Titan SFTP and Titan MFT Builds 2.x and above.
Question
How can I ensure my SFTP settings which include Ciphers/MACs/Kexes are as secure as possible?
Reasoning
I would like to minimize the risk of having a security issue in my organization by configuring SFTP in Titan to have the recommended settings.
Answer
You have the option to enable/disable ciphers/macs/kexes to ensure you have the most secure setting on your environment.
Pre-Requisites
- Have a server instance created within Titan and SFTP enabled.
Steps
- Login to the admin portal
- Navigate to the server instance in question.
- Go to the Services section and click on the SSH/SFTP tab.

- Scroll down to the “Cipher Preferences”, “Key Exchange (Kex) Preference” and “MAC Preferences”.

- Apply the recommended settings as seen in the table below:
|
|
|
|
|
|
|
|
Curve25519-SHA256@libssh.org
|
|
Chacha20-Poly1305@openssh.com
|
Curve448-SHA512@libssh.org
|
|
HMAC-SHA2-512-etm@openssh.com
|
Diffie-Hellman-Group15-SHA512
|
|
HMAC-SHA2-256-etm@openssh.com
|
Diffie-Hellman-Group16-SHA512
|
|
|
Diffie-Hellman-Group17-SHA512
|
AES256-gcm@openssh.com |
|
Diffie-Hellman-Group18-SHA512
|
AES128-gcm@openssh.com |
|
|
AES256-gcm
|
|
|
AES128-gcm
|
|
|
- Enable the recommended settings from above and disable everything else by clicking on the checkbox next to each algorithm
- When done, click on apply.