SSH2 SFTP Setup

SSH SFTP Support and Cerberus FTP Server

Cerberus FTP Server Professional edition and higher supports the SSH2 File Transfer Protocol, also known as SFTP. SFTP is a network protocol that provides secure and reliable file access, file transfer, and file management functionality. Features of the protocol include resuming interrupted file transfers, directory listings, getting and setting file attributes, and remote file removal.

There are currently 6 different versions of the SFTP protocol, with versions 3 – 6 being in common use by modern SFTP clients. Cerberus supports SFTP version 3,4,5 and 6 clients.

Cerberus also supports SSH public key authentication.

Supported SSH2 Key Exchange Methods

Cerberus supports both Diffie-Hellman and Elliptic Curve Diffie-Hellman (ECDH) SSH2 key exchange methods. The following exchange methods are supported:

  • diffie-hellman-group1-sha1
  • diffie-hellman-group14-sha1
  • diffie-hellman-group-exchange-sha1
  • diffie-hellman-group-exchange-sha256
  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521

Supported SSH2 Ciphers

The following SSH ciphers are supported:

  • des (disabled by default)
  • 3des-cbc
  • aes256-cbc
  • aes192-cbc
  • aes128-cbc
  • aes256-ctr
  • aes192-ctr
  • aes128-ctr

Supported SSH2 MAC Algorithms

The following SSH MAC algorithms are supported:

  • hmac-md5 (disabled in FIPS mode)
  • hmac-sha1
  • hmac-sha1-96
  • hmac-sha2-256,
  • hmac-sha2-256-96
  • hmac-sha2-512
  • hmac-sha2-512-96
  • hmac-ripemd160 (disabled in FIPS mode)
  • hmac-ripemd160@openssh.com (disabled in FIPS mode)

Adding an SSH2 SFTP Listener

You must first have at least one SFTP listener for Cerberus to be able to accept SFTP connections. Cerberus FTP Server will automatically add and enable SFTP listeners on each available IP address the first time it is run so you normally do not need to add an SFTP listener. However, if you’ve previously removed an SFTP listener you can add a new one from the Interfaces page of the Server Manager.

To add a new SFTP listener:

  1. Open the Server Manager
  2. Select the Interfaces page
  3. Select the “plus” icon next to the interface list box to add a new interface. The “Add New Listener” dialog box will appear to ask for the interface details (interface IP, type, and port combination)
  4. Select the IP address that you want to listen for connections on
  5. Select the SSH SFTP interface type
  6. Enter the port you wish to listen on (the default for SSH2 SFTP is 22). Cerberus will automatically pre-populate the port with the default port for the type of listener you are adding
  7. Press the Add button to add the listener
  8. The listener should now be added to the Interfaces list. Press Ok to close the Server Manager and save your changes.

Allowing SSH2 SFTP Connections through a Firewall

SFTP connections use port 22 by default. You may need to allow that port through your firewall to the machine running Cerberus FTP Server. You may also need to make sure your router is forwarding incoming connections on that port to the machine running Cerberus FTP Server.

Enabling or Disabling Existing SFTP Listeners

In addition to adding and deleting interfaces, Cerberus allows an administrator to disable or enable an existing interface. This feature can be used to temporarily disable a listener or to re-enable a listener that has become disabled because of a port conflict or trial license expiration.

See the following help section on Interfaces for information on how to enable or disable an existing listener:

Enabling or disabling SFTP interfaces

Close Cart

Shopping Cart