tag:help-archives.hannonhill.com,2010-02-09:/discussions/installation/4-upgrade-sftp-versionCascade CMS: Discussion 2018-10-18T20:35:55Ztag:help-archives.hannonhill.com,2010-02-09:Comment/16567602010-05-11T14:32:05Z2010-05-11T14:32:18ZUpgrade SFTP version<div><p>The SFTP library changes are tied to a particular version of
Cascade. We haven't made any significant changes to the
implementation in the last couple of years.</p>
<p>However, with the forthcoming 6.7 release, we're updating the
implementation significantly.</p>
<p>What sorts of issues are you having?</p></div>Bradley Wagnertag:help-archives.hannonhill.com,2010-02-09:Comment/16567602010-05-11T14:38:25Z2010-05-11T14:38:29ZUpgrade SFTP version<div><p>We set up a transport (SFTP) to another webserver in the CMS,
but it isn't connecting - the Transport Test keeps failing.</p>
<p>The IT people who maintain this other webserver said the
following :</p>
<p>"The implementation of SFTP (in the CMS) is so old that SSH has
deprecated the use of those ciphers for several years. They are so
weak that they can be compromised by a brute force attack within
just a few minutes. Is there any way you can upgrade the version of
SSH that's being used?"</p></div>alicia.persaudtag:help-archives.hannonhill.com,2010-02-09:Comment/16567602010-05-11T14:55:16Z2010-05-11T14:55:16ZUpgrade SFTP version<div><p>What version/implementation of SSH/SFTP are you trying to
connect to?</p>
<p>The ciphers have been updated with the newer version of the
library.</p>
<p>We have a <a href=
"http://www.hannonhill.com/news/blog/2010/Cascade-Server-6-7-Beta-Released.html">
6.7 beta sandbox available</a> for testing if you'd like to try to
connect from there. You can also download the beta and test the
SFTP changes on your own test server.</p></div>Bradley Wagnertag:help-archives.hannonhill.com,2010-02-09:Comment/16567602010-05-11T15:32:30Z2010-05-11T15:32:30ZUpgrade SFTP version<div><p>We're using OpenSSH 5.5. These are the ciphers we support:</p>
<p>
aes128-ctr,aes256-ctr,arcfour256,arcfour,aes128-cbc,aes256-cbc</p>
<p>While blowfish-cbc and 3des-cbc are supported they are
considered to be security risks...</p></div>alicia.persaudtag:help-archives.hannonhill.com,2010-02-09:Comment/16567602010-05-11T15:32:53Z2010-05-11T15:32:53ZUpgrade SFTP version<div><p>We are looking to upgrade the CMS in July, do you know if the
6.7 release might be released by July?</p>
<p>Also, will the 6.7 release include SSH key capabiltities, in
addition to SFTP?<br></p>
<p>And, do you know which version of the CMS you all last made any
SFTP implementation changes to?</p></div>alicia.persaudtag:help-archives.hannonhill.com,2010-02-09:Comment/16567602010-05-11T15:45:28Z2010-05-11T15:48:21ZUpgrade SFTP version<div><p>Our new library supports all of the ciphers you mentioned
including blowfish and 3des.</p>
<p>6.7 <em>should definitely</em> be available by July.</p>
<p>Are you referring to public key authentication? We do not have
any immediate plans to support public key authentication. We always
initiate the connection with a SSH session before opening an SFTP
channel.</p>
<p>We've made changes to the library in versions as recent as the
6.4.x series -- just nothing significant until 6.7.</p></div>Bradley Wagnertag:help-archives.hannonhill.com,2010-02-09:Comment/16567602010-05-11T19:07:46Z2010-05-11T19:07:46ZUpgrade SFTP version<div><p>Thank you! Our IT support has enabled blowfish-cbc and our SFTP
connection now works.</p></div>alicia.persaud