Quick Start for SFTP(Service)

View some of the Frequently Asked Questions to our support staff. Included are some tips and tricks making this forum ideal for users getting started with GoAnywhere MFT. Note: Users can reply to existing topics but only our support staff can add new topics to this forum.
1 post Page 1 of 1

Support_Philip

User avatar
Posts: 42
Joined: Wed Jun 21, 2017 8:12 am

Post by Support_Philip » Thu Feb 07, 2019 12:16 pm
Configuring the SFTP service


The SFTP Service Configuration page provides the configuration options for the SFTP Service. From this page, modify or add service parameters such as: Login parameters, Port Numbers, Listeners, etc.

  • To manage the SFTP Service, log in as an Admin User with the Product Administrator role.
  • From the main menu bar, select Services and then click the Service Manager link.
  • Click the Action icon next to the SFTP Service, and then click the Edit icon.
SFTP1.PNG
sftp2.PNG
Maximum Logins

This is the maximum number of sessions allowed to the service at any given time.

Login Failure Delay

The length of time in seconds a Web User must wait before they can retry their login. This delay not only gives the Web User time to think about their User Name and Password, but it also will deflect multiple login attempts in fast succession from an organized online attack.

Maximum Login Failures

This value represents the number of failed login attempts before the SFTP connection is closed.

Idle Timeout


The idle time in seconds before the connection will timeout.

SCP Enabled

When enabled, GoAnywhere provides Secure Copy (SCP) support for secure file exchange with a client using SCP. SCP is much like SFTP, using FTP over SSH.

Min DH Group Exchange Key Size

Select the minimum key size to allow for the key exchange when using diffie-hellman-group-exchange-sha1 or sha256 key exchange algorithms. Smaller key sizes are less secure but may increase transfer speeds. The default minimum key size is 1024.

Max DH Group Exchange Key Size


Select the maximum key size to allow for the key exchange when using diffie-hellman-group-exchange-sha1 or sha256 key exchange algorithms. Larger key sizes are more secure but may decrease transfer speeds. The default maximum key size is 8192.

Enabled Cipher Algorithms

The Cipher Algorithms in the left column are available, the ones in the right column are enabled. By default all Cipher Suites are enabled to provide the most options between different clients and servers. Although encrypted, the cipher suite automatically selected by the connection may not be the most secure. This list allows you to limit which ciphers are used. Follow the instructions below to select which Cipher Algorithms are used:

Perform the following steps to enable Cipher Algorithms:


On the left side of the page, click to select (highlight) the Cipher Algorithm(s) to enable. Multiple entries can be selected by pressing the Ctrl or Shift key while clicking the mouse.
When the desired Cipher Algorithms are selected, click the Arrow icon arrow between the group boxes to move the algorithms from left to right.
Perform the following steps to disable Cipher Algorithms:

On the right side of the page, click to select (highlight) the Cipher Algorithm(s) to disable. Multiple entries can be selected by pressing the Ctrl or Shift key while clicking the mouse.
When the desired Cipher Algorithms are selected, click the Arrow icon arrow between the group boxes to move the algorithms from right to left.
Enabled Mac Algorithms

The SSH transport layer handles algorithm negotiation between the server and client over TCP/IP. Negotiation begins when the SSH client and server send each other textual information that identifies their SSH version. If they both agree that the versions are compatible, the client and server exchange lists that specify the algorithms that they support for key exchange, encryption and data integrity via a message authentication code (MAC). These lists are protected by their own encryption algorithms. The Mac Algorithms in the left column are available, the ones in the right column are enabled.

Perform the following steps to enable Mac Algorithms:

On the left side of the page, click to select (highlight) the Mac Algorithm(s) to enable. Multiple entries can be selected by pressing the Ctrl or Shift key while clicking the mouse.
When the desired Mac Algorithms are selected, click the Arrow icon Right arrow between the group boxes to move the algorithms from left to right.
Perform the following steps to disable Mac Algorithms:

On the right side of the page, click to select (highlight) the Mac Algorithm(s) to disable. Multiple entries can be selected by pressing the Ctrl or Shift key while clicking the mouse.
When the desired Mac Algorithms are selected, click the Arrow icon Left arrow between the group boxes to move the algorithms from right to left.
Enabled Key Exchange Algorithms

The Diffie-Hellman Key exchange algorithms to use between the server and client. The Key Exchange Algorithms in the left column are available, the ones in the right column are enabled. This list allows you to limit which Key Exchange Algorithms are used.

