemented by installing the appropriate command libraries on your machine. Many SFTP servers, like Cerberus by Redwood, have SSH commands pre-installed and use a GUI to provide a more user-friendly experience. But if you are considering installing your own SSH package, the following resources may help:
- OpenSSH: One of the most popular SSH implementations due to its open-source foundation and length of time in the market. Cerberus SFTP Server builds its SSH connections via OpenSSH.
- SSH.NET: Another popular open-source SSH library, SSH.NET is primarily maintained by Microsoft.
- Libssh2: Another Microsoft-owned SSH library that is distributed as open-source and implemented in C.
You can find a number of other SSH libraries at the links below:
SSH key generators
Once you’ve installed your SSH library, you’re ready to create accounts and authenticate users for your SFTP server. Authentication is done through the creation and distribution of SSH keys, which consist of a shared public key and a secret private key. Note that SSH keys and SFTP keys are not always the same, as this blog discusses.
You can generate SSH keys in a number of ways. Cerberus FTP Server will generate SSH keys automatically and supports SFTP public key encryption. For use cases where you need to generate your own SSH or SFTP keys, you can run the ssh-keygen command from your SSH library or use the free, open-source PuTTYgen generator. More information on generating keys can be found on the OpenSSH keygen resources page.
Encryption algorithms
The nature of SSH allows SFTP servers to provide encryption flexibility to accommodate organizational security requirements for key generation and data transfer security. These encryption algorithms are typically negotiated and implemented by your SSH library, so you would rarely have to take any manual action beyond specifying the type of encryption you’d like to use in your SFTP server.
However, the resources below may help you understand these critical utilities for your SFTP server:
- OpenSSH keygen documentation
- Cerberus FTP Server supported key exchange, SSH2 ciphers and MAC algorithms
- Advanced Encryption Standard (AES) documentation
- Elliptic Curve encryption documentation for Diffie-Hellman
We hope that the above information has been helpful for your understanding of SFTP servers. If you have any questions, please contact our team.