Configuring and Starting the SSH Service

To configure and start the SSH service, you must first create an SSH system key for the SSH service.

Creating an SSH System Key

To create an SSH system key, complete the following steps.

    Procedure

  1. Go to Management > Protocol Keys > System Keys > Create System Key.

  2. Enter the required information described in the table below:

    Field Instruction
    System Key Type Set to SSH system key.
    Description Set to a unique value for system keys.
    Password Set to a secure password.
    Expiration Date

    Set this based on your installation's security requirements.
    Key Size

    Set to 2048 bits or higher.
    Signing Algorithm Set to SHA-256 or SHA-512.
    Set as Default Key Select the checkbox if you want this key to be the default SSH key.
    Common Name Set to the common name of the server.
    Note: Common Name is not validated during SSH key exchange. It is used for information purposes only.

  3. After entering the information, click the Create Key button.

Configuring the SSH Server

To configure the SSH server, complete the following steps.

    Procedure

  1. Go to Administration > Transfer Servers > SSH Server > Configure SSH Server.

  2. Select the Internet Server instance you want to configure.

  3. Enter the required information described in the table below:

    Field Instruction
    Enabled Set to Yes.
    IP Port Set to the desired IP port.
    SSH System Key Select the SSH system key or set to Use Default.
    Key or Certificate

    Set to Key. Very few SFTP clients support SSH certificates.
    Welcome Message

    Set a generic welcome message.

    Note: Many SFTP clients do not display the 'Welcome' message.
    Note: On UNIX machines, only root users can start ports below 1025. For best results, use an SSH port (for example, 2022) to run the MFT Internet Server, instead of running it as a root user. SSH clients can connect to port 2022, or they can connect to a passthrough load balancer using port 22 (the standard SSH port), and the load balancer can redirect the request to port 2022. Administrators can also configure an iptables command to route incoming data on port 22 to port 2022.

Starting the SSH Server

To start the SSH server, complete the following steps.

    Procedure

  1. Go to Administration > Transfer Servers > SSH Server > SSH Server Status.

  2. Select the Internet Server instance where you want to start the SSH service.

  3. Click the Status button to get the current status of the SSH server service.

  4. Click the Stop button to stop the SSH server service.

  5. Click the Start button to start the SSH server service.

Note: If the SSH service does not start, the catalina.out file might have some information about why the service did not start.

A service might not start for the following reasons:

  • You specified a port below 1025, but are not a root user.

  • The SSH port defined in the Configure SSH Server page is already in use by another process.

  • The SSH system key is expired or is less than 2048 bits.