Configuring the SSH Server Security Provider

Reference:

Installation of the SFTPserver installs a new Secure Shell Provider within the iSM listing of providers as shown in the example below.

  1. Click Secure Shell Provider.

    The Defined SSH Providers dialog box is displayed.

  2. Click New to add a new provider.

Reference: SFTP SSH Shell Provider

The following table lists and describes parameters for the SFTP SSH Shell Provider.

Parameter

Description

SSH Providers

Key Exchange Factories*

Select classes used to exchange keys between the SSH client and the this SSH server.

Currently the SSH Server listener supports the Diffie-Hellman (DH) key exchange. DH is commonly used when you encrypt data on the Web using either SSL or TSL (Secure Socket Layer and Transport Layer Security Respectively).

diffie-hellman-group1-sha. This group provides basic security (768-bit key) and good performance.

diffe-hellman-group14-sha1. This group provides a stronger security (2048 bits key vs. 768 bits) than the diffie-hellman-group1-sha1. Please note that this group is not supported by the default JCE provider.

You can choose to support one or the other or both.

Random Factory

Pseudo random number generator.

Only Bouncy Castle version of the Random Number generator is supported by the SSH Server listener.

Cipher Factories*

Classes for a cryptographic cipher, used either for encryption or decryption.

Compression Factories*

Classes used to compress the stream of data between the server and SSH clients.

MAC Factories*

Classes used for Message Authentication Code for use in SSH.

Signature Factory*

Classes used by the server to sign and verify packets sent between the server and client.

Key Pair File

Provider*

Provider for key pairs. The provider is used to create the SSH Key Pair repository when it doesn't exist. When the repository exists the Provider returns the Key Pair generated by the Signature Factory that was used to create the repository.

Key Pair File Signature*

Used by the SFTPServer to sign the Key Pair File that is generated if the Key Pair File does not exist.

Key Pair File Path*

Fully qualified path to the Key Pair File. If the path points to a file that does not exist the Provider will create a Key Pair file at this location using the Key Pair File Signature that was selected.

Enter any directory accessible to iSM and use the name key.ser. The name doesn't matter at this point the file will be generated (or regenerated) if it doesn't exist.

Key Pair File Password

Password for the SSH Key Pair file

Authentication

Password Authenticator*

The class used by the server to authenticate the SSH client's password.

Select "File Based Authenticator" unless you have created a JDBC based authentication for the iSM SFTPServer. Both the SFTPServer and FTPServer share the same authentication algorithms.

Note: Both the SFTPServer and FTPServer share the same authentication algorithms; and can share the same files/RDBMS tables.

Public Key Authenticator*

The class to authenticate the SSH client's public keys.

User Repository

Repository Type

How the user repository is stored. The repository can be stored either as an XML file or as a JDBC database. This repository defines the users permitted to exchange messages with this server along with their mailbox and security characteristics.

Security File

Security file location. This field is required either when the Repository Type is set to XML.

JDBC Provider Name

Name of the JDBC Data Provider. If repository is set to JDBC.

Basic

Reuse Address.

If true, when the connection is closed, immediately make the address available, bypassing TCP's defaults.

Connections Backlog*

Number of connections allowed to queue up before a failure