A [RFC|https://www.sftp.net/servers] compliant pure __SFTP/SCP__ server implementation. SSH [Tunneling|tunnels] is supported in CrushFTP. An SSH shell is __not allowed__ as its often the method used in exploits.  A shell has no purpose in file transfer.\\
\\
[Public / Private| UserManagerRestrictionsSSH] key authentication is supported too.  The ciphers can be customized to prevent wasted CPU usage from inefficient ciphers.\\
\\
By default, there is an SFTP server listener configured with __compatible defaults__ bound to port __2222__ readily available on first deploy.\\
\\
\\
\\
[{Image src='sftp_ssh2.jpg' width='1140' height='..' align='left' style='..' class='..' }]\\
\\
!Supported ciphers:
{{{
aes128-ctr,aes192-ctr,aes256-ctr,3des-ctr,3des-cbc,blowfish-cbc,arcfour,arcfour128,arcfour256,aes128-gcm@openssh.com,aes256-gcm@openssh.com
}}}
''aes128-cbc,aes192-cbc,aes256-cbc,chacha20-poly1305@openssh.com are also supported but not recommended due to their known insecurity.''\\
\\
!Supported KEX:
{{{
curve25519-sha2@libssh.org,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group18-sha512,diffie-hellman-group17-sha512,diffie-hellman-group16-sha512,diffie-hellman-group15-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha1
}}}
''diffie-hellman-group1-sha1  is also supported but it is not considered secure.''\\
\\
!Supported MACs:
{{{
hmac-sha256,hmac-sha2-256,hmac-sha256@ssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-256-96,hmac-sha512,hmac-sha2-512,hmac-sha512@ssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-512-96,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-md5,hmac-md5-etm@openssh.com,hmac-md5-96
}}}