Introduction to SSH2

When you connect with SSH2 there are two components or layers involved: the Transport and Authentication layers.

Transport Layer

When you first attempt to connect to an SSH2 site, CuteFTP Professional and the server determine whether the transmission should be:

Encrypted or clear
Compressed or uncompressed
Which Method Authentication Code (MAC) to use
Which kind of encryption (cipher) to use

Once the encryption method is chosen, the following occurs:

The server sends a public key to CuteFTP.
CuteFTP generates a session key, and encrypts it with the server's public key.
CuteFTP then sends the encrypted session key back to server.
The server then decrypts the session key with its private key and, from that time on, all transmitted data is encrypted with the session key.

Authentication Layer

After the Transport Layer is established, the server attempts to authenticate the client.

Common methods for establishing user authentication include:

Public Key Authentication Method: public key

To use this method, you will need your private key and your public key, which is passed to the server. The server encrypts a random number with your public key and sends it to you.
1. If you have not already entered your passphrase in SSH2 security settings, CuteFTP asks you for your passphrase to activate the private key.
2. The private key decrypts the number and sends it back to the server.
3. The server recognizes the number as correct and allows the connection.
Password Authentication Method: password
- Using this method, the client sends its password to server. The client does not need to encrypt the password explicitly, because the SSH2 Transport layer automatically encrypts it. This is the default in CuteFTP. With this type of authentication, the connection fails if the Transport Layer cannot encrypt the data.

After the encryption method is established and authentication is complete, the two systems are ready to exchange secure data. CuteFTP Professional sends a secured FTP connection along the encrypted data tunnel, the remote system and responds and you can begin transferring files securely.

Transport Layer Settings

To select Message Authentication Codes (MAC)

Message Authentication Codes are algorithms used to confirm data has not been altered between the client and server.

On the main menu, click Tools > Global Options, or press ALT+F7.
Expand the Security node, then click SSH2 security.
In the MAC list, specify at least one Message Authentication Code from the following:
- MD5
- SHA1
- SHA1-96
- MD5-96
Click OK. CuteFTP tries each selected MAC with the server starting with the top method in the MAC list.

To select encryption methods (ciphers)

On the main menu, click Tools > Global Options, or press ALT+F7.
Expand the Security node, then click SSH2 security.
In the Cipher list, specify at least one encryption method from the following types:
- Triple DES (3DES) - This algorithm uses a 24-bit ”triple key” to encrypt data 3 times. The 24-bit key is split into 3 8-bit segments and each is used for encryption. Triple DES is fast, but not as strong as the other algorithms.
- ARCFOUR - Arcfour is intended to be compatible with the RC4 cipher trademarked by RSA Data Security, makers of the famous PGP program. It uses a 128-bit key and provides good security.
- Cast128 - This cipher is the CAST-128 cipher in CBC mode, with 128 bit keys.
- Twofish - Twofish is an improved version of Blowfish using a 256-bit key. It provides the strongest security available in CuteFTP Professional and should protect your data in most transfers.
- Blowfish - The Blowfish algorithm is a public-domain method using a 128-bit key. Blowfish was intended to be a replacement for 3DES. It provides good security.
- Twofish128 - a symmetric key block cipher with a block size of 128 bits and key sizes up to 256 bits.
- AES128 or AES256 - Advanced Encryption Standard (AES) is a symmetric-key encryption standard adopted by the U.S. government. Each of these ciphers has a 128-bit block size, with key sizes of 128 and 256 bits, respectively.
Click OK. CuteFTP Professional tries each selected encryption method with the server starting with the top method in the Cipher list.

Authentication Layer Settings

To use public key authentication

If you want to use public key authentication, you will need to send your public key to the server administrator before you will be able to make an SSH2 connection.

On the main menu, click Tools > Global Options, or press ALT+F7.
Expand the Security node, then click SSH2 security.
Select the Use public key authentication check box. You are using public key authentication whenever the check box is selected, even if the box and check are dimmed.
Click OK.

To use password authentication

On the main menu, click Tools > Global Options, or press ALT+F7.
Expand the Security node, then click SSH2 security.
Select the Use password authentication check box. You are using password authentication whenever the check box is selected, even if the box and check are dimmed.
Click OK.

You have to use at least one authentication method for an SSH2 connection. You can use both methods for the same SSH2 connection.

This online help file is for CuteFTP v8. For other versions, please refer to http://help.globalscape.com/help/.

(If the Index and Contents are hidden, click Show on the tool bar.)

If this help topic did not help you, search the Knowledgebase.
For the most up-to-date information, to view version history, updates, and activation instructions; or to download a PDF of this user guide, visit the Support Center at http://www.globalscape.com/support.

Last modified: 2018-07-16 at 9:55:50