Exclude the selective SSH algorithms in On-Premise Poller during SFTP Transfer monitoring

Exclude the selective SSH algorithms in On-Premise Poller during SFTP Transfer monitoring

By excluding SSH algorithms, you can restrict Site24x7 SSH Client from using the excluded algorithm while connecting to the SSH server during SFTP Transfer monitoring. Follow the steps mentioned below for SSH algorithm exclusion in On-Premise Poller during SFTP Transfer Monitoring:


Ensure that the On-Premise Poller is of version 4.6.9 or above.  If not, please update the On-Premise Poller to the latest version by navigating to Admin > On-Premise Poller and then hover over the hamburger icon on the right corner of the selected poller. Then click Upgrade and wait for a few mins for it to be upgraded.

  1. Navigate to the On-Premise Poller installed directory in your system and then open the conf folder.

  2. Right-click on the EUMServer.properties file and open it in any text editor. Use the below keys to disable the algorithms in the file. Be careful not to modify any existing keys in the EUMServer.properties file:               

    1. ftp.exclude.kex.alg

    2. ftp.exclude.ciphers

    3. ftp.exclude.hamcs

    4. ftp.exclude.public.key.alg

    5. ftp.exclude.digest

For instance, to exclude "diffie-hellman-group-exchange-sha256" from KEX and "hmac-sha256" & "hmac-sha2-256-96" from HAMCs, change the value of the keys "ftp.exclude.kex.alg"and "ftp.exclude.hamcs" provide the keys as mentioned below: 
                     ftp.exclude.hamcs=hmac-sha256, hmac-sha2-256-96

# Provide a comma-seperated list of algorithms to be excluded.

#Supported Key Exchange Algorithm : diffie-hellman-group-exchange-sha256, diffie-hellman-group18-sha512, diffie-hellman-group17-sha512, diffie-hellman-group16-sha512, diffie-hellman-group15-sha512, diffie-hellman-group14-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group1-sha1

ftp.exclude.kex.alg=diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha256

#Supported Ciphers : ssh1-des, ssh1-3des, aes128-ctr, aes192-ctr, aes256-ctr, 3des-ctr, 3des-cbc, blowfish-cbc, aes128-cbc, aes192-cbc, aes256-cbc, arcfour, arcfour128, arcfour256, aes128-gcm@openssh.com, aes256-gcm@openssh.com

ftp.exclude.ciphers=aes192-ctr, aes256-ctr

#Supported HMAC : hmac-sha256, hmac-sha2-256-96, hmac-sha512, hmac-sha2-512-96, hmac-sha1, hmac-sha1-96, hmac-ripemd160, hmac-md5, hmac-md5-96

ftp.exclude.hamcs=hmac-sha256, hmac-sha2-256-96

#Supported Public Key : ssh-dss, ssh-rsa, x509v3-sign-rsa, x509v3-sign-dss, x509v3-sign-rsa-sha1, x509v3-ssh-rsa, x509v3-ssh-dss, x509v3-ecdsa-sha2-nistp256, x509v3-ecdsa-sha2-nistp384, x509v3-ecdsa-sha2-nistp521, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, x509v3-rsa2048-sha256, ssh-rsa-cert-v01@openssh.com, ssh-dss-cert-v01@openssh.com, ecdsa-sha2-nistp256-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp521-cert-v01@openssh.com, ssh-ed25519

ftp.exclude.public.key.alg=x509v3-sign-rsa, x509v3-sign-dss

#Supported Digest : MD5, SHA-1, SHA1, SHA-256, SHA-384, SHA-512

ftp.exclude.digest=SHA1, SHA-256

      3. Restart the On-Premise Poller to get the changes updated.

 If the On-Premise Poller is upgraded soon after applying the above changes, the exclusion will get reverted. Please repeat the above process in this case.

    • Related Articles

    • How secure is On-Premise Poller

      On-Premise Poller: Introduction On-Premise Poller, a lightweight agent, helps to monitor your internal network and resources behind a firewall or virtual private network (VPN). You can install On-Premise Poller in various branch offices within a ...
    • Prerequisites for installing the On-Premise Poller

      To monitor your internal network and resources behind a firewall, you need to install the On-Premise Poller within your network. You can install the On-Premise Poller on physical or virtual machines. System requirements: The machine on which the ...
    • Upgrading On-Premise Poller to the latest version

      Go to Admin > On-Premise Poller in the Site24x7 web client Click on the name of the On-Premise Poller In the dashboard that opens up, click upgrade to the latest version Confirm it in the pop-up The latest version of the On-Premise Poller will be ...
    • How to manually upgrade an On-Premise Poller

      You can upgrade an On-Premise Poller directly from the Site24x7 web console by navigating to Admin > On-Premise Poller, clicking the hamburger icon beside an On-Premise Poller, and clicking Upgrade. Learn more.  If the above method of upgrade fails, ...
    • Configure the On-Premise Poller as a monitoring location for synthetic (browser) monitors

      If you need to monitor from an internal network, install an On-Premise Poller and use it as a monitoring location for your synthetic (browser) monitors. Synthetic (browser) monitors include Web Transaction (Browser), Web Transaction (Browser) - ...