Buru SFTP Server features
Security
Enterprise-grade security backed by 20+ years of expertise
SSH, SFTP and TLS/SSL subsystems are built on the top of our own commercial communication .NET libraries that are time-tested and continuously evolving.
- More than 20 years of active development.
- Used by 22% of Fortune 100 US companies.
- Used by more than 10 000 developers.
- Deployed on millions of devices.
This allows us to respond quickly and effectively to new threats and opportunities in the ever-changing online security landscape. For more details on Rebex .NET libraries, see Rebex Total Pack.
TLS/SSL
TLS and SSL is a cryptographic communication protocol that provides a way of securing protocols such as FTP or HTTP. Despite the name difference, TLS and SSL are different versions of the same protocol.
The server supports all modern and secure versions including TLS 1.3 and 1.2..The list of supported extensions includes:
- Renegotiation Indication Extension (RFC 5746), which increases resistance against attacker trying to hijack TLS/SSL connection during renegotiation in some scenarios.
Documentation links:
- https://www.rebex.net/doc/buru-sftp-server/features/ftp/
- https://www.rebex.net/doc/buru-sftp-server/web-administration/https/
SSH security
SSH is a secure communication protocol that provides secure communication for transferring files over SFTP, running commands remotely over the SSH shell, or operating secure SSH tunnels. See also SSH protocol section.
SSH algorithms security levels
You can set the security level of your transmissions to suit your specific needs. Buru allows you to specify allowed key exchange, host key, encryption, and message authentication checking (MAC) algorithms:
Secure only
Only the best. Older client applications may have compatibility issues.
Examples: edcsa-sha2-nist521, ssh-ed25519, rsa-sha-256, aes256-ctr, aes256-gcm@openssh.com.
Best compatibility
Still quite secure, but makes it possible for older clients to connect as well. This is the default setting.
Examples: ssh-rsa, ssh-dss, aes256-cbc, twofish-cbc, diffie-hellman-group14-sha256.
All (not recommended)
We understand that sometimes you have no choice but to support even the oldest legacy client applications and you can take care of the transport path security in other ways. That's why we support this mode as well. However, we definitely do not recommend running anything connected to the Internet or containing sensitive data in this mode. Use only at your own risk.
Examples: arcfour, blowfish-ctr, hmac-md5, diffie-hellman-group1-sha1
Fine-tuning in configuration file
If you are not satisfied with any of the predefined levels, you can enable or disable specific algorithms in the configuration file.
See list of all supported security algorithms.
Certificates
X.509 certificates are used for securing TLS/SSL connections, such as FTPS and HTTPS. X.509 certificates are supported in SSH as well.
Supported formats:
- PKCS #12 (.pfx, .p12)
- DER-encoded X.509 (.cer, .crt, .der, .pem)
Account lockout
If too many unsuccessful login attempts are made, the user account will be temporarily locked.
User accounts will unlock themselves after a certain period of time. You can also unlock them manually.
See also:
IP blacklists and whitelists
Specify remote IP addresses or network ranges that are allowed to or prohibited from connecting to the server. You can specify:
- single address, such as 192.168.1.1 or 2001:db8::1
- address range, such as 192.168.1.1-192.168.1.255 or
- CIDR notation, such as 192.168.66.12/24
Buru Server Features
Join these companies and individuals who are already using Rebex software:
Customers
What next?
Non-commercial use
Get a free non-commercial license. It includes most of the features of Professional edition.
Get free licenseCommercial use
If you use the server for anything related to business or commercial use you have to purchase a license.
Sales contact
sales@rebex.net
Get help
The server is completely free for personal, academy and other non-commercial use.