How To: Harden SFTP settings in Titan Nextgen

How To: Harden SFTP settings in Titan Nextgen


Titan Nextgen Builds 2.x and above.

Question

How can I ensure my SFTP settings which include Ciphers/MACs/Kexes are as secure as possible?

Reasoning

would like to minimize the risk of having a security issue in my organization by configuring SFTP in Titan Nextgen to have the recommended settings.

Answer

You have the option to enable/disable ciphers/macs/kexes to ensure you have the most secure setting on your environment.

Pre-Requisites

  1. Have a server instance created within Titan Nextgen and SFTP enabled. 



Steps

  1. Login to the admin portal
  2. Navigate to the server instance in question.
  3. Go to the Services section and click on the SSH/SFTP tab.

A screenshot of a computerDescription automatically generated

  1. Scroll down to the “Cipher Preferences”, “Key Exchange (Kex) Preference” and “MAC Preferences”.

A screenshot of a computerDescription automatically generated

  1. Apply the recommended settings as seen in the table below:


Ciphers

MACs

KEXes

AES256-CTR

AES256-gcm

ECDH-SHA2-Curve25519

AES192-CTR

AES128-gcm

Curve25519-SHA256@libssh.org

Twofish256-CTR

Chacha20-Poly1305@openssh.com

Curve448-SHA512@libssh.org

Twofish192-CTR

HMAC-SHA2-512-etm@openssh.com

Diffie-Hellman-Group15-SHA512

AES128-CTR

HMAC-SHA2-256-etm@openssh.com

Diffie-Hellman-Group16-SHA512

Twofish128-CTR


Diffie-Hellman-Group17-SHA512
AES256-gcm@openssh.com

Diffie-Hellman-Group18-SHA512
AES128-gcm@openssh.com


AES256-gcm

 


AES128-gcm

 

 


  1. Enable the recommended settings from above and disable everything else by clicking on the checkbox next to each algorithm
  2. When done, click on apply.



    • Related Articles

    • Disabling Weak and Insecure Ciphers - Hardening a Server

      Titan FTP 2019 and Cornerstone MFT 2019 Server customers can use the following steps to harden their server. The goal is to harden your server to ensure all weak ciphers are disabled and a security scan, such as those offered by QualSys, will pass. ...

    • SFTP Supported Ciphers, MACs and KEX algorithms

      The following list of Ciphers are supported in Titan/Cornerstone 2019. The 2019 product line supports the ability to enable/disable any of these items and also supports the ability to re-order the priority which they are offered up to the client. ...

    • Titan SFTP Server Admin Page Fails to Load

      Question I installed Titan SFTP server and after trying to access the admin page for the first time on my browser, it fails to load. Reasoning In Titan Nextgen the admin page is only accessible via web browser. Answer The most likely issue is due a ...

    • Is Cornerstone MFT, Titan FTP or WebDrive impacted by the Apache Log4j2 (CVE-2021-44228) vulnerability?

      Question Is Cornerstone MFT, Titan FTP or WebDrive impacted by the Apache Log4j2 (CVE-2021-44228) vulnerability? Reasoning I want to confirm if the software I am using is vulnerable to the exploit found in CVE-2021-44228 so I can take the necessary ...

    • Titan SSH Host Keys

      Titan FTP Server can use Secure File Transfer Protocol (SFTP), a Host Key Authentication method which adds Secure Shell (SSH) protection to your data transfers. This is Public Key Infrastructure (PKI), which is the use of a key pair made up of a ...