Mario_Ecomail

Forum Replies Created

Viewing 15 posts - 1 through 15 (of 18 total)
  • Author
    Posts
  • in reply to: How secure is SFTP? #37832
    Mario_Ecomail
    Participant

    Hi pacman,

    Thank you so much for your help.

    I have a better understanding now of how it works, in case our customer asks back.

    Just one last question if I may. If I eventually purchase a certificate to secure the web portal – doesn’t look good for customers when Google displays the red warning on https -, can I use that same certificate to sign the SFTP transfers? or are they two different worlds?.

    Cheers.

    in reply to: How secure is SFTP? #37830
    Mario_Ecomail
    Participant

    Hi pacman,

    Thank you for your response, no worries.

    pacman wrote:


    If security is truly a concern, I would recommend upgrading Cerberus.

    That alone will make sure that you are protected against any security vulnerabilities in older releases.


    Yeah, I let management know and see what happens. 🙄

    Quote:

    It’s posted on the summary page from your screenshot you support at minimum 128-bit


    I’ve seen that SSH2 Cipher List can go up to 256bit, and just download a trial of the latest version and still it doesn’t go higher than 256 bit on SSH. Is it possible to set it higher?Importing a key or something.

    Quote:

    Your Cerberus log will display that information and you also configure the settings under Security>Advanced

    Example:

    CONNECT [ 28757] – SSH SFTP connection request accepted from XX.XXX.17.122

    INFO [ 28757] – Client Identification: SSH-2.0-phpseclib_0.2 (mcrypt, bcmath)

    CONNECT [ 28757] – Algorithm negotiation complete: Proceeding with key exchange

    CONNECT [ 28757] – Kex: ‘diffie-hellman-group1-sha1’ Host Key: ‘ssh-rsa’ C2S : ‘aes128-cbc, hmac-sha1-96, none’ S2C : ‘aes128-cbc, hmac-sha1-96, none’

    I can see that on my log

    Code:


    [1083] Client Identification: SSH-2.0-libssh2_1.7.0
    [1083] Algorithm negotiation complete: Proceeding with key exchange
    [1083] Kex: ‘diffie-hellman-group-exchange-sha256’ Host Key: ‘ssh-rsa’ C2S : ‘aes128-ctr, hmac-sha2-256, none’ S2C : ‘aes128-ctr, hmac-sha2-256, none’
    [1083] DH Key sizes: Server Public ‘2048’, Private ‘2047’, Client Public ‘2047’

    So I’m a bit confused here: If SSH2 is 128bit, as seen on my OP screenshot, how is that “DH Key size” seemes to be 2048 (more like the RSA certificate)?

    Quote:

    ssh-rsa is just the host key type

    C2S is client to Server, client -> server its supported ciphers and HMAC; S2C is server to client, it’s the info from Server.

    Diffie-Helman is the key exchange protocol. The other 3, in order, are cipher, HMAC, and compression.


    Sorry, I have to say that I don’t get this. I’m not sure I understand the different protocols, neither I’m sure what our customer “wants to see”, if I show them the “RSA 2048” they are happy. If I show them the “Diffie Helman 256”, they may not. :|

    Quote:

    You will just a want a single domain certificate, they are pretty much the same wherever you get it from.


    Understood, I know there are different kinds of them depending on validation, but I wasn’t sure about their strength / complexity.

    Again thank you for your help.

    in reply to: Smarter session reports #37186
    Mario_Ecomail
    Participant

    Thank you Serin,

    I’ll look into it when you release it.

    in reply to: Username variable not displayed correctly #37108
    Mario_Ecomail
    Participant

    Hi Serin,

    Just updated to 7.0.8.1 and seems to be corrected.

    I’ll make a couple more tests to be sure.

    Thank you.

    in reply to: Blocked IP Reporting #37099
    Mario_Ecomail
    Participant

    I’d like to see that too.

    At the moment I just collect IP and date of the blocked IP event with a MSDOS script that writes that information into a notepad.

