Question
How can I ensure my SFTP settings which include Ciphers/MACs/Kexes are as secure as possible?
Reasoning
I would like to minimize the risk of having a security issue in my organization by configuring SFTP in Titan to have the recommended settings.
Answer
You have the option to enable/disable ciphers/macs/kexes to ensure you have the most secure setting on your environment.
Steps
- Login to the admin portal
- Navigate to the server instance in question.
- Go to the Services section and click on the SSH/SFTP tab.
|
Ciphers |
MACs |
KEXes |
|
AES256-CTR |
AES256-gcm |
ECDH-SHA2-Curve25519 |
|
AES192-CTR |
AES128-gcm |
Curve25519-SHA256@libssh.org |
|
Twofish256-CTR |
Chacha20-Poly1305@openssh.com |
Curve448-SHA512@libssh.org |
|
Twofish192-CTR |
HMAC-SHA2-512-etm@openssh.com |
Diffie-Hellman-Group15-SHA512 |
|
AES128-CTR |
HMAC-SHA2-256-etm@openssh.com |
Diffie-Hellman-Group16-SHA512 |
|
Twofish128-CTR |
|
Diffie-Hellman-Group17-SHA512 |
| AES256-gcm@openssh.com |
Diffie-Hellman-Group18-SHA512 |
|
| AES128-gcm@openssh.com |
|
|
| AES256-gcm |
|
|
|
AES128-gcm
|
|
|
Enable the recommended settings from above and disable everything else by clicking on the checkbox next to each algorithm
When done, click on apply.