Enterprise level SFTP Server for Windows with support for reverse proxy, customizable MAC, encryption and key exchange algorithms, a re-active & pro active event engine as well as scripting and integration support.
SFTP uses SSH to transfer files securely, most commonly as a way to integrate/enable automatic file transfers between systems. SFTP also supports SFTP clients for end users; that require secure transactions or automatic connections, the most common example being; connecting external work spaces as local drives, perhaps but not neccessarily in combination with VPN, and a reverse proxy in a DMZ. Unlike standard FTP, SFTP encrypts both commands and data, preventing passwords and sensitive information from being transmitted in clear text over the Internet.
SFTP server feature matrix
|USER MANAGEMENT – ACTIVE DIRECTORY INTEGRATION|
Support for Active Directory including users and security groups coupled with impersonation even when using public/private key authentication.
|USER MANAGEMENT – VIRTUAL USER INTEGRATION|
Integrate user access control with business systems, databases, or other general purpose user management systems. Still being able to use public/private keys defined in scripts!
|USER MANAGEMENT – ADVANCED SETUP|
Support for recursive group memberships, through AD integration or not, with detailed ability to override certain settings “down the chain” for specific users/groups.
|INTEGRATION & CUSTOMIZATION – SCRIPTING|
Execute scripts, automate processes, integrate with any other system and react to any event including file system changes.
|INTEGRATION & CUSTOMIZATION – STEALTH MODE|
Reduce access vectors by running your server in stealth mode to give no indication of what server software is used. Even the low-level SSH server identifier can be customized!
Known to work with all SFTP clients (if you find one that does not work, please tell us!).
Even if clients disconnect abruptly due to shaky line or whatever the service will stay up and transfers can be resumed.
|SUPPORT ALL PROTOCOLS v1-6|
Full support for the IETF Internet Draft versions 1 through 6.
|INTEGRATION & CUSTOMIZATION – SECURITY|
Complete control to specify which MAC, Encryption and Key Exchange algorithms to allow/disallow.
Available MAC algorithms are. HMAC-SHA1, HMAC-SHA1-96, HMAC-MD5, HMAC-MD5-96, NONE, HMAC-RIPEMD160, HMAC-RIPEMD, HMAC-RIPEMD-OPENSSH, HMAC-SHA256, HMAC-SHA256-96, UMAC32, UMAC64, UMAC96, UMAC128, HMAC-SHA2-256, HMAC-SHA2-512, AES128-GCM, AES256-GCM, POLY1305, SHA2-256-ETM, SHA2-512-ETM.
Available encryption algorithms are. 3DES, BLOWFISH, TWOFISH256, TWOFISH192, TWOFISH128, AES256, AES192, AES128, SERPENT256, SERPENT192, SERPENT128, ARCFOUR, IDEA, CAST128, NONE, DES, AES128-CTR, AES192-CTR, AES256-CTR, 3DES-CTR, BLOWFISH-CTR, TWOFISH128-CTR, TWOFISH192-CTR, TWOFISH256-CTR, SERPENT128-CTR, SERPENT192-CTR, SERPENT256-CTR, IDEA-CTR, CAST128-CTR, ARCFOUR128, ARCFOUR256, AES128_GCM, AES256_GCM, AES128_GCM-OpenSSH, AES256_GCM-OpenSSH, CHACHA20, CHACHA20-OPENSSH.
|KEY EXCHANGE ALGORITHMS|
Available key exchange algorithms are. DIFFIE-HELLMAN-GROUP-SHA1, DIFFIE-HELLMAN-GROUP-EXCHANGE-SHA1, DIFFIE-HELLMAN-GROUP14-SHA1, DIFFIE-HELLMAN-GROUP-EXCHANGE-SHA256, RSA1024-SHA1, RSA2048-SHA256, ECDH-SHA2-NISTP256, ECDH-SHA2-NISTP384, ECDH-SHA2-NISTP521, ECDH-SHA2-NISTK163, ECDH-SHA2-NISTP192, ECDH-SHA2-NISTP224, ECDH-SHA2-NISTK233, ECDH-SHA2-NISTB233, ECDH-SHA2-NISTK283, ECDH-SHA2-NISTK409, ECDH-SHA2-NISTB409, ECDH-SHA2-NISTK571, ECDH-SHA2-CURVE25519, CURVE25519, CURVE448, GSS-GROUP-EXCHANGE-SHA1, GSS-GROUP-SHA1, GSS-GROUP14-SHA1.
|Reverse Proxy (ProVide Gateway)|
ProVide Gateway, is an optional reverse proxy that allow communication with ProVide through DMZ, that safely terminates all connections, and never stores any data in your DMZ. Clients do not connect directly to the server, but instead through the gateway, and in turn the server is located safely in your internal network. External clients connect as usual. ProVide Gateway has been tested and on Windows (version 7, 10, 2016, 2019) and Linux (Ubuntu 16.04.5, 18.04.4 & 20.04 LTS, Centos 8, SUSE Enterprise Server 15 SP2). ProVide Gateway is used on other Linux distributions as well.
1 Requires MAXI license. 2 Requires ProVide Gateway License
Public/private key authentication
Since ProVide can handle public/private keys for authentication, for instance generated with PuTTYGen, it is very robust and secure. The client keeps the private key secure on the client’s local computer and distributes the public key so that it may be imported into ProVide. ProVide will associate this public key with a user’s account and use it to verify that the client is using the correct key pair, effectively authenticating the account. ProVide supports any combination of allowing or requiering a specific private key from the client in addition to providing a password or not. You may even specify several public keys.
Using virtual users, it is also possible to generate accounts from a database or whatever source you might find necessary. The DocWiki shows a simple example on how to integrate virtual users with a public/private key authentication requirement for SFTP connections.
Taking this further, ProVide can also optionally cache Active Directory account’s passwords to enable public/private key authentication for domain accounts and even use impersonation at the same time. This makes ProVide a one-of-a-kind solution where you can combine scripting and still have impersonation security.
To access the SFTP settings you need to login on the web based Admin interface with an account that has Admin privileges then in the top menu you click on SFTP.