SSH - Configuration

The MOVEit DMZ Configuration Utility program is used to configure the MOVEit DMZ SSH server. (Users, groups, folder settings and the like are generally maintained through the Web Interface or MOVEit DMZ API.) Run the configuration program by choosing the Start menu shortcut "MOVEit DMZ Config" This program uses a tabbed dialog to group the settings by function.

MOVEit DMZ SSH will immediately apply configuration changes the next time a new connection is received.

Exception: If changes are made to the SSH port, the MOVEit DMZ SSH service must be restarted for this changes to take effect.

SSH Tab

configutil_ssh.png (24753 bytes)

Server Key: The public key used for SSH sessions. This key is generated internally and the MD5 hash of the key displayed here for reference only. There is no mechanism to edit this value. Use the "View" button next to the MD5 field to view and/or export the entire SSH public key.
SSH Port: The TCP port on which to listen. The default is 22, the value used by nearly all SSH servers.
Bind to IP Address: Leave blank to bind to all available IP addresses (default). Enter a specific IP address to bind the FTP server (both explicit and implicit ports) to a specific IP address.

Exporting the SSH Public Key

To export MOVEit DMZ's SSH public key, click the "View" button on the "SSH" tab of the MOVEit DMZ Config utility. The dialog will show you the key in two different formats. To "export" it, select all the text in the window displaying the format you wish to export, press "CTRL+C" to copy the text, then save it into a text file of your choice.

configutil_viewsshkey.png (104750 bytes)

HINT: MOVEit DMZ's SSH server key never changes, so it's probably worth the extra time to export both formats of the same SSH server key while you're in the dialog. If you save these off (perhaps on an internal server) you may never need to come back to the "SSH" tab again.

Diagnostic Logs

The MOVEit DMZ SSH server's diagnostic log settings can be changed on the Status tab of the configuration utility. See the "Configuration Utility" document for more information about this tab.

Paths Tab

The MOVEit DMZ SSH server communicates with MOVEit DMZ using the "Machine URL" configured on this tab. See the "Configuration Utility" document for more information about this tab.

SSH Algorithms

The encryption and hashing algorithms the MOVEit DMZ SSH server uses are currently not configurable. (The encryption and hashing algorithms the MOVEit DMZ SSL servers - both HTTP and FTP - use are configurable.) However, certain clients may want to know which algorithms the MOVEit DMZ server supports, so this section provides a complete list.

Many SSH clients can also obtain this information from MOVEit DMZ just by connecting because the SSH protocol requires the server to list which modes it supports. In other words, there is no security reason to keep this information private.

SSH Encryption Algorithms

MOVEit DMZ SSH server supports the following encryption algorithms.

AES256-cbc
AES128-cbc
twofish256-cbc
twofish128-cbc
twofish-cbc
blowfish-cbc
3DES-cbc (a.k.a. "triple-DES")

SSH Hash Algorithms

MOVEit DMZ SSH server supports the following (keyed) hash algorithms.

HMAC-MD5
HMAC-SHA1
HMAC-MD5-96
HMAC-SHA1-96

SSH Compression Algorithms

MOVEit DMZ SSH server supports the following on-the-fly compression algorithms.

none
zlib (a.k.a. "gzip")