Your browser does not allow storing cookies. We recommend enabling them.

Tectia

Requirements for FTP-SFTP Conversion

The FTP-SFTP conversion feature requires the connection capture component. Select the FTP-SFTP conversion and TCP tunneling option during the installation. See the installation instructions in Chapter 2.

The FTP-SFTP conversion rules are defined in the Tectia configuration GUI, or in the Connection Broker configuration file ssh-broker-config.xml, in the filter-engine element. See the section called “The filter-engine Element”.

When a global configuration file exists, (for example when Tectia ConnectSecure is controlled by Tectia Manager,) and it includes the filter-engine element, those settings are applied. The global configuration file is located in /etc/ssh2/ssh-broker-config.xml on Unix, and "C:\Program Files\SSH Communications Security\SSH Tectia\SSH Tectia Broker\ssh-broker-config.xml" on Windows.

Only if no global configuration files are available, the settings are read from the user-specific configuration file.

For configuration examples, see these sample files:

  • etc/ssh2/ssh-broker-config-example-capture.xml and etc/ssh2/ssh-broker-config-example.xml on Unix

  • "<INSTALLDIR>\SSH Tectia Broker\ssh-broker-config-example-capture.xml" and "<INSTALLDIR>\SSH Tectia Broker\ssh-broker-config-example.xml" on Windows

The destination host must have a Secure Shell Server installed. Also note that the host key for the server must already be saved as a known host key on Tectia ConnectSecure. To save the host key, connect to the server with sshg3 and save the host key sent by the server. For instructions, see First Login to a Remote Host.

When enabling FTP-SFTP conversion, consider also how the server host keys will be handled. You can choose between strict host key checking and accepting even unknown keys for the current session. For configuration instructions, see Managing Host Keys.

[Caution]Caution

Consider carefully before enabling Accept unknown host keys. Disabling the host-key checks can make you vulnerable to a man-in-the-middle attack.

The conversion rules can also be set with the Tectia Configuration GUI on the FTP-SFTP Conversion page. See Defining Filter Rules.


 

 
PrivX
 

 

 
What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.



    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH



    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now