SFTP

Enterprise level SFTP Server for Windows with support for reverse proxy, customizable MAC, encryption and key exchange algorithms, a re-active & pro active event engine as well as scripting and integration support.

SFTP uses SSH to transfer files securely, most commonly as a way to integrate/enable automatic file transfers between systems. SFTP also supports SFTP clients for end users; that require secure transactions or automatic connections, the most common example being; connecting external work spaces as local drives, perhaps but not neccessarily in combination with VPN, and a reverse proxy in a DMZ. Unlike standard FTP, SFTP encrypts both commands and data, preventing passwords and sensitive information from being transmitted in clear text over the Internet.

SFTP server feature matrix

ProVide
USER MANAGEMENT – ACTIVE DIRECTORY INTEGRATION
Support for Active Directory including users and security groups coupled with impersonation even when using public/private key authentication.
USER MANAGEMENT – VIRTUAL USER INTEGRATION
Integrate user access control with business systems, databases, or other general purpose user management systems. Still being able to use public/private keys defined in scripts!
1
USER MANAGEMENT – ADVANCED SETUP
Support for recursive group memberships, through AD integration or not, with detailed ability to override certain settings “down the chain” for specific users/groups.
INTEGRATION & CUSTOMIZATION – SCRIPTING
Execute scripts, automate processes, integrate with any other system and react to any event including file system changes.
1
INTEGRATION & CUSTOMIZATION – STEALTH MODE
Reduce access vectors by running your server in stealth mode to give no indication of what server software is used. Even the low-level SSH server identifier can be customized!
COMPATIBLE
Known to work with all SFTP clients (if you find one that does not work, please tell us!).
ROBUST CONNECTIVITY
Even if clients disconnect abruptly due to shaky line or whatever the service will stay up and transfers can be resumed.
SUPPORT ALL PROTOCOLS v1-6
Full support for the IETF Internet Draft versions 1 through 6.
INTEGRATION & CUSTOMIZATION – SECURITY
Complete control to specify which MACEncryption and Key Exchange algorithms to allow/disallow.
MAC ALGORITHMS
Available MAC algorithms are. HMAC-SHA1, HMAC-SHA1-96, HMAC-MD5, HMAC-MD5-96, NONE, HMAC-RIPEMD160, HMAC-RIPEMD, HMAC-RIPEMD-OPENSSH, HMAC-SHA256, HMAC-SHA256-96, UMAC32, UMAC64, UMAC96, UMAC128, HMAC-SHA2-256, HMAC-SHA2-512, AES128-GCM, AES256-GCM, POLY1305, SHA2-256-ETM, SHA2-512-ETM.
ENCRYPTION ALGORITHMS
Available encryption algorithms are. 3DES, BLOWFISH, TWOFISH256, TWOFISH192, TWOFISH128, AES256, AES192, AES128, SERPENT256, SERPENT192, SERPENT128, ARCFOUR, IDEA, CAST128, NONE, DES, AES128-CTR, AES192-CTR, AES256-CTR, 3DES-CTR, BLOWFISH-CTR, TWOFISH128-CTR, TWOFISH192-CTR, TWOFISH256-CTR, SERPENT128-CTR, SERPENT192-CTR, SERPENT256-CTR, IDEA-CTR, CAST128-CTR, ARCFOUR128, ARCFOUR256, AES128_GCM, AES256_GCM, AES128_GCM-OpenSSH, AES256_GCM-OpenSSH, CHACHA20, CHACHA20-OPENSSH.
KEY EXCHANGE ALGORITHMS
Available key exchange algorithms are. DIFFIE-HELLMAN-GROUP-SHA1, DIFFIE-HELLMAN-GROUP-EXCHANGE-SHA1, DIFFIE-HELLMAN-GROUP14-SHA1, DIFFIE-HELLMAN-GROUP-EXCHANGE-SHA256, RSA1024-SHA1, RSA2048-SHA256, ECDH-SHA2-NISTP256, ECDH-SHA2-NISTP384, ECDH-SHA2-NISTP521, ECDH-SHA2-NISTK163, ECDH-SHA2-NISTP192, ECDH-SHA2-NISTP224, ECDH-SHA2-NISTK233, ECDH-SHA2-NISTB233, ECDH-SHA2-NISTK283, ECDH-SHA2-NISTK409, ECDH-SHA2-NISTB409, ECDH-SHA2-NISTK571, ECDH-SHA2-CURVE25519, CURVE25519, CURVE448, GSS-GROUP-EXCHANGE-SHA1, GSS-GROUP-SHA1, GSS-GROUP14-SHA1.
Reverse Proxy (ProVide Gateway)
ProVide Gateway, is an optional reverse proxy that allow communication with ProVide through DMZ, that safely terminates all connections, and never stores any data in your DMZ. Clients do not connect directly to the server, but instead through the gateway, and in turn the server is located safely in your internal network. External clients connect as usual. ProVide Gateway has been tested and on Windows (version 7, 10, 2016, 2019) and Linux (Ubuntu 16.04.5, 18.04.4 & 20.04 LTS, Centos 8, SUSE Enterprise Server 15 SP2). ProVide Gateway is used on other Linux distributions as well.
2

1 Requires MAXI license. 2 Requires ProVide Gateway License

Public/private key authentication

Since ProVide can handle public/private keys for authentication, for instance generated with PuTTYGen, it is very robust and secure. The client keeps the private key secure on the client’s local computer and distributes the public key so that it may be imported into ProVide. ProVide will associate this public key with a user’s account and use it to verify that the client is using the correct key pair, effectively authenticating the account. ProVide supports any combination of allowing or requiering a specific private key from the client in addition to providing a password or not. You may even specify several public keys.

Using virtual users, it is also possible to generate accounts from a database or whatever source you might find necessary. The DocWiki shows a simple example on how to integrate virtual users with a public/private key authentication requirement for SFTP connections.

Taking this further, ProVide can also optionally cache Active Directory account’s passwords to enable public/private key authentication for domain accounts and even use impersonation at the same time. This makes ProVide a one-of-a-kind solution where you can combine scripting and still have impersonation security.

 

ProVide supports SFTP v1, v2,v3,v4,v5, and v6. You may also choose to allow oner or several SFTP protocols individually. Users can be set either using ProVide Server, from the Windows AD or from virtual users instantiated from files, systems or other system databases

To access the SFTP settings you need to login on the web based Admin interface with an account that has Admin privileges then in the top menu you click on SFTP.

The DocWiki lists all details regarding how to specify MACEncryption and Key Exchange algorithms.

Want more support?

Buy coupon tickets

“ProVide has provided Hartz a rock solid, robust and cost effective FTP solution for the last 2 years. I would be glad to serve as a reference for your product.”

– Jim Tooker, The Hartz Mountain Corporation