Upgrade SFTP version

alicia.persaud's Avatar

alicia.persaud

11 May, 2010 02:23 PM

We are running Cascade Server 5.2.3, and we need to upgrade the SFTP implementation. Can this be upgraded separately, or does the newest version of Cascade Server have a newer implementation of SFTP?

  1. 1 Posted by Bradley Wagner on 11 May, 2010 02:32 PM

    Bradley Wagner's Avatar

    The SFTP library changes are tied to a particular version of Cascade. We haven't made any significant changes to the implementation in the last couple of years.

    However, with the forthcoming 6.7 release, we're updating the implementation significantly.

    What sorts of issues are you having?

  2. 2 Posted by alicia.persaud on 11 May, 2010 02:38 PM

    alicia.persaud's Avatar

    We set up a transport (SFTP) to another webserver in the CMS, but it isn't connecting - the Transport Test keeps failing.

    The IT people who maintain this other webserver said the following :

    "The implementation of SFTP (in the CMS) is so old that SSH has deprecated the use of those ciphers for several years. They are so weak that they can be compromised by a brute force attack within just a few minutes. Is there any way you can upgrade the version of SSH that's being used?"

  3. 3 Posted by Bradley Wagner on 11 May, 2010 02:55 PM

    Bradley Wagner's Avatar

    What version/implementation of SSH/SFTP are you trying to connect to?

    The ciphers have been updated with the newer version of the library.

    We have a 6.7 beta sandbox available for testing if you'd like to try to connect from there. You can also download the beta and test the SFTP changes on your own test server.

  4. 4 Posted by alicia.persaud on 11 May, 2010 03:32 PM

    alicia.persaud's Avatar

    We're using OpenSSH 5.5. These are the ciphers we support:

    aes128-ctr,aes256-ctr,arcfour256,arcfour,aes128-cbc,aes256-cbc

    While blowfish-cbc and 3des-cbc are supported they are considered to be security risks...

  5. 5 Posted by alicia.persaud on 11 May, 2010 03:32 PM

    alicia.persaud's Avatar

    We are looking to upgrade the CMS in July, do you know if the 6.7 release might be released by July?

    Also, will the 6.7 release include SSH key capabiltities, in addition to SFTP?

    And, do you know which version of the CMS you all last made any SFTP implementation changes to?

  6. 6 Posted by Bradley Wagner on 11 May, 2010 03:45 PM

    Bradley Wagner's Avatar

    Our new library supports all of the ciphers you mentioned including blowfish and 3des.

    6.7 should definitely be available by July.

    Are you referring to public key authentication? We do not have any immediate plans to support public key authentication. We always initiate the connection with a SSH session before opening an SFTP channel.

    We've made changes to the library in versions as recent as the 6.4.x series -- just nothing significant until 6.7.

  7. 7 Posted by alicia.persaud on 11 May, 2010 07:07 PM

    alicia.persaud's Avatar

    Thank you! Our IT support has enabled blowfish-cbc and our SFTP connection now works.

  8. Tim closed this discussion on 11 May, 2010 07:32 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac