SFTP (FTP over SSH)

The traditional FTP protocol sends commands and data in “the clear” over the network/internet. This FTP data could be intercepted by an attacker, which could then be viewed and altered before sending it onto the receiver. If you are sending sensitive data over the internet, then you may want to consider the SFTP (FTP over SSH) protocol for securing data.
Secure FTP

SFTP creates an encrypted tunnel between two computer systems and will protect against the following attacks:
  • IP spoofing, where a remote host sends out packets which pretend to come from another, trusted host
  • IP source routing, where a host can pretend that an IP packet comes from another, trusted host.
  • DNS spoofing, where an attacker forges name server records
  • Interception of cleartext passwords and other data by intermediate hosts
  • Manipulation of data by attackers in control of intermediate hosts
SFTP is supported by most commercial servers and many open source servers (e.g. Linux). SFTP is an excellent protocol for transmitting large files since it compresses the data stream prior to encryption.
 
SFTP uses a combination of asymmetric (public key) cryptology and symmetric cryptology to provide strong encryption and optimal performance.
 
GoAnywhere can connect to SFTP servers for sending and receiving files. These servers can be pre-configured in GoAnywhere and selected through simple drop-down menus.
 
Example of a SFTP definition in GoAnywhere:
SFTP

Standards Support for SFTP

GoAnywhere supports the following standards for SFTP.
 
Protocol
  • SSH 2.0
Ciphers (Symmetric Encryption Algorithms)
  • Triple DES, key length of 192 bit
  • Blowfish, key length up to 448 bit
  • AES, key length up to 256 bit
MAC Algorithms
  • MAC-SHA1, key length of 160 bit, digest length of 160 bit
  • HMAC-SHA1-96, key length of 160 bit, digest length of 96 bit
  • HMAC-MD5, key length of 128 bit, digest length of 128 bit
  • HMAC-MD5-96, key length of 128 bit, digest length of 96 bit
Key Exchange Algorithms
  • Diffie-Hellman
  • MODP Groups 1, 2, 5 (1536-bit), 14 (2048-bit), 15 (3072-bit), 16 (4096-bit), 17 (6144-bit) and 18 (8192-bit).
SSH Private Keys
  • OpenSSH encoded keys
  • PEM (privacy enhanced message) encoded keys
SSH Public Keys
  • OpenSSH encoded keys
* When creating a SSH key pair with Crypto Studio, the Private key will be generated in PEM format and the Public key will be generated in IETF’s recommended format.
GoAnywhere can be installed onto IBM System i, Windows, Linux and UNIX platforms.  System i is also referred to as iSeries, as400, as/400 and i5.