Manage the SSH server

Secure Shell (SSH) is a command interface and protocol that a user can use to connect to a remote host over an encrypted connection. SecureTransport provides an SSH server that authenticates users of an SSH or SFTP client and enables users to perform file transfers over an SSH channel.

Note The default port number for the SecureTransport SSH server is 22 for a root installation, and 8022 for a non-root installation. This port is typically assigned to the native SSH server. The SecureTransport SSH server and the native SSH server cannot share the same port. Use another available port for the SecureTransport SSH server. If the SSH port number is changed, restart the SSH server to apply the change.

For information about more SSH settings, see Configure SSH server settings.

The following topics provide additional information for managing the SSH server:

Related topics:

SCP and SFTP support

The SecureTransport SSH server supports the protocol version and the following SSH file transfer features:

  • Secure Copy (SCP)
  • Secure File Transfer Protocol (SFTP)

SecureTransport SSH file transfers can be performed using third-party SSH clients that support SFTP or SCP. (For a complete list of supported SSH clients, see Axway and third-party software support.)

Note SecureTransport SSH does not support guaranteed delivery of file transfers and interactive SSH sessions.

SCP and SFTP commands use the pattern matching rules in the following table. A file name is composed of regular characters and special pattern matching characters that include the following:

Pattern Description
? Matches zero or one characters.
* Matches zero or more characters.

[abc]

Matches a single character from the character listed.

[a-b]

Matches a single character in the range from character a to character b.

[^abc]

Matches a single character that is not listed.

[^a-b]

Matches a single character not in the range from character a to character b.
/ Matches one or more directory path separator characters. Slash (/) is sensitive to the underlying operating system and matches the native directory path separator character for the underlying system. For example, it matches / on UNIX-based systems and matches both / and \ on Microsoft Windows systems. This makes it possible to use the same file name pattern on any operating system.
any other character Matches that character literally.
pq Matches pattern p followed by pattern q.
!p Matches any string that pattern p does not match.
\c Backslash (\) removes (escapes) any special meaning of character c.

Secure File Transfer Protocol

Secure File Transfer Protocol (SFTP) is a protocol for transferring files over an encrypted SSH channel.

While the SFTP protocol provides a wide-range of operations, not all of these operations are relevant to SecureTransport file transfers. The SecureTransport SSH server accepts the following SFTP client file operations only:

  • Upload and download (including cancel and resume)
  • Create directory
  • Remove directory
  • Remove file
  • Rename file
  • Get directory listings
  • Change file mode

SSH settings

If you are using SSH, specify the SSH settings for both the SecureTransport Edge and SecureTransport Server.

  1. Select one or both of Enable Secure File Transfer Protocol (SFTP) and Enable Secure Copy (SCP).
  2. Type a port for the SSH server.
  3. If the operating system SSH server is using port 22, assign a different port number. To avoid a port conflict, you can disable SSH at the OS level or assign it a different port number instead of changing the port number in SecureTransport. To avoid this conflict, the operating system SSH port for Axway appliances is 10022 by default.
  4. Select an SSH Key Alias from the drop-down list. The list includes only certificates with RSA keys. SecureTransport does not support DSA keys.
  5. To restrict SSH (SFTP and SCP) connections to FIPS 140-2 Level 1 certified cryptographic libraries, select the Enable FIPS Transfer Mode check box. For more information, see FIPS transfer mode.
  6. Click Start.

To view the SSH Server Public Key Fingerprint, click View Fingerprint.

Note View Fingerprint does not work until a key alias is assigned and the page is updated.

Configure third party clients for SSH

Some third-party clients might provide a Resume function that is not compatible with SSH in SecureTransport.

The Resume function fails because of a conflict with post-transmission actions: the file is uploaded using a different extension, such as .part and once uploaded the third party client renames it back to the original file name. At this point the post-transmission actions cause the transfer to fail because SecureTransport cannot find the file with the .part extension. To avoid this issue, disable the third party client resume feature.

Related Links