How To: Harden SFTP settings in Titan
How to ensure my SFTP settings which include Ciphers/MACs/Kexes are as secure as possible.
Steps
- Login to the admin portal
- Navigate to the server instance in question.
- Go to the Services section and click on the SSH/SFTP tab.
- Scroll down to the “Cipher Preferences”, “Key Exchange (Kex) Preference” and “MAC Preferences”.
- Apply the recommended settings as seen in the table below:
|
Ciphers |
MACs |
KEXes |
|
AES256-CTR |
AES256-gcm |
ECDH-SHA2-Curve25519 |
|
AES192-CTR |
AES128-gcm |
Curve25519-SHA256@libssh.org |
|
Twofish256-CTR |
Chacha20-Poly1305@openssh.com |
Curve448-SHA512@libssh.org |
|
Twofish192-CTR |
HMAC-SHA2-512-etm@openssh.com |
Diffie-Hellman-Group15-SHA512 |
|
AES128-CTR |
HMAC-SHA2-256-etm@openssh.com |
Diffie-Hellman-Group16-SHA512 |
|
Twofish128-CTR |
|
Diffie-Hellman-Group17-SHA512 |
| AES256-gcm@openssh.com |
Diffie-Hellman-Group18-SHA512 |
|
| AES128-gcm@openssh.com |
|
|
| AES256-gcm |
|
|
|
AES128-gcm
|
|
|
Enable the recommended settings from above and disable everything else by clicking on the checkbox next to each algorithm
When done, click on apply.