Perform the following steps to enable Key Exchange Algorithms:

On the left side of the page, click to select (highlight) the Key Exchange Algorithm(s) to enable. Multiple entries can be selected by pressing the Ctrl or Shift key while clicking the mouse.
When the desired Key Exchange Algorithms are selected, click the Arrow icon arrow between the group boxes to move the algorithms from left to right.
Perform the following steps to disable Key Exchange Algorithms:

On the right side of the page, click to select (highlight) the Key Exchange Algorithm(s) to disable. Multiple entries can be selected by pressing the Ctrl or Shift key while clicking the mouse.
When the desired Key Exchange Algorithms are selected, click the Arrow icon Left arrow between the group boxes to move the algorithms from right to left.
Enabled Compression Algorithms

Compression Algorithms help shrink the file size during transport to reduce the transfer time and bandwidth used. The Compression Algorithms in the left column are available, the ones in the right column are enabled.

Perform the following steps to enable Compression Algorithms:

On the left side of the page, click to select (highlight) the Compression Algorithm(s) to enable. Multiple entries can be selected by pressing the Ctrl or Shift key while clicking the mouse.
When the desired Compression Algorithms are selected, click the Arrow icon Right arrow between the group boxes to move the algorithms from left to right.
Perform the following steps to disable Compression Algorithms:

On the right side of the page, click to select (highlight) the Compression Algorithm(s) to disable. Multiple entries can be selected by pressing the Ctrl or Shift key while clicking the mouse.
When the desired Compression Algorithms are selected, click the Arrow icon Left arrow between the group boxes to move the algorithms from right to left.
Welcome Message

The welcome message is displayed during the SSH handshake when a client connects using SFTP. Not all SFTP clients display the Welcome Message.

Software Version

The software name or version is exchanged with a client during the initial SFTP connection. The value in this field cannot contain whitespaces. The default value is GoAnywhere followed with the installed version number.

Comments

The comments field is used for a custom message that is sent along with the software version and connection string to a Web User when they authenticate.

Listener Settings
sftp3.PNG
sftp3.PNG (6.27 KiB) Viewed 174 times
Name

Providing an identifiable name for the Listener helps identify it in the Configuration Outline list.

Port

Set the port number that the Listener will monitor for connections.

TIP:
If using GoAnywhere Gateway, any changes to the Port number will also need to be updated on the Gateway Configuration page for the related Service Mappings.

Local Address

This is the IP address of the server hosting the port to which GoAnywhere is Listening. If available, you can also select it from the drop-down list.

TIP:
If using GoAnywhere Gateway, any changes to the Local Address will also need to be updated on the Gateway Configuration page as the "To Address" for the SFTP Service Mapping.

Domain


A Domain can be specified to restrict this listener to only allow Web Users in that Domain. When left blank, any Web User can login regardless of which Domain they belong to.

Authentication Types Allowed

Indicates which authentication types are allowed on this listener - Password, Public Key, or Either. If left blank, the default value is Either. When a Web User attempts to authenticate, this setting, as well as the authentication type specified on the individual Web User account, are verified.

Start the SFTP server.

SSH Key Authentication

If the Web User authenticates using an SSH key, follow the steps below:
  • Have your trading partner send you their SSH public key.
  • Import the SSH public key for the Web User.
Change the Web User's Authentication Type:
  • From the Dashboard, point to Security and then click Web User.
  • On the Web Users page, click the Edit icon Edit icon next to the Web User.
  • In the Edit Web User page, click the Authentication tab and change the SFTP Authentication Type to Public Key.
  • Click the Save button icon button.
When the SFTP client connects to the server, it will look up the client’s public key in the Key Management System based on the Fingerprint. The Web User authenticates if the public key matches the public key sent by the client and the Web User must be in a Domain that has access to the Key Vault where the public key resides.
Philip Horn
Support Analyst
e. philip.horn@helpsystems.com
p. 1-800-949-4696
w. GoAnywhere.com | HelpSystems.com
1 post Page 1 of 1