SFTP Connection Security Requirements

Updated on 12 Mar 2024
2 Minutes to read
Contributors

Article summary

Did you find this summary helpful?

Thank you for your feedback

Article details:

Access to the InterProse SFTP server must meet certain security requirements.

Please consult with your technical resources to verify that the methods you or your clients are using to connect to an InterProse SFTP such as a SFTP client host like WinSCP or FileZilla server match one of those listed here.

If you experience SFTP challenges, please contact support.

Key Exchange Algorithms

`kex-strict-s-v00@openssh.com`		Unknown
`diffie-hellman-group14-sha256`	Diffie-Hellman with 2048-bit Oakley Group 14 with SHA-256 hash Oakley Group 14 should be secure for now.	Secure
`diffie-hellman-group16-sha512`	Diffie-Hellman with 4096-bit MODP Group 16 with SHA-512 hash	Secure
`diffie-hellman-group18-sha512`	Diffie-Hellman with 8192-bit MODP Group 18 with SHA-512 hash	Secure
`diffie-hellman-group-exchange-sha256`	Diffie-Hellman with MODP Group Exchange with SHA-256 hash	Secure
`curve25519-sha256`	Elliptic Curve Diffie-Hellman on Curve25519 with SHA-256 hash	Secure
`curve25519-sha256@libssh.org`	Elliptic Curve Diffie-Hellman on Curve25519 with SHA-256 hash	Secure
`ecdh-sha2-nistp256`	Elliptic Curve Diffie-Hellman on NIST P-256 curve with SHA-256 hash Possible NSA backdoor.	Secure
`ecdh-sha2-nistp384`	Elliptic Curve Diffie-Hellman on NIST P-384 curve with SHA-384 hash Possible NSA backdoor.	Secure
`ecdh-sha2-nistp521`	Elliptic Curve Diffie-Hellman on NIST P-521 curve with SHA-512 hash Possible NSA backdoor.	Secure
`diffie-hellman-group14-sha1`	Diffie-Hellman with 2048-bit Oakley Group 14 with SHA-1 hash SHA-1 is becoming obsolete, consider using SHA-256 version.	Weak

Server Host Key Algorithms

`ssh-ed25519`	Ed25519, an Edwards-curve Digital Signature Algorithm (EdDSA)	Secure
`ecdsa-sha2-nistp256`	Elliptic Curve Digital Signature Algorithm (ECDSA) on NIST P-256 curve with SHA-256 hash Possible NSA backdoor.	Secure
`rsa-sha2-256`	RSA with SHA-256 hash	Secure
`rsa-sha2-512`	RSA with SHA-512 hash	Secure
`ssh-rsa`	RSA with SHA-1 hash SHA-1 is becoming obsolete.	Weak

Encryption Algorithms

`chacha20-poly1305@openssh.com`	256-bit ChaCha20 with Poly1305 authenticator by OpenSSH	Secure
`aes256-gcm@openssh.com`	AES with 256-bit key in GCM mode by OpenSSH	Secure
`aes128-gcm@openssh.com`	AES with 128-bit key in GCM mode by OpenSSH	Secure
`aes256-ctr`	AES with 256-bit key in CTR mode	Secure
`aes128-ctr`	AES with 128-bit key in CTR mode	Secure
`aes256-cbc`	AES with 256-bit key in CBC mode A vulnerability exists in SSH messages that employ CBC mode that may allow an attacker to recover plaintext from a block of ciphertext.	Weak
`aes128-cbc`	AES with 128-bit key in CBC mode A vulnerability exists in SSH messages that employ CBC mode that may allow an attacker to recover plaintext from a block of ciphertext.	Weak
`3des-cbc`	TripleDES with 192-bit key (112-bit effective security) in CBC mode 3DES is very inefficient.	Weak

MAC Algorithms

`hmac-sha2-256-etm@openssh.com`	Hash-based MAC using SHA-256 (Encrypt-then-MAC) by OpenSSH	Secure
`umac-128-etm@openssh.com`	128-bit Universal Hashing MAC (Encrypt-then-MAC) by OpenSSH	Secure
`hmac-sha2-512-etm@openssh.com`	Hash-based MAC using SHA-512 (Encrypt-then-MAC) by OpenSSH	Secure
`hmac-sha2-256`	Hash-based MAC using SHA-256	Secure
`umac-128@openssh.com`	128-bit Universal Hashing MAC by OpenSSH	Secure
`hmac-sha2-512`	Hash-based MAC using SHA-512	Secure
`hmac-sha1-etm@openssh.com`	Hash-based MAC using SHA-1 (Encrypt-then-MAC) by OpenSSH SHA-1 is becoming deprecated - consider replacing with SHA-256 or SHA-512.	Weak
`hmac-sha1`	Hash-based MAC using SHA-1 SHA-1 is becoming deprecated - consider replacing with SHA-256 or SHA-512.	Weak

Compression Algorithms

`none`	No compression	Unknown
`zlib@openssh.com`	zlib compression by OpenSSH	Unknown

