SFTP Proxy Encryption and Key Exchange Algorithms

SSH (also SFTP), or secure shell, provides a mechanism to establish a cryptographically secured connection between two parties, authenticating one side to the other, and passing commands and output back and forth. In order to secure the transmission of information, SSH employs a number of different types of data manipulation techniques, at various points during the transaction.

System admins can configure the SFTP Proxy to enable or disable the key exchange and authentication algorithms between the user and the SFTP Proxy.
To configure the SFTP Proxy to enable key exchange and authentication algorithms:
Connect to the Kron PAM server CLI interface as a Kron PAM admin user.
Set the required parameters in /u01/sftp-proxy/conf/nsso.properties. Multiple values can be used by separating the values with a comma “,”.
Parameter
Available Values
nsso.server.encryption.algorithms
[email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,arcfour256,arcfour128,3des-cbc,blowfish-cbc
nsso.server.host.key.algorithms
[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss
nsso.server.kex.algorithms
ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,diffie-hellman-group18-sha512,diffie-hellman-group17-sha512,diffie-hellman-group16-sha512,diffie-hellman-group15-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 
nsso.server.mac.algorithms
[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-9
nsso.client.encryption.algorithms 
[email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,arcfour256,arcfour128,3des-cbc,blowfish-cbc 
nsso.client.host.key.algorithms 
[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss 
nsso.client.kex.algorithms
ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,diffie-hellman-group18-sha512,diffie-hellman-group17-sha512,diffie-hellman-group16-sha512,diffie-hellman-group15-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 
nsso.client.mac.algorithms 
[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96 
Restart the SFTP Proxy service on the CLI Terminal with the command:
systemctl restart pam-sftp
﻿

Parameter	Available Values
nsso.server.encryption.algorithms	[email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,arcfour256,arcfour128,3des-cbc,blowfish-cbc
nsso.server.host.key.algorithms	[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss
nsso.server.kex.algorithms	ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,diffie-hellman-group18-sha512,diffie-hellman-group17-sha512,diffie-hellman-group16-sha512,diffie-hellman-group15-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
nsso.server.mac.algorithms	[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-9
nsso.client.encryption.algorithms	[email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,arcfour256,arcfour128,3des-cbc,blowfish-cbc
nsso.client.host.key.algorithms	[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss
nsso.client.kex.algorithms	ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,diffie-hellman-group18-sha512,diffie-hellman-group17-sha512,diffie-hellman-group16-sha512,diffie-hellman-group15-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
nsso.client.mac.algorithms	[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96

SFTP Proxy Timeout Settings

Encryption of Stored Files in SFTP Proxy