SFTP, SCP, and SSH Tunneling are supported in CrushFTP.  A shell is not allowed as its often the method used in exploits.  A shell has no purpose in file transfer.

[Public / Private| UserManagerRestrictionsSSH] key authentication is supported too.  The ciphers can be customized to prevent wasted CPU usage from inefficient ciphers.

By default, there is an Idle Timeout set to 300 sec (5 min). Go to the SSH tab in the IP/Servers to change. In order for this change to take effect, you must restart the server for the IP.

[attachments|sftp_ssh.png]
\\
!Supported ciphers:
{{{
aes128-ctr,aes192-ctr,aes256-ctr,3des-ctr,3des-cbc,blowfish-cbc,arcfour,arcfour128,arcfour256,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
}}}
''aes128-cbc,aes192-cbc,aes256-cbc are also supported but not recommended due to their known insecurity.''\\
\\
!Supported KEX:
{{{
curve25519-sha2@libssh.org,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group18-sha512,diffie-hellman-group17-sha512,diffie-hellman-group16-sha512,diffie-hellman-group15-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha1
}}}
''diffie-hellman-group1-sha1  is also supported but it is not considered secure.''\\
\\
!Supported MACs:
{{{
hmac-sha256,hmac-sha2-256,hmac-sha256@ssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-256-96,hmac-sha512,hmac-sha2-512,hmac-sha512@ssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-512-96,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-md5,hmac-md5-etm@openssh.com,hmac-md5-96
}}}