SSH

Encryption and Authentication Methods

To increase file transfer speed, the CryptiCore algorithm should be enabled on the server (if available). To allow non-interactive authentication, public keys can be used.

Enabling CryptiCore

The CryptiCore algorithm is supported on x86-based processor architectures. It allows increased file transfer speeds for large file transfers.

To use CryptiCore, include the following in the ssh-server-config.xml file:

<connections>
  <connection action="allow" tcp-keepalive="no">
    <rekey seconds="3600" bytes="1000000000" />
    <cipher name="crypticore128@ssh.com" />
    <mac name="crypticore-mac@ssh.com" />
  </connection>
</connections>

Using the Tectia Server Configuration GUI, this can be set under the Connections and Encryption page, on the Parameters tab. See Parameters.

Enabling Public-Key Authentication

To enable public-key authentication on the server, include the following in the ssh-server-config.xml file:

<authentication-methods login-grace-time="600">
  <banner-message />
  <auth-file-modes strict="yes" mask-bits="022" />
  <authentication>
    <auth-publickey />
  </authentication>
</authentication-methods>

The auth-file-modes element should be set to strict. This specifies that Tectia Server on Unix checks the permissions and ownership of the user's key files used for public-key authentication.

Using the Tectia Server Configuration GUI, the same settings can be made under the Authentication page, on the Parameters tab. See Parameters.

Note however, that the auth-file-modes option is not available on Windows, because strict host key checking is always used on Windows.