    Then once a month manually move that txt into a database for reporting.

    It would be very useful to have that information available easier.

    in reply to: Username variable not displayed correctly #37107
    Mario_Ecomail
    Participant

    Yes in this case I was talking purely about the email subject for a logoff event.

    Now I’m curious about the other option you mention. I’ll have a look.

    in reply to: Username variable not displayed correctly #37105
    Mario_Ecomail
    Participant

    Hi Serin,

    The email subject was already customized in previous releases (that’s why it’s written in spanish).

    Anyway, I’ll wait for that release.

    Thank you.

    in reply to: Customize Statistics report #37072
    Mario_Ecomail
    Participant

    Thanks Serin,

    Hope they become available soon.

    in reply to: unable to write the data into the already existing folder #37030
    Mario_Ecomail
    Participant

    Your command is always trying to create the directory even if it exists. So you have to detect if it exists or not before uploading.

    Try something like this instead of your line of [2014-11-09 14:45:49]:COMMAND [ 425] – [waterlevelprobecph] MKD watermeasures :

    Code:

    IF NOT EXIST . (mkdir .)

    There’s no “ELSE” cause if the direcotry already exists then you’re good to go.

    in reply to: Trigger event after some time #37024
    Mario_Ecomail
    Participant

    Hi,

    Thanks for your response.

    I did a small script in dos using “forfiles”

    something like:

    Code:

    @echooff

    cd

    forfiles /d -3 /c “cmd /c del @file”
    exit

    This wil delete files older than 3 days, so it gives me some time to download the files, use them and prepare the folder for the next use.

    WARNING: This script deletes without confirmation use “/P” to ask for confirmation or a “pause” at the end to see what happened.

    in reply to: SMTP Error #36997
    Mario_Ecomail
    Participant

    Eventually I find out that it was a Firewall problem.

    Thank you for your help!

    in reply to: SMTP Error #36996
    Mario_Ecomail
    Participant

    Hi Serin,

    Thank you for the reply:

    Connection is made with TLS/SSL to port 465 with authentication.

    It’s been working fine since installation.

    Right now I can’t tell exactly if this is happening since a firewall update, or a software update so can’t give more details about it.

    If our mail provided changed the config I will contact them after clearing our side.

    How do I open a support ticket?

    Thank you.

    PS: I just tested the “Test” button in the Targets panel and… it works fine. But the email report it’s still stuck.

    in reply to: File transfer summary email #36894
    Mario_Ecomail
    Participant

    Serin wrote:

    […] client is actually establishing multiple sessions with the server. Many SFTP and FTP clients do that in the background.


    Yep,I was thinking something like that.

    Thanks for your help!.

    in reply to: File transfer summary email #36892
    Mario_Ecomail
    Participant

    Well that finally made de trick.

    It seems though that it is working kind of weird. Because the client is allowed for multiple simultaneous uploads (4 actually), I sometimes get a session report for the files uploaded during an upload session, which may not be the “full” session. (i.e: If the client uploaded 50 files, I might get 4 session report emails, reporting 10-13 files each)

    So far I can live with it.

    BTW: Is the email customizable in any way?

    Thank you.

    in reply to: File transfer summary email #36891
    Mario_Ecomail
    Participant

    You mean here right? (just in case)

    https://s30.postimg.org/rkk5isuvl/FTP_Session_2.jpg

    That must be it.

    I have it disabled, didn’t want to run a database on this server. But if it’s the only way I’ll might reconsider it.

    Does it only works with an SQL Server, or a MySQL will do?

    Thank you for your help

    EDIT: I see now this post: https://www.cerberusftp.com/support/help/report-database-configuration.html. Never heard about the LocalDB, but if you recommend it I’ll give it a try. The number of clients connecting to the server is quite small so large DB is not neccessary, that’s why I thought of MySQL.

Viewing 15 posts - 1 through 15 (of 18 total)