Forum Replies Created
-
Posts
-
Hi pacman, Thank you so much for your help.
I have a better understanding now of how it works, in case our customer asks back.
Just one last question if I may. If I eventually purchase a certificate to secure the web portal – doesn’t look good for customers when Google displays the red warning on https -, can I use that same certificate to sign the SFTP transfers? or are they two different worlds?.
Cheers.
Hi pacman, Thank you for your response, no worries.
pacman wrote:
If security is truly a concern, I would recommend upgrading Cerberus.That alone will make sure that you are protected against any security vulnerabilities in older releases.
Yeah, I let management know and see what happens.🙄 Quote:It’s posted on the summary page from your screenshot you support at minimum 128-bit
I’ve seen that SSH2 Cipher List can go up to 256bit, and just download a trial of the latest version and still it doesn’t go higher than 256 bit on SSH. Is it possible to set it higher?Importing a key or something.Quote:Your Cerberus log will display that information and you also configure the settings under Security>Advanced
Example:
CONNECT [ 28757] – SSH SFTP connection request accepted from XX.XXX.17.122
INFO [ 28757] – Client Identification: SSH-2.0-phpseclib_0.2 (mcrypt, bcmath)
CONNECT [ 28757] – Algorithm negotiation complete: Proceeding with key exchangeCONNECT [ 28757] – Kex: ‘diffie-hellman-group1-sha1’ Host Key: ‘ssh-rsa’ C2S : ‘aes128-cbc, hmac-sha1-96, none’ S2C : ‘aes128-cbc, hmac-sha1-96, none’
I can see that on my log
Code:
[1083] Client Identification: SSH-2.0-libssh2_1.7.0
[1083] Algorithm negotiation complete: Proceeding with key exchange
[1083] Kex: ‘diffie-hellman-group-exchange-sha256’ Host Key: ‘ssh-rsa’ C2S : ‘aes128-ctr, hmac-sha2-256, none’ S2C : ‘aes128-ctr, hmac-sha2-256, none’
[1083] DH Key sizes: Server Public ‘2048’, Private ‘2047’, Client Public ‘2047’So I’m a bit confused here: If SSH2 is 128bit, as seen on my OP screenshot, how is that “DH Key size” seemes to be 2048 (more like the RSA certificate)?
Quote:ssh-rsa is just the host key type
C2S is client to Server, client -> server its supported ciphers and HMAC; S2C is server to client, it’s the info from Server.
Diffie-Helman is the key exchange protocol. The other 3, in order, are cipher, HMAC, and compression.
Sorry, I have to say that I don’t get this. I’m not sure I understand the different protocols, neither I’m sure what our customer “wants to see”, if I show them the “RSA 2048” they are happy. If I show them the “Diffie Helman 256”, they may not.
Quote:You will just a want a single domain certificate, they are pretty much the same wherever you get it from.
Understood, I know there are different kinds of them depending on validation, but I wasn’t sure about their strength / complexity.Again thank you for your help.
Hi Serin, Just updated to 7.0.8.1 and seems to be corrected.
I’ll make a couple more tests to be sure.
Thank you.
I’d like to see that too. At the moment I just collect IP and date of the blocked IP event with a MSDOS script that writes that information into a notepad.
Then once a month manually move that txt into a database for reporting.
It would be very useful to have that information available easier.
Yes in this case I was talking purely about the email subject for a logoff event. Now I’m curious about the other option you mention. I’ll have a look.
Hi Serin, The email subject was already customized in previous releases (that’s why it’s written in spanish).
Anyway, I’ll wait for that release.
Thank you.
Your command is always trying to create the directory even if it exists. So you have to detect if it exists or not before uploading. Try something like this instead of your line of
[2014-11-09 14:45:49]:COMMAND [ 425] – [waterlevelprobecph] MKD watermeasures:
Code:IF NOT EXIST
. (mkdir .) There’s no “ELSE” cause if the direcotry already exists then you’re good to go.
Hi, Thanks for your response.
I did a small script in dos using “forfiles”
something like:
Code:@echooff
cd
forfiles /d -3 /c “cmd /c del @file”
exitThis wil delete files older than 3 days, so it gives me some time to download the files, use them and prepare the folder for the next use.
WARNING: This script deletes without confirmation use “/P” to ask for confirmation or a “pause” at the end to see what happened.
Hi Serin, Thank you for the reply:
Connection is made with TLS/SSL to port 465 with authentication.
It’s been working fine since installation.
Right now I can’t tell exactly if this is happening since a firewall update, or a software update so can’t give more details about it.
If our mail provided changed the config I will contact them after clearing our side.
How do I open a support ticket?
Thank you.
PS: I just tested the “Test” button in the Targets panel and… it works fine. But the email report it’s still stuck.
Serin wrote:[…] client is actually establishing multiple sessions with the server. Many SFTP and FTP clients do that in the background.
Yep,I was thinking something like that.Thanks for your help!.
Well that finally made de trick. It seems though that it is working kind of weird. Because the client is allowed for multiple simultaneous uploads (4 actually), I sometimes get a session report for the files uploaded during an upload session, which may not be the “full” session. (i.e: If the client uploaded 50 files, I might get 4 session report emails, reporting 10-13 files each)
So far I can live with it.
BTW: Is the email customizable in any way?
Thank you.
You mean here right? (just in case) https://s30.postimg.org/rkk5isuvl/FTP_Session_2.jpg That must be it.
I have it disabled, didn’t want to run a database on this server. But if it’s the only way I’ll might reconsider it.
Does it only works with an SQL Server, or a MySQL will do?
Thank you for your help
EDIT: I see now this post:
https://www.cerberusftp.com/support/help/report-database-configuration.html
