Securely transfer files using the firewall friendly SFTP protocol. With this extension ProVide will support not only FTPS (SSL/TLS) but also SFTP of the SSH file transfer protocol.
SFTP uses SSH to transfer files. Unlike standard FTP, it encrypts both commands and data, preventing passwords and sensitive information from being transmitted in clear text over the Internet. It is similar to FTP, but because it uses a different protocol, you must use a FTP client that supports SFTP.
SFTP server feature matrix
|USER MANAGEMENT – ACTIVE DIRECTORY INTEGRATION|
Support for Active Directory including users and security groups coupled with impersonation even when using public/private key authentication.
|USER MANAGEMENT – VIRTUAL USER INTEGRATION|
Integrate user access control with business systems, databases, or other general purpose user management systems. Still being able to use public/private keys defined in scripts!
|USER MANAGEMENT – ADVANCED SETUP|
Support for recursive group memberships, through AD integration or not, with detailed ability to override certain settings “down the chain” for specific users/groups.
|INTEGRATION & CUSTOMIZATION – SCRIPTING|
Execute scripts, automate processes, integrate with any other system and react to any event including file system changes.
|INTEGRATION & CUSTOMIZATION – STEALTH MODE|
Reduce access vectors by running your server in stealth mode to give no indication of what server software is used. Even the low-level SSH server identifier can be customized!
|INTEGRATION & CUSTOMIZATION – SECURITY|
Complete control to specify MAC, Encryption and Key Exchange algorithms to allow.
Known to work with all SFTP clients (if you find one that does not work, please tell us!).
Even if clients disconnect abruptly due to shaky line or whatever the service will stay up.
|SUPPORT ALL PROTOCOLS v1-6|
Full support for the IETF Internet Draft versions 1 through 6.
1 Requires MAXI license.
Public/private key authentication
Since ProVide can handle public/private keys for authentication, for instance generated with PuTTYGen, it is very robust and secure. The client keeps the private key secure on the client’s local computer and distributes the public key so that it may be imported into ProVide. ProVide will associate this public key with a user’s account and use it to verify that the client is using the correct key pair, effectively authenticating the account. ProVide supports any combination of allowing or requiering a specific private key from the client in addition to providing a password or not. You may even specify several public keys.
Using virtual users, it is also possible to generate accounts from a database or whatever source you might find necessary. The DocWiki shows a simple example on how to integrate virtual users with a public/private key authentication requirement for SFTP connections.
Taking this further, ProVide can also optionally cache Active Directory account’s passwords to enable public/private key authentication for domain accounts and even use impersonation at the same time. This makes ProVide a one-of-a-kind solution where you can combine scripting and still have impersonation security.
To access the SFTP settings you need to login on the web based Admin interface with an account that has Admin privileges then in the top menu you click on SFTP.