When you connect with SSH2 there are two components or layers involved: the Transport and Authentication layers.
When you first attempt to connect to an SSH2 site, CuteFTP Pro and the server determine whether the transmission should be encrypted or clear, compressed or uncompressed, what Method Authentication Code (MAC) to use, and what kind of encryption (cipher) to use.
Once the encryption method is chosen:
The server sends a public key to CuteFTP Pro.
CuteFTP Pro generates a session key, and encrypts it with the server’s public key.
CuteFTP Pro then sends the encrypted session key back to server.
The server then decrypts the session key with its private key and from that time all transmitted data is encrypted with the session key.
After the Transport Layer is established, the server attempts to authenticate the client.
There are three common methods for establishing user authentication.
Public Key Authentication Method: publickey
If you haven't already entered your passphrase in SSH2 security settings, CuteFTP Pro asks you for your passphrase to activate the private key.
The private key decrypts the number and sends it back to the server.
The server recognizes the number as correct and allows the connection.
Password Authentication Method: password
Host-Based Authentication: hostbased
Finally, after the encryption method is established, and authentication is complete, the two systems are ready to exchange secure data. CuteFTP Pro will send a secured FTP connection along the encrypted data tunnel, the remote system will respond and you can begin transferring files securely.
Message Authentication Codes are algorithms used to confirm data has not been altered between the client and server.
On the menu bar, go to Tools > Global Options.
Expand Security.
Click SSH2 Security.
Select at least one Message Authentication Code from the MAC list. There are four to choose from:
MD5
SHA1
SHA1-96
MD5-96
Click OK. CuteFTP Pro tries each selected MAC with the server starting with the top method in the MAC list.
On the menu bar, go to Tools > Global Options.
Expand Security.
Click SSH2 Security.
Select at least one encryption method from the Cipher list. There are five available encryption types:
Click OK. CuteFTP Pro tries each selected encryption method with the server starting with the top method in the Cipher list.
ARCFOUR: Arcfour is intended to be compatible with the RC4 cipher trademarked by RSA Data Security, makers of the famous PGP program. It uses a 128-bit key and provides good security.
CAST128: This cipher is the CAST-128 cipher in CBC mode, with 128 bit keys.
Triple DES (3DES): This algorithm uses a 24-bit “triple key” to encrypt data 3 times. The 24-bit key is split into 3 8-bit segments and each is used for encryption. Triple DES is fast, but not as strong as the other algorithms.
Blowfish: The Blowfish algorithm is a public-domain method using a 128-bit key. Blowfish was intended to be a replacement for 3DES. It provides good security.
Twofish: Twofish is an improved version of Blowfish using a 256-bit key. It provides the strongest security available in CuteFTP Pro and should protect your data in most transfers.
If you want to use public key authentication, you will need to send your public key to the server administrator before you will be able to make an SSH2 connection.
On the menu bar, click Tools > Global Options.
Expand Security.
Click SSH2 Security.
Select the Use public key authentication check box. You are using public key authentication whenever the check box is selected, even if the box and check are dimmed.
Click OK.
On the menu bar, click Tools > Global Options.
Expand Security.
Click SSH2 Security.
Select the Use password authentication check box. You are using password authentication whenever the check box is selected, even if the box and check are dimmed.
Click OK.
You have to use at least one authentication method for an SSH2 connection. You can use both methods for the same SSH2 connection.