FTPS Server Certificate: best practices

Upon installation, Syncplify.me Server! auto-generates a self-signed X.509 (SSL/TLS) Server Certificate to be used for implicit and explicit FTP (aka FTPS and FTPES). However, such certificate carries the name of “Syncplify” in the organization field, and the common name (CN) field is only suitable for localhost (127.0.0.1). Therefore you may want to generate your own certificate, or buy one from a trusted Certification Authority (CA).

If a self-signed certificate is enough for you (and for all clients that will connect to your server), then you can simply use Syncplify.me Server!’s internal certificate generator as follows. Simply click the “gear” button on the FTP(S) tab of the Configuration manager. Continue reading

SSH Server Key ≠ FTPS (SSL/TLS) Server Certificate

From time to time our users ask how to use their X.509 (SSL/TLS) certificate for SFTP.

The one-line answer is: it’s not possible. But let’s dig into the topic and explain why, and above all how to implement server certificate and keys correctly.

First of all it is important to identify which protocol we intend to use, and what are its peculiarities: Continue reading

Issues connecting to Syncplify.me Server! using FileZilla Client?

Seems like recent updates to the FileZilla Client have created some issues regarding secure (SSL and TLS) connections to Syncplify.me Server!

First of all we would like to inform our users that the issue is not caused by Syncplify.me Server!, in fact it is very well documented in two bug-reports of the FileZilla project (# 7873 and #9441) and it affects secure connections to several other servers, not just ours.

Anyhow… until a fixed version of the FileZilla Client is made available, we do recommend to download and use their version 3.7.4.1, which is the latest stable version before they broke compatibility. You can download it from SourceForge here.

Cisco UCM: backup to SFTP server

When you install Syncplify.me Server!, the installer deploys a very secure (PCI compliant) configuration. Such strong configuration, though, is not compatible with Cisco UCM backups, as Cisco UCM has a very outdated support for the SFTP protocol.

Setting all the protocol options and tweaks by hand, to properly support Cisco UCM, may be painful, as there are so many! But Syncplify.me Server! makes it easy by providing a handy drop-down list of ready-made configuration scenarios, including one that is ideal as a Cisco UCM backup target. Continue reading

Configuration Manager Default Password

If you are using Syncplify.me Server! version 1.x or 2.x, the first time you run the Configuration Manager, after installing the software, it displays a little “hint” regarding the default username and password to use at your first access.

Username: admin
Password: [there is no password, just leave the field empty]

As soon as you perform your first access, you will be required (it’s mandatory) to set a password for the admin user. This requirement is necessary for obvious security reasons.

Instead, if you are using Syncplify.me Server! version 3.x (or greater), the admin username and passwords are the ones you have chosen and set upon creation of your server instance. So there is no default value anymore, you will have to log in using username/password that you have set when you have created the particular instance you’re trying to access.

How to: turn a Temporary into a Permanent ban (blacklist)

By default all IP addresses that get automatically blacklisted (because of protocol violations or some other type of attack/hacking attempt) are Temporary. This means that they will stay in the blacklist for an amount of time that you have defined in the Configuration Manager and then they will be automatically removed from the blacklist and allowed to connect again.

But Syncplify.me Server! also supports Permanent bans. The image here below shows how to turn a Temporary ban into a Permanent one.

permanentban

Continue reading

How secure is the SFTP protocol?

Many of our users know the FTP protocol very well, and they are aware that FTPS is the same protocol protected by a SSL/TLS connection. But when it comes to SFTP, we’re challenged pretty frequently with the question “how secure is SFTP?“.

The easy one-line answer would be: SFTP is very secure. But that is obviously not a real answer, therefore if you want to know more (and why/how it is secure), please, read on.

Continue reading

Syncplify.me Server!: more on Active Directory authentication

This article covers the interaction between the client and Syncplify.me Server! in case of Active Directory authentication, and explains how auth-data sent by the client is interpreted by the server.

For the sake of our example we have set up a Windows Server 2012 R2 virtual machine, and created the “syncplify.local” domain (totally made up, you can use your own domain name of course). We have then created an AD group called “SFTP Users” (again you can create your own groups) and a couple users: “testuser” and “groupuser”. The testuser profile is only member of the “Domain Users” group, while the groupuser profile is member of “Domain Users” as well as of “SFTP Users”.

Important: if you’re using Syncplify.me Server! v4.0 or greater, please make sure you also carefully read this article before you continue.

Then we have created the two virtual profiles in Syncplify.me Server! with the usernames exactly as you see them in the picture here below:

2012R2-AD-1

Continue reading