How To: Harden SFTP settings in Titan

How To: Harden SFTP settings in Titan


Titan SFTP and Titan MFT Builds 2.x and above.

Question

How can I ensure my SFTP settings which include Ciphers/MACs/Kexes are as secure as possible?

Reasoning

would like to minimize the risk of having a security issue in my organization by configuring SFTP in Titan to have the recommended settings.

Answer

You have the option to enable/disable ciphers/macs/kexes to ensure you have the most secure setting on your environment.

Pre-Requisites

  1. Have a server instance created within Titan and SFTP enabled. 



Steps

  1. Login to the admin portal
  2. Navigate to the server instance in question.
  3. Go to the Services section and click on the SSH/SFTP tab.

A screenshot of a computerDescription automatically generated

  1. Scroll down to the “Cipher Preferences”, “Key Exchange (Kex) Preference” and “MAC Preferences”.

A screenshot of a computerDescription automatically generated

  1. Apply the recommended settings as seen in the table below:


Ciphers

MACs

KEXes

AES256-CTR

AES256-gcm

ECDH-SHA2-Curve25519

AES192-CTR

AES128-gcm

Curve25519-SHA256@libssh.org

Twofish256-CTR

Chacha20-Poly1305@openssh.com

Curve448-SHA512@libssh.org

Twofish192-CTR

HMAC-SHA2-512-etm@openssh.com

Diffie-Hellman-Group15-SHA512

AES128-CTR

HMAC-SHA2-256-etm@openssh.com

Diffie-Hellman-Group16-SHA512

Twofish128-CTR


Diffie-Hellman-Group17-SHA512

AES256-gcm@openssh.com

Diffie-Hellman-Group18-SHA512

AES128-gcm@openssh.com


AES256-gcm

 


AES128-gcm

 

 


  1. Enable the recommended settings from above and disable everything else by clicking on the checkbox next to each algorithm
  2. When done, click on apply.

    • Related Articles

    • Is Titan MFT, Titan SFTP or WebDrive impacted by the Apache Log4j2 (CVE-2021-44228) vulnerability?

      Question Is Titan MFT, Titan SFTP or WebDrive impacted by the Apache Log4j2 (CVE-2021-44228) vulnerability? Reasoning I want to confirm if the software I am using is vulnerable to the exploit found in CVE-2021-44228 so I can take the necessary ...
    • Titan SFTP Server Admin Page Fails to Load

      Question I installed Titan SFTP server and after trying to access the admin page for the first time on my browser, it fails to load. Reasoning In Titan SFTP/MFT the admin page is only accessible via web browser. Answer The most likely issue is due a ...
    • How To: Create SSH Keys and apply to a User

      How To: Create SSH Keys and apply to a User Question How can I create SSH keys for users and use it as authentication aside from password? Reasoning SSH Key Authentication is more secure than Password authentication. Answer Follow the below ...
    • How To: Create a SFTP Key in Titan SFTP Servcer

      Related To Titan SFTP and Titan MFT Server Question How do I create a SFTP keys in Titan? Reasoning I would like to be able to create a SFTP host keys for secure SFTP encrypted connections. Answer You have the option in Titan to create a SFTP keys. ...
    • KB - Titan Server Service Slow or Stopped after Reboot

      Titan Server Service is slow or not started after a Reboot Question After restarting the Server, Titan Service is slow or not started at all. How do I resolve this? Reasoning It is desired for the Titan Server Service to be running, and running ...