Using MIP with sFTP

In addition to using the MIP user interface to upload and download data, you can also use the MIP Secure File Transfer Server (SFTP).

Due to security concerns with Cipher Block Chaining (CBC) and MD5 encryption when using the SFTP server, the following CBC mode ciphers and MD5 MACs have been deprecated. You must check the SSH implementation you are using and confirm that it is not one of the deprecated algorithms listed below.

To avoid service interruptions, please update your ciphers and MACs as soon as possible.

Deprecated Ciphers and MACs
CBC Ciphers   MD5 MACs
aes128-cbc   hmac-md5
aes192-cbc   hmac-md5-96
aes256-cbc   hmac-md5-etm@openssh.com
blowfish-cbc   hmac-sha1-96
3des-cbc   hmac-sha2-256-96
3des-ctr   hmac-sha2-512-96
arcfour    
arcfour128    
arcfour256    

The table below indicates the preferred ciphers and MACs for use with the SFTP server. They are listed in order of preference.

Preferred Ciphers and MACs
CBC Ciphers   MD5 MACs
chacha20-poly1305@openssh.com   hmac-sha2-512-etm@openssh.com
aes256-gcm@openssh.com   hmac-sha2-256-etm@openssh.com
aes128-gcm@openssh.com   hmac-sha2-512
aes256-ctr   hmac-sha2-256
aes192-ctr    
aes128-ctr    

Configuring SFTP

Launch an SFTP client and configure it as follows:

For security reasons, the access token expires every 6 months. To ensure uninterrupted access to the MIP SFTP server, generate a new token and update your SFTP client every 6 months.

The RSA key fingerprint of the SFTP server is changed periodically. If you access the SFTP server programmatically, please make sure that your SFTP client handles this update gracefully. An SFTP client application may show a warning message similar to the following example: