Exclude the selective SSH algorithms in On-Premise Poller during SFTP Transfer monitoring

Exclude the selective SSH algorithms in On-Premise Poller during SFTP Transfer monitoring

By excluding SSH algorithms, you can restrict Site24x7 SSH Client from using the excluded algorithm while connecting to the SSH server during SFTP Transfer monitoring. Follow the steps mentioned below for SSH algorithm exclusion in On-Premise Poller during SFTP Transfer Monitoring:


Prerequisite:

Ensure that the On-Premise Poller is of version 4.6.9 or above.  If not, please update the On-Premise Poller to the latest version by navigating to Admin > On-Premise Poller and then hover over the hamburger icon on the right corner of the selected poller. Then click Upgrade and wait for a few mins for it to be upgraded.

  1. Navigate to the On-Premise Poller installed directory in your system and then open the conf folder.

  2. Right-click on the EUMServer.properties file and open it in any text editor. Use the below keys to disable the algorithms in the file. Be careful not to modify any existing keys in the EUMServer.properties file:               

    1. ftp.exclude.kex.alg

    2. ftp.exclude.ciphers

    3. ftp.exclude.hamcs

    4. ftp.exclude.public.key.alg

    5. ftp.exclude.digest

For instance, to exclude "diffie-hellman-group-exchange-sha256" from KEX and "hmac-sha256" & "hmac-sha2-256-96" from HAMCs, change the value of the keys "ftp.exclude.kex.alg"and "ftp.exclude.hamcs" provide the keys as mentioned below: 
                     ftp.exclude.hamcs=hmac-sha256, hmac-sha2-256-96
                     ftp.exclude.kex.alg=diffie-hellman-group-exchange-sha256

# Provide a comma-seperated list of algorithms to be excluded.

#Supported Key Exchange Algorithm : diffie-hellman-group-exchange-sha256, diffie-hellman-group18-sha512, diffie-hellman-group17-sha512, diffie-hellman-group16-sha512, diffie-hellman-group15-sha512, diffie-hellman-group14-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group1-sha1

ftp.exclude.kex.alg=diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha256

#Supported Ciphers : ssh1-des, ssh1-3des, aes128-ctr, aes192-ctr, aes256-ctr, 3des-ctr, 3des-cbc, blowfish-cbc, aes128-cbc, aes192-cbc, aes256-cbc, arcfour, arcfour128, arcfour256, aes128-gcm@openssh.com, aes256-gcm@openssh.com

ftp.exclude.ciphers=aes192-ctr, aes256-ctr


#Supported HMAC : hmac-sha256, hmac-sha2-256-96, hmac-sha512, hmac-sha2-512-96, hmac-sha1, hmac-sha1-96, hmac-ripemd160, hmac-md5, hmac-md5-96


ftp.exclude.hamcs=hmac-sha256, hmac-sha2-256-96


#Supported Public Key : ssh-dss, ssh-rsa, x509v3-sign-rsa, x509v3-sign-dss, x509v3-sign-rsa-sha1, x509v3-ssh-rsa, x509v3-ssh-dss, x509v3-ecdsa-sha2-nistp256, x509v3-ecdsa-sha2-nistp384, x509v3-ecdsa-sha2-nistp521, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, x509v3-rsa2048-sha256, ssh-rsa-cert-v01@openssh.com, ssh-dss-cert-v01@openssh.com, ecdsa-sha2-nistp256-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp521-cert-v01@openssh.com, ssh-ed25519

ftp.exclude.public.key.alg=x509v3-sign-rsa, x509v3-sign-dss

#Supported Digest : MD5, SHA-1, SHA1, SHA-256, SHA-384, SHA-512


ftp.exclude.digest=SHA1, SHA-256

      3. Restart the On-Premise Poller to get the changes updated.

 If the On-Premise Poller is upgraded soon after applying the above changes, the exclusion will get reverted. Please repeat the above process in this case.

    • Related Articles

    • How secure is On-Premise Poller

      On-Premise Poller: Introduction On-Premise Poller, a lightweight agent, helps to monitor your internal network and resources behind a firewall or virtual private network (VPN). You can install On-Premise Poller in various branch offices within a ...
    • Prerequisites for installing the On-Premise Poller

      To monitor your internal network and resources behind a firewall, you need to install the On-Premise Poller within your network. You can install the On-Premise Poller on physical or virtual machines. System requirements: The machine on which the ...
    • Upgrading On-Premise Poller to the latest version

      Go to Admin > On-Premise Poller in the Site24x7 web client Click on the name of the On-Premise Poller In the dashboard that opens up, click upgrade to the latest version Confirm it in the pop-up The latest version of the On-Premise Poller will be ...
    • How to manually upgrade an On-Premise Poller

      You can upgrade an On-Premise Poller directly from the Site24x7 web console by navigating to Admin > On-Premise Poller, clicking the hamburger icon beside an On-Premise Poller, and clicking Upgrade. Learn more.  If the above method of upgrade fails, ...
    • How do I manually change the IP address or hostname of On-Premise Poller?

      You can manually change the On-Premise Poller's IP address or hostname by following the steps below. Stop the On-Premise Poller service. Windows: Navigate to Start > Settings > Control Panel. Under Administrative Tools, click Services. You can also ...