Documentation

4.4. Server's process

4.4.1. Introduction

When launched, the server starts a series of file transfer services, using various file transfer protocols. It also starts the internal services used by all file transfer services; for example, the authentication service and the log service.

All services are executed under a single server process.

This page describes general server configuration options and options affecting all file transfer services.

You can access the section via the 'Server' page in Local Manager.

../_images/gallery-test-server.png

For text configuration, options affecting all services are grouped inside the server section.

Below is another sample for the server section as a text configuration:

[server]
uuid = 530019d0-92ce-11e2-9e96-0800200c9a66
name = Short_Name_For_Server
description = Long text describing the server
account = sftpplus
umask = 022
authentications = 0022b17a-30a0-4b70, ffa9-bd05-51c2-42f1
manager_authentications = 65a1-41ce-fea1-8015

4.4.2. uuid

Default value

single-server-uuid

Optional

No

Values
  • An unique identifier among all servers active in a deployment

  • Alphanumeric and dash ('-') character. No space characters.

From version

2.0.0

To version

None

Description

The universally unique identifier (UUID) allows the server to be identified when multiple servers are active in the same deployment.

It can be any unique string, but we recommend using the UUID standard format.

When aggregating audit entries (logs) or authentication requests from multiple servers, the UUID is used to identify the source server.

UUIDs are intended to be used for low-level server implementations. For a human-readable name, please use the name attribute.

Note

Once a UUID is defined, it is not recommended to change it.

To generate a UUID value, please check the dedicated documentation for admin-commands generate-uuid.

For more details, please check Wikipedia's article on UUID.

4.4.3. name

Default value

single-server-name

Optional

No

Values
  • Human-readable name for this server.

  • This may be a fully qualified domain name (FQDN).

  • Any text.

From version

2.0.0

To version

None

Description

This is a human-readable companion for the UUID.

As long as the UUID is not changed, you can change the name at any time, and the server will still be recognized in a multiple deployment architecture.

4.4.4. description

Default value

''

Optional

Yes

Values
  • Free form text describing this server.

From version

2.0.0

To version

None

Description

This can be used for any free form text attached to this server. It can include contact information about the system administrator, comments or other details specific to the installation.

4.4.4.1. product_key

Default value

Empty

Optional

Yes

Values
  • Empty

  • server-only

  • client-only

From version

4.21.0

Description

The current version of SFTPPlus doesn't require any product key in order to operate. Both server-side and client-side functionalities are available inside the same product. This configuration is here to prepare for the introduction of a product key in the next major release.

This configuration option can now be used to simplify the available configuration options from the web management interface.

Set this value to server-only to only see the configuration options relevant to file transfer servers operations.

Set this value to client-only to only see the configuration options relevant to automated client transfer operations.

Managed file transfer configuration options like the event handler or the activity audit are always available from the web console.

4.4.5. account

Default value

sftpplus

Optional

Yes

Values
  • A user under which the server will operate.

  • Empty

From version

1.6.0

To version

None

Description

This is a system account used by the server to run its main operations with restricted privileges on Unix-like systems.

To disable running the server under a dedicated account leave this value empty.

Note

This option is ignored on Windows systems, where the server will operate under the same account as the one used for starting the server.

4.4.6. umask

Default value

022

Optional

Yes

Values
  • Filemask in octal format.

From version

1.7.0

To version

None

Description

User mask file permissions (filemask) used for creating new files and folders on the server.

When creating new files, the server will use the 0666 mode, masked with the value of umask.

When creating new folders, the server will use the 0777 mode, masked with the value of umask.

Note

This option is ignored on Windows systems.

4.4.7. authentications

Default value

DEFAULT-AUTHENTICATION

Optional

Yes

Values
  • List of authentication UUIDs.

From version

2.10.0

To version

Description

Comma-separated list of UUIDs with global authentication methods enabled on this server.

The list should be ordered by priority. The server will try to use the first authentication from the list, and continue with the next method if the user is not accepted.

When not present, it defaults to the SFTPPlus embedded authentication.

Note

When a service defines its own authentication list, this global configuration is ignored.

4.4.8. manager_authentications

Default value

DEFAULT-AUTHENTICATION

Optional

Yes

Values
  • List of authentication UUIDs.