Server Public Keys

rsa-sha2-512

Key size:	2048bit
MD5 Fingerprint:	`59:cb:c3:a9:78:81:61:a7:b7:e0:27:f7:b3:e4:f6:b4`
SHA-256 Fingerprint:	`iE4mfKOMNZVzInEWJGGBYo7JFsRipx+Tg+ZTQZTFVrc`
Public key:	`---- BEGIN SSH2 PUBLIC KEY ---- Comment: "Saved by Rebex SSH" AAAAB3NzaC1yc2EAAAADAQABAAABAQChQVvNQT17takDkGMZbNYxy8zEO4/BxlBe 2vweecnn7GHhE5uLvePOC79lJtdQCROFnSPPIk9hCOROZCgOxzZ/N17RWDKuwISh yl3EqJpKLVmQKqmADtPyx4I3sZA1aR/7Q4l1Pp5x+C1HY2y9zfklZiA38rOJQPlv tF9U6bSlLgke+QLCuUdJub/tlY2LJVpNLnp3QwOcyZXU1FL9cs3ZVkVJWoqZ+xZ/ X34hOwBzfGxFqkW3qFHyuPNWUkuD0EnnXYhH61RO4eRwsQLBfMwhDlQDRLxyX0lA YGsaG33gSpSZDtpGV8LBibYzzdXWAKpDoqf9PP0A3xzphAJogAPt ---- END SSH2 PUBLIC KEY ----`

rsa-sha2-256

Key size:	2048bit
MD5 Fingerprint:	`59:cb:c3:a9:78:81:61:a7:b7:e0:27:f7:b3:e4:f6:b4`
SHA-256 Fingerprint:	`iE4mfKOMNZVzInEWJGGBYo7JFsRipx+Tg+ZTQZTFVrc`
Public key:	`---- BEGIN SSH2 PUBLIC KEY ---- Comment: "Saved by Rebex SSH" AAAAB3NzaC1yc2EAAAADAQABAAABAQChQVvNQT17takDkGMZbNYxy8zEO4/BxlBe 2vweecnn7GHhE5uLvePOC79lJtdQCROFnSPPIk9hCOROZCgOxzZ/N17RWDKuwISh yl3EqJpKLVmQKqmADtPyx4I3sZA1aR/7Q4l1Pp5x+C1HY2y9zfklZiA38rOJQPlv tF9U6bSlLgke+QLCuUdJub/tlY2LJVpNLnp3QwOcyZXU1FL9cs3ZVkVJWoqZ+xZ/ X34hOwBzfGxFqkW3qFHyuPNWUkuD0EnnXYhH61RO4eRwsQLBfMwhDlQDRLxyX0lA YGsaG33gSpSZDtpGV8LBibYzzdXWAKpDoqf9PP0A3xzphAJogAPt ---- END SSH2 PUBLIC KEY ----`

ssh-rsa

Key size:	2048bit
MD5 Fingerprint:	`59:cb:c3:a9:78:81:61:a7:b7:e0:27:f7:b3:e4:f6:b4`
SHA-256 Fingerprint:	`iE4mfKOMNZVzInEWJGGBYo7JFsRipx+Tg+ZTQZTFVrc`
Public key:	`---- BEGIN SSH2 PUBLIC KEY ---- Comment: "Saved by Rebex SSH" AAAAB3NzaC1yc2EAAAADAQABAAABAQChQVvNQT17takDkGMZbNYxy8zEO4/BxlBe 2vweecnn7GHhE5uLvePOC79lJtdQCROFnSPPIk9hCOROZCgOxzZ/N17RWDKuwISh yl3EqJpKLVmQKqmADtPyx4I3sZA1aR/7Q4l1Pp5x+C1HY2y9zfklZiA38rOJQPlv tF9U6bSlLgke+QLCuUdJub/tlY2LJVpNLnp3QwOcyZXU1FL9cs3ZVkVJWoqZ+xZ/ X34hOwBzfGxFqkW3qFHyuPNWUkuD0EnnXYhH61RO4eRwsQLBfMwhDlQDRLxyX0lA YGsaG33gSpSZDtpGV8LBibYzzdXWAKpDoqf9PP0A3xzphAJogAPt ---- END SSH2 PUBLIC KEY ----`

ecdsa-sha2-nistp256

Key size:	256bit
MD5 Fingerprint:	`d1:19:d1:ae:da:a9:d6:20:fd:84:e8:ff:03:f6:d2:93`
SHA-256 Fingerprint:	`wn90sbJCc8b16PwdjHvYo018YPjdVJhaWsSIIjCZWD0`
Public key:	`---- BEGIN SSH2 PUBLIC KEY ---- Comment: "Saved by Rebex SSH" AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJ4ZctHWN8Is i6yLzQQuUJDgFX6S3Ylf+Zo5DlTYsfkt0CcyfaOcZK+6akdKvD7/LPrWtA1olGVR eZyWAo/6ylY= ---- END SSH2 PUBLIC KEY ----`

ssh-ed25519

Key size:	256bit
MD5 Fingerprint:	`54:bd:f6:83:13:f1:58:70:eb:00:ad:e6:ff:b0:22:33`
SHA-256 Fingerprint:	`7p9pRhDwdHx+gQuiQPhqDSRNFAn+ED39ZW96qjON6OE`
Public key:	`---- BEGIN SSH2 PUBLIC KEY ---- Comment: "Saved by Rebex SSH" AAAAC3NzaC1lZDI1NTE5AAAAIAxs/8hJZYgK82K1ldk8nfAxUyDL7d4iO32ZlBDQ piCx ---- END SSH2 PUBLIC KEY ----`

Was this article helpful?

What's Next

ACE Third Party Vendors

Table of contents