# Server Connection: SFTP Fields with the asterisk \* are mandatory.
ValueDescription
SERVER NAME *Enter a unique name for the server.
DESCRIPTION * Provide a brief description of the server.
PORT *Enter the port to connect to the server. This is the TCP/IP port the server will listen to in the STENG node.
SERVER KEYLABEL *Enter the Key identifier of the key store to select Private Key and Certificate to create SSL connection.
The ecda-sha2-nistp25 key algorithm is supported.
MAX SESSIONSpecify the maximum number of active sessions.
CONNECTION TIMEOUTDefine the number of seconds without network activity to wait before closing a session due to inactivity. Default value: 60.
ALLOW SCPSet this toggle to ON to enable the SCP protocol.
ALLOWED CLIENT AUTHENTICATION MODES *This field refers to the SSH client authentication mechanism. Possible values:
- PUBLICKEY
- PASSWORD
- PASSWORD_AND_PUBLICKEY
- PASSWORD_OR_PUBLICKEY
ACCEPTED CIPHER SUITESSelect the cipherSuites accepted to establish SSL connection.
For a list of all accepted Cipher Suites, follow this link.
MAC ALGORITHMS

Possible values:

  • HMAC_MD5
  • HMAC_SHA1
  • HMAC_SHA1_ETM
  • HMAC_MD5_96
  • HMAC_SHA1_96
  • HMAC_SHA256
  • HMAC_SHA2_256
  • HMAC_SHA2_256_ETM
  • HMAC_SHA2_512
  • HMAC_SHA2_512_ETM
KEY EXCHANGE ALGORITHMS

Possible values:

  • DIFFIE_HELLMAN_GROUP1_SHA1
  • DIFFIE_HELLMAN_GROUP14_SHA1
  • DIFFIE_HELLMAN_GROUP14_SHA256
  • DIFFIE_HELLMAN_GROUP15_SHA512
  • DIFFIE_HELLMAN_GROUP16_SHA512
  • DIFFIE_HELLMAN_GROUP17_SHA512
  • DIFFIE_HELLMAN_GROUP18_SHA512
  • DIFFIE_HELLMAN_GROUP_EXCHANGE_SHA1
  • DIFFIE_HELLMAN_GROUP_EXCHANGE_SHA256
  • ECDH_SHA2_NISTP256
  • ECDH_SHA2_NISTP384
  • ECDH_SHA2_NISTP521
  • CURVE25519_SHA256
  • CURVE25519_SHA256_LIBSSH_ORG
  • ECDA-SHA2-NISTP256
DMZ mode
NONE (default)No session proxying through DMZ Gateway applied.
PORT_FORWARDINGIncoming/Outgoing connections to/from STENG server will be proxied inside an SSL tunnel without being validated in advance.
DMZ PROXY PORT *: This port represents the tunnel that is opened for connection with the STENG Server.
SERVER KEYLABEL: Select the label of private key to be used by the SFTP server exposed in the DMZ Gateway.
CLIENT AUTHENTICATION MODES: This field refers to the SSH client authentication mechanism. Possible values:
PUBLICKEY
PASSWORD
PASSWORD_AND_PUBLICKEY
PASSWORD_OR_PUBLICKEY

MAC ALGORITHMS: Possible values:
HMAC_MD5
HMAC_SHA1
HMAC_MD5_96
HMAC_SHA1_96
HMAC_SHA256
HMAC_SHA2_256
HMAC_SHA2_512

KEY EXCHANGE ALGORITHMS: Possible values:
DIFFIE_HELLMAN_GROUP1_SHA1
DIFFIE_HELLMAN_GROUP14_SHA1
DIFFIE_HELLMAN_GROUP14_SHA256
DIFFIE_HELLMAN_GROUP15_SHA512
DIFFIE_HELLMAN_GROUP16_SHA512
DIFFIE_HELLMAN_GROUP17_SHA512
DIFFIE_HELLMAN_GROUP18_SHA512
DIFFIE_HELLMAN_GROUP_EXCHANGE_SHA1
DIFFIE_HELLMAN_GROUP_EXCHANGE_SHA256
ECDH_SHA2_NISTP256
ECDH_SHA2_NISTP384
ECDH_SHA2_NISTP521

ACCEPTED CIPHER SUITES: It lists SSL/TLS cipher suites available in the SFTP server and exposed in the DMZ Gateway. Select the cipherSuites accepted. For a list of all accepted Cipher Suites, follow this link.
SESSION_TERMINATIONThe server session will be terminated inside the DMZ Gateway, before data is sent to STENG server.
DMZ PROXY PORT *: This port represents the tunnel that is opened for connection with the STENG Server.

SERVER PORT *: Enter the DMZ server port to be used for the connection.

SERVER KEYLABEL: Select the label of private key to be used by the SFTP server exposed in the DMZ Gateway.

CLIENT AUTHENTICATION MODES: This field refers to the SSH client authentication mechanism. Possible values:
PUBLICKEY
PASSWORD
PASSWORD_AND_PUBLICKEY
PASSWORD_OR_PUBLICKEY

ACCEPTED CIPHER SUITES: It lists SSL/TLS cipher suites available in the SFTP server and exposed in the DMZ Gateway. Select the cipherSuites accepted. For a list of all accepted Cipher Suites, follow this link.

MAC ALGORITHMS: Possible values:
HMAC_MD5
HMAC_SHA1
HMAC_MD5_96
HMAC_SHA1_96
HMAC_SHA256
HMAC_SHA2_256
HMAC_SHA2_512

KEY EXCHANGE ALGORITHMS: Possible values:
DIFFIE_HELLMAN_GROUP1_SHA1
DIFFIE_HELLMAN_GROUP14_SHA1
DIFFIE_HELLMAN_GROUP14_SHA256
DIFFIE_HELLMAN_GROUP15_SHA512
DIFFIE_HELLMAN_GROUP16_SHA512
DIFFIE_HELLMAN_GROUP17_SHA512
DIFFIE_HELLMAN_GROUP18_SHA512
DIFFIE_HELLMAN_GROUP_EXCHANGE_SHA1
DIFFIE_HELLMAN_GROUP_EXCHANGE_SHA256
ECDH_SHA2_NISTP256
ECDH_SHA2_NISTP384
ECDH_SHA2_NISTP521

ACCEPTED CIPHER SUITES: It lists SSL/TLS cipher suites available in the SFTP server and exposed in the DMZ Gateway. Select the cipherSuites accepted. For a list of all accepted Cipher Suites, follow this link.
{% hint style="info" %} The rsa-sha2-256 and rsa-sha2-512 signing algorithms (also called HostKeyAlgorithms) are included in the list of supported ssh-rsa and ssh-dss algorithms.\ They are hard-coded, so they cannot be configured. {% endhint %} To change any DMZ port of an SFTP server that belongs to a peer, select the server you want to update. Next, click the pencil icon in the top-right corner of the server card. Enter the new port or ports in the appropriate fields. Finally, click the **SAVE** button to confirm your changes. Remember that the new port number will only affect the peer's selected server. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.primeur.com/data-mover-1.21/transfer-protocols-and-connectors/server-connections/server-connection-sftp.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.