From version

3.37.0

To version

Description

Comma-separated list of UUIDs with authentication methods to be used for authenticating the administrators for the Local Manager service.

The list should be ordered by priority. The server will try to use the first authentication from the list, and continue with the next method if the user is not accepted.

When not present, it defaults to the SFTPPlus embedded authentication.

4.4.9. password_minimum_strength

Default value

4

Optional

Yes

Values
  • 0

  • 1

  • 2

  • 3

  • 4

From version

3.43.0

To version

Description

This defines the minimum strength element of the password policy applied when setting passwords through Local Manager.

This does not enforce the policy for already defined passwords or for passwords defined outside of SFTPPlus, such as OS passwords.

The available values are from 0 to 4 where 0 is a weak password while 4 is a password which is considered strong.

The following minimum lengths are defined for each strength level:

  • 0 - no length limit.

  • 1 - 4 characters

  • 2 - 7 characters

  • 3 - 9 characters

  • 4 - 11 characters

4.4.10. password_minimum_length

Default value

8

Optional

Yes

Values
  • Number

From version

3.43.0

To version

Description

This defines the minimum length element of the password policy applied when setting passwords through Local Manager.

This does not enforce the policy for already defined passwords or for passwords defined outside of SFTPPlus, such as OS passwords.

Set it to 0 to disable password length checking.

4.4.11. password_history

Default value

8

Optional

Yes

Values
  • Number

From version

4.10.0

To version

Description

This defines the number of unique new passwords that must be associated with a user account before an old password can be reused.

Set it to 0 to disable the password history policy.

If password_history was previously enabled and is now disabled, updating the password for an account will clear the history of previously used passwords for that account.

4.4.12. password_hashing_scheme

Default value

crypt-sha512

Optional

Yes

Values
  • crypt-sha512

  • crypt-sha256

  • pbkdf2_sha512

  • pbkdf2_sha256

From version

3.51.0

To version

Description

This defines the function used to hash the passwords of the internal SFTPPlus user and administrator accounts. Not applicable for OS accounts.

The following hash functions are supported:

  • crypt-sha512 - Unix Crypt SHA-512

  • crypt-sha256 - Unix Crypt SHA-256

  • pbkdf2-sha512 - RSA PKCS #5 based on SHA-512

  • pbkdf2-sha256 - RSA PKCS #5 based on SHA-256

For more info see the dedicated Modular Crypt Password Hashing section from our Supported Cryptographic Standards documentation page.

4.4.13. ssl_certificate

Default value

Empty

Optional

Yes

Values
  • Absolute path on the local filesystem.

  • Certificate in PEM text format.

  • Certificate in PKCS12 / PXF binary format.

  • Empty

From version

1.6.0

To version

None

Description

Certificate or chain of certificates in Privacy-Enhanced Mail (PEM) format or an absolute path on the local filesystem for a file containing a certificate or a chain of certificates in PEM format to be used by default for TLS/SSL services.

File content must be encoded in the Privacy-Enhanced Mail (PEM) or the PKCS12 / PFX formats.

4.4.14. ssl_key

Default value

Empty

Optional

Yes

Values
  • Absolute path on the local filesystem.

  • Key as PEM text format.

  • Empty

From version

4.0.0

Description

X.509 private key in Privacy-Enhanced Mail (PEM) format or an absolute path on the local filesystem for a file containing a X.509 private key to be used by default for TLS/SSL services.

4.4.15. ssh_host_private_keys

Default value

Empty

Optional

Yes

Values
  • Absolute path on the local filesystem.

  • Multiple absolute paths on the local filesystem, one per line.

  • Text version of a SSH private key.

  • Multiple concatenated SSH private keys in PEM format.

  • Empty.

From version

4.9.0

To version

None

Description

One or more SSH host private keys used by default for the SSH-based services (SFTP/SCP).

It can be one or more concatenated SSH private keys in PEM format.

For Putty keys, since they are not using a PEM format, only a single private key is supported. If you have to use multiple Putty keys here, convert them to a PEM format such as the OpenSSH one.

You can also configure it with one or more absolute paths on the local filesystem to files containing private SSH keys. One path per line.