Setting Up SSH Servers

TIBCO MFT Internet Serverprovides an internal SSH server that can be configured and used to perform SSH transfers. Configuring this server allows TIBCO MFT Internet Server to become a host as opposed to adding an SSH server to the server definitions where TIBCO MFT Internet Server acts as the client.

1. Create an SSH system key.
   All SSH servers have a key/certificate pair. TIBCO MFT Internet Server can create the key pair for you or you may import existing keys. For example, you will generate a new key pair for your MFT SSH server to use as the default keys.
   1. Click Administration > Protocol Keys > System Keys > Create Key. Configure the following parameters:

      Parameter	Description
      System Key Type	Select SSH System Key.
      Description	Provide the key a descriptive name.
      Password	Configure the key password and confirm it.
      Expiration Date	Accept the default value or edit them if you want.
      Key Size	Accept the default value or edit them if you want.
      Signing Algorithm	Accept the default value or edit them if you want.
      Set as Default	Select this check box.
      Common Name	Configure the common name in the Distinguished Name section. Configure the rest of the Distinguished Name section if required.

   2. Click Create Key.
2. Configure the SSH server.
   1. Click Administration > Transfer Servers > SSH Server > Configure SSH Server. In the SSH Server Settings section for your MFT SSH server, configure the following parameters:

      Parameter	Description
      Enabled	Select Yes.
      IP Port	Configure the IP port. The default port is 22.
      Bind Adapter IP4 Address	Configure the bind adapter IPv4 address that will be used when listening for incoming connections on a port if required.
      Bind Adapter IP6 Address	Configure the bind adapter IPv6 address that will be used when listening for incoming connections on a port if required.
      SSH System Key	The SSH system key that you created in Step 1 is used be default. You may enter more keys to the MFT system and you would choose the key pair that you want to use by selecting the appropriate one from the list. For this example, the default key will be used.
      Key or Certificate	Define whether the SSH Server should support SSH Keys, X.509 certificates or both SSH Keys and X.509 certificates.
      Welcome Message	Provide a welcome message that users can see when they connect to the server if required.

   2. Click Update.
3. To start the MFT SSH server, click Administration > Transfer Servers > SSH Server > SSH Server Status. Click Start Server on the SSH Server Status page.
4. To configure the MFT SSH server authentication, click Administration > System Configuration to configure the Global SSH Settings section on the System Configuration page.
   By default, MFT SSH Server is configured to perform Password Only authentication. Some environments may want to change this to Key/Certificate Only authentication or use both.

   Parameter	Description
   SSH Client Authentication Method	Set the authentication method to be used for the MFT SSH server. The valid values are: Password Only, Key/Certificate Only, Key/Certificate or Password, and Key/Certificate and Password. See Adding an SSH Public Key to TIBCO MFT Internet Server for more information on adding SSH public keys to the MFT database.
   Allow Users to Add SSH Keys	If you want to allow users to add their own SSH public keys to the MFT database, click Yes.
   Initial Status of SSH Keys Added by Users	This parameter defines whether you want these keys to be enabled or disabled when users add their own SSH public keys.
   Email Recipients when User Adds SSH Key	Enter the email addresses to which an email will be sent when a user has added a new SSH public key to the MFT database. Separate multiple email addresses with a comma.
   Email Template when User Adds SSH Key	The email template that will be used when sending out notification to the email recipient in the previous parameters. The default email template is located at WEB_Server\cfcc\email-templates\email-ssh-key-notification-template.xml.