The MOVEit Transfer SSH server provides both FTP over SSH and SCP2 services. SSH access is provided to the same underlying folder and file structure made available through the MOVEit Transfer SSH and Web Interface as well. SSH telnet access is NOT provided by this server.

Notable Features

MOVEit Transfer SSH runs as a standalone application (not part of IIS). Features include.

  • Reads / writes directly to the MOVEit Transfer secure file storage. Unencrypted data is never written to disk.
  • Uses secure communications via SSH encryption to encrypt usernames, passwords, directory listing, files and other data while in transit.
  • Uses MOVEit usernames and passwords. MOVEit IP restrictions are also supported.
  • Uses MOVEit logging to record signons, signoffs, uploads and downloads.
  • Runs as a Windows service named MOVEitDMZSSH. MOVEit Transfer SSH can also run as an ordinary desktop application; this capability is typically used for testing and troubleshooting.
  • Uploads and downloads files, with compatible clients, using compression to speed transfers.
  • Uses SSH compression for faster transfers, when used with clients that implement compression (nearly all do).
  • Can be bound to a specific IP address.

Typical SSH Environment

SSH is a secure transport protocol conceptually similar to TLS (SSL). Both protocols use public/private key cryptography to negotiate a shared key and symmetric encryption algorithm. This shared key is then used to encrypt succeeding data transfer. The main difference between the protocols is that SSL supports the concepts of "CA" and delegated trust, whereas SSH requires each endpoint to individually trust every other endpoint.

FTP over SSH is primarily associated with UNIX, whereas FTP over SSL is typically associated with Windows and mainframes.

SSL's ease of large-scale deployment is the reason why HTTP over SSL - HTTPS - is more popular than a (theoretical) "HTTP over SSH" protocol. SSH's ease of self-key-generation and configuration is the reason why telnet over SSH (typically also called just SSH) is more popular with router technicians and Unix server administrators than telnet over SSL. MOVEit Transfer takes advantage of both models by supporting both SSL and SSH.

For more information, see SSH Protocol Discussion.

Installation

MOVEit Transfer SSH is installed automatically with MOVEit Transfer.

The setup program for MOVEit Transfer provides the option of installing MOVEit Transfer SSH as a service. Normally, you will install the program as a service. However, you can instead run the program manually by choosing the Start menu shortcut RunMOVEit DMZ SSH manually after installation. In manual mode, MOVEit Transfer SSH displays a window containing two subwindows, one containing the status of the current connections and the other showing a scrolling list of messages.

Note: In order to generate the server public key, MOVEit Transfer SSH server requires write access to the directory into which it is installed, typically Program Files\MOVEit. This is automatically granted when the program is running as a service under the local system account, which is the default. However, when you run the program manually under a non-administrative account, the program may not have write access to the directory.

The MOVEit Transfer SSH window is normally not displayed when it is running as a service. However, you can cause it to be displayed by changing the service to allow it to interact with the desktop.

Note: On earlier versions of Windows, choose Start / Settings / Control Panel / Administrative Tools / Services, and choose the MOVEit Transfer SSH service. Right-click and choose Properties. Choose the Log On tab. Choose Allow service to interact with desktop. You will have to stop and restart the service for this change to take effect.

Directory Structure

The MOVEit Transfer SSH directory structure is the same as that which is visible through the web interface, except for those users who have the "Chroot" option enabled for their default folder. Those users will only be able to see the files and folders in and below their default folder and will not be able to navigate to folders outside their default folder. See the User Settings - Default Folder section of the Web Interface - Users - Profile documentation page for more details.

The initial directory upon sign-on depends on the user type. End users and group admins will be placed in their default folder (usually their home folder), while administrators will be placed in the root folder.

User type

Initial directory

SysAdmin

/

Administrator

/

FileAdmin

/

GroupAdmin

The GroupAdmin's home directory or a designated default folder

User

The User's home directory or a designated default folder

TempUser

N/A (not allowed to sign on to SSH)

A "dir" command shows only the folders to which the user is permitted access, so not all users will get the same results from a "dir".

Disabling the SSH Service

To disable the MOVEit Transfer SSH service you may use the Microsoft Services control panel to mark the MOVEit Transfer SSH service as disabled. The MOVEit Transfer "Check" utility (usually run after installations and upgrades) will automatically be aware if you have disabled the SSH service and will not try to check it in that situation.