Process and general protocol requirements

Work with your local IT personnel to ensure your data logger and network settings meet all specified requirements, including server settings, correct protocols and protocol versions, port numbers, and server cipher suites.

FTP

Basic FTP authentication usually requires a username and password.

There are two FTP connection modes, active and passive. In Active mode, the server actively initiates the connection and sends commands over port 21. Data is transferred over port 20.

In Passive mode, both the command connection and the data connection are established by the client on port 21. Passive mode is more common than Active mode.

See Verifying FTPClient() options for more information on the setting that determines whether the data logger operates in active or passive mode.

SFTP

The transaction starts with the server sending its banner. The data logger then tells the server what host key types, authentication methods, and other information it can accept. Regardless of authentication method, the data logger must then accept the host key of the server. If the server does not have a host key, it will generate one and send it to the data logger. If the host key type is supported, the data logger will accept the host key without question. After that the two will authenticate using key authentication. If the server does not offer key authentication or the data logger has missing, or incomplete keys then the data logger will attempt password authentication.

Ports: SFTP uses port 22 (SSH) for everything.

Authentication

Public key and password authentication are supported by SFTP.

Public key authentication: Requires a private and public key on the data logger. The public key is the same one that is on your server. Before client authentication takes place, the client (data logger) will be prompted by the SFTP server to validate the server public key when establishing a connection. The stack we are using in the data logger does not derive the public key from the private key. So, for this process to work, the data logger needs the public key. Obtain private and public keys from your IT department.

Password authentication: The server authenticates the client using a username and password from your data logger.

SFTP key file requirements

File type: PEM formatted key files

Maximum key file size: 4 KB public, 4 KB private

Key exchange methods: diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1, diffie-hellman-group-exchange-sha256

Host key types: ssh-rsa, ssh-dss

Supported ciphers: aes256-ctr, aes192-ctr, aes128-ctr, aes256-cbc, aes192-cbc, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, arcfour, arcfour128, none

Encrypted keys or keys with a passphrase are not currently supported.

See the blog article at https://www.campbellsci.com/blog/generate-sftp-keys-easily  for information on generating compatible SFTP private and public keys for your data logger and server.

FTPS

FTPS operates similarly to basic FTP when FTP runs over an encrypted TLS connection. Your server will be configured to use one of two methods of encryption:

Explicit encryption: Port 21 is used to establish encryption.

Implicit encryption: Port 990 is used. Specify the port :990 in the address field of FTPClient(). Otherwise, the data logger will attempt to perform the transaction using port 21.

Either Passive or Active mode is used for transfer. In Passive mode, a random port over 45000 will be opened for the actual data session. Ensure those ports/ranges can pass through your firewall. Passive or Active mode can be selected on your data logger using FTPClient() PutGetOption. See Verifying FTPClient() options.

TLS versions supported: 1.2. Versions 1.0 and 1.1 have been deprecated after CR1000X OS 6.02 and CR6 OS 12.02.

The supported cipher suite list is very long. Most common suites are supported. Contact Campbell Scientific for more information.