This page of settings is used to set options specific to the SFTP protocol. The secure connection protocol utilises the SSL secure sockets layer to make a connection to a remote host, using the same technology as ssh or scp.
The SSL protocol encompasses a number of encryption algorithms and options, most of which can be defaulted for a connection. You may need to tweak the settings depending on the SSL server you are connecting to.
The following options are available.
When using the SFTP protocol, the client end, e.g. CRiSP, needs to tell the remote end what command to execute to provide the FTP file transfer services. CRiSP contains a built in default command for launching the server in the traditional location. Some systems may install SSH services in a non-standard location, so you may need to set this to the full path on the remote end of the server. The default is to try /usr/lib/sftp-server or /usr/local/lib/sftp-server
If set then file transfers will be done using compression. This can significantly speed up transfers, especially as the files you edit will typically be In text format, rather than binary.
Enable non-standard single-DES
This option controls whether to proffer DES link encryption when using the SSH protocol version 2. DES is considered to be relatively weak compared to the other protocols, and if security is a high concern, then it is best to avoid enabling this.
Enable SSH1 protocol
SSH version 1 is an older version of the SSL protocols and is not necessarily as strong, cryptographically as the current version. Use this only if you need to talk to an older server which does not cater for SSH2.
Immitate SSH 2 MAC bug
(MAC stands for Mandatory Access control and has nothing to do with Ethernet media access control). This option lets you interoperate with certain SSH servers which had a bug in the MAC protocol. Not many of these servers should exist as they should have been upgraded by now, but you may need to set this if you get Incorrect MAC received on packet messages in the FTP debug log.
There are numerous algorithms which are supported on the SSL protocol, some being more cryptographically secure than others, but the trade off being complexity and speed of connection. For example, AES which is based on RSA technology, is very secure but can take use a lot of CPU as the challenge-response protocol is initiated on connection. (For example, measured as about 4 seconds of CPU on 1 1GHz Pentium 3, and up to 50 seconds on a DEC Alpha running at 233 MHz).
The WARN protocol entry is used as a dividing line. Any protocols above the warning line will be tried, in order, depending on the remote end. Protocols below the line (e.g. DES) will be tried but only after warning of a lowering of effective security.
Logging If this option is enabled then SSH protocol level packet dumping is performed. This should only be set if requested in order to debug connection problems with a server.