SSH2 Security Settings
To edit the SSH2 security settings
-
On the main menu, click Tools > Global Options (or press ALT+F7).
-
Expand the Security node, then click SSH2 Security. The SSH2 Security options appear.
-
In theCipherlist, s elect the check box for every cipher (encryption algorithm) you want available for SSH2 connections. See Learning about SSH2 for an explanation of the algorithms. Clear the check box for any cipher you do not want available for SSH2 connections.
-
In the MAC list, select the check box for every MAC (Message Authentication Code) you want available for SSH2 connections. See Learning about SSH2 for an explanation of MACs. Clear the check box for any MAC you do not want available for SSH2 connections.
-
Priority - Use the Priority arrows to determine the level of precedence for the selected schemes. Move your preferred cipher or MAC to the top of the list by highlighting it and clicking the up arrow outside the list. Move your least preferred Cipher or MAC to the bottom of the list by highlighting it and clicking the down arrow outside the list.
-
Select the Use data compression check box to compress transfers if the server will allow it. Clear the check box to refuse transfer compression.
-
Select the Use password authentication check box to sign on to SSH2 servers with a password (entered in your Site Manager). Clear this check box to use public/private key authentication only. You can clear this box only if you have already selected the Use public key authentication check box. If you have upgraded to CuteFTP v9 and are using key pairs created with CuteFTP v8, if the password for an existing key contains any Extended ASCII characters, the password will not work. You will have to reenter the password after upgrading to v9.
-
Select the Use public key authentication check box to sign on to SSH2 servers with a certificate (identity file). Clear this check box to only sign on to SSH2 servers with a password.
-
In the Public Key Path box, browse or type the location of the Public Key file on your local computer.
-
In the Private Key Path box, browse or type the location of the Private Key file on your local computer.
-
In the Use Passphrase box, type the appropriate passphrase for decrypting the key listed in Private Key Path.
-
In the Confirm Passphrase box, type the same passphrase again for the key listed in Private Key Path.
-
Click Create identity file to create a new Public/Private key pair. For instructions on key pair creation see Creating SSH2 key pairs.
-
Click Trusted identity list to open the Certificate Manager to see a list of public keys that you have accepted as valid. In the Certificate manager:
-
Select Import to add a public key to the trusted list.
-
Select Export to send a highlighted public key to a location or program.
-
Select Remove to delete a highlighted public key from the trusted list.
-
Select the Enable SSH operation logging with verbosity level check box, then specify one of the following levels:
-
0, 1, 2) Software malfunctions (0-2 should also be logged using log event)
-
3) External non-fatal high level errors (incorrect format received from an outside source; failed negotiation)
-
4) Positive high level info (succeeded negotiation)
-
5) Start of a high or middle level operation (start of a negotiation; opening of a device)
-
6) Uncommon situations which might be caused by a bug
-
7) Nice-to-know info (entering or exiting a function; result of a low level operation,
-
8) Data block dumps (hash, keys, certificates, other non-massive data blocks)
-
9) Protocol packet dumps (TCP, UDP, ESP, AH)
-
-
Click Apply if you are going to make changes to other pages; click OK to save changes and close the Global Options dialog box.
The private key password is stored in the registry using strong encryption. For added security, leave the passphrase fields blank. CuteFTP prompts you for the private key password when necessary.
SSH2 connections require at least one authentication method, but may require more than one. Check with your server administrator when in doubt. To use public key authentication, you must send your public key to the server administrator before making an SSH2 connection.