Introduction to SSH2

When you connect with SSH2 there are two components or layers involved: the Transport and Authentication layers.

Transport Layer

When you first attempt to connect to an SSH2 Site, CuteFTP and the server determine whether the transmission should be:

• Encrypted or clear

• Compressed or uncompressed

• Which Method Authentication Code (MAC) to use

• Which kind of encryption (cipher) to use

Once the encryption method is chosen, the following occurs:

1. The server sends a public key to CuteFTP.

2. CuteFTP generates a session key, and encrypts it with the server's public key.

3. CuteFTP then sends the encrypted session key back to server.

4. The server then decrypts the session key with its private key and, from that time on, all transmitted data is encrypted with the session key.

Authentication Layer

After the Transport Layer is established, the server attempts to authenticate the client.

Common methods for establishing user authentication include:

• Public Key Authentication Method: public key

  To use this method, you will need your private key and your public key, which is passed to the server. The server encrypts a random number with your public key and sends it to you.

1. If you have not already entered your passphrase in SSH2 security settings, CuteFTP asks you for your passphrase to activate the private key.

2. The private key decrypts the number and sends it back to the server.

3. The server recognizes the number as correct and allows the connection.

• Password Authentication Method: password

Using this method, the client sends its password to server. The client does not need to encrypt the password explicitly, because the SSH2 Transport layer automatically encrypts it. This is the default in CuteFTP. With this type of authentication, the connection fails if the Transport Layer cannot encrypt the data.

After the encryption method is established and authentication is complete, the two systems are ready to exchange secure data. CuteFTP sends a secured FTP connection along the encrypted data tunnel, the remote system and responds and you can begin transferring files securely.

Transport Layer Settings

To select Message Authentication Codes (MAC)

Message Authentication Codes are algorithms used to confirm data has not been altered between the client and server.

1. On the main menu, click Tools > Global Options, or press ALT+F7.

2. Expand the Security node, then click SSH2 security.

3. In the MAC list, specify at least one Message Authentication Code.

4. Click OK. CuteFTP tries each selected MAC with the server starting with the top method in the MAC list.

To select encryption methods (ciphers)

1. On the main menu, click Tools > Global Options, or press ALT+F7.

2. Expand the Security node, then click SSH2 security.

3. In the Cipher list, specify at least one encryption method.

4. Click OK. CuteFTP tries each selected encryption method with the server starting with the top method in the Cipher list.

Authentication Layer Settings

To use public key authentication

If you want to use public key authentication, you will need to send your public key to the server administrator before you will be able to make an SSH2 connection.

1. On the main menu, click Tools > Global Options, or press ALT+F7.

2. Expand the Security node, then click SSH2 security.

3. Select the Use public key authentication check box. You are using public key authentication whenever the check box is selected, even if the box and check are dimmed.

4. Click OK.

To use password authentication

1. On the main menu, click Tools > Global Options, or press ALT+F7.

2. Expand the Security node, then click SSH2 security.

3. Select the Use password authentication check box. You are using password authentication whenever the check box is selected, even if the box and check are dimmed. If you have upgraded to CuteFTP v9 and are using key pairs created with CuteFTP v8, if the password for an existing key contains any Extended ASCII characters, the password will not work. You will have to reenter the password after upgrading to v9.

4. Click OK.

You have to use at least one authentication method for an SSH2 connection. You can use both methods for the same SSH2 connection.