ice mft (sftp server) keyboard

Document title
ICE MFT (SFTP SERVER) KEYBOARD-INTERACTIVE MODE REQUIREMENT
Version
1.0
Date
1 Sep 2014
© 2013 IntercontinentalExchange Group, Inc. The information and materials contained in this document - including text,
graphics, links or other items - are provided "as is" and "as available." ICE and its subsidiaries do not warrant the accuracy,
adequacy or completeness of this information and materials and expressly disclaims liability for errors or omissions in this
information and materials. This document is provided for information purposes only and in no way constitutes investment
advice or a solicitation to purchase investments or market data or otherwise engage in any investment activity. No warranty of
any kind, implied, express or statutory, is given in conjunction with the information and materials. The information in this
document is liable to change and ICE undertakes no duty to update such information. You should not rely on any information
contained in this document without first checking that it is correct and up to date. The content of this document is proprietary
to ICE in every respect and is protected by copyright. No part of this material may be copied, photocopied or duplicated in any
form by any means or redistributed without the prior written consent of ICE. All third party trademarks are owned by their
respective owners and are used with permission. This material may contain forward-looking statements that are based on
current beliefs and expectations, are subject to significant risks and uncertainties, and which may differ from actual results.
ICE
MFT Server Keyboard-Interactive Setup Guide
ICE now requires the use of “keyboard-interactive” mode for all MFT non
service user accounts.
With increased security risks, ICE has changed it’s policy for MFT user accounts. All nonservice user accounts will require the use of “keyboard interactive” mode when connecting to
MFT via an ftp (SFTP) client. This will allow ICE to enforce a more stringent password policy.
As a sftp client user you will be prompted to change your password every 60 days. The
password complexity will require a minimum of 8 characters and include 3 of the following
options:
1.
2.
3.
4.
Upper Case
Lower Case
Number
Special Character such as (!@#....etc)
You will also not be allowed to use the 5 previously used passwords.
ICE
MFT Server Keyboard-Interactive Setup Guide
MFT
Attempt keyboard-interactive authentication
The SSH-2 equivalent of TIS authentication is called ‘keyboard-interactive’. It is a flexible
authentication method using an arbitrary sequence of requests and responses; so it is not only
useful for challenge/response mechanisms such as S/Key, but it can also be used for (for
example) asking the user for a new password when the old one has expired.1)
WinSCP leaves this option enabled by default, but supplies a switch to turn it off in case you
should have trouble with it. If your server uses keyboard-interactive authentication to ask for
your password only, and you wish to allow WinSCP to reply with password entered on Login
dialog, tick Respond with password to the first prompt.
Keyboard Interactive
For keyboard-interactive, TIS or Cryptocard authentication methods the server can issue its own
prompt. Most of the servers use keyboard-interactive authentication just as a different method for
getting the account password; for this reason, WinSCP by default responds to the first keyboardinteractive prompt with the password entered on the Login dialog (if any). To disable this
behavior unset the keyboard-interactive authentication option Respond with password to the first
prompt.
The server may also issue multiple prompts at once. Some servers will use such prompt to
request a password change.
The prompt may also include instructions only, with no inputs expected, as a form of
announcement – for example, to announce an expiring password.
ICE
MFT Server Keyboard-Interactive Setup Guide
To setup WinSCP for using “Keyboard-Interactive” mode, please use the following steps.
A.
If you have an account already setup.
1. Make sure the “Advanced options” checkbox is checked.
2. In the SSH section, click on “Authentication”
3. Make sure that “Attempt “keyboard-interactive” authentication (SSH-2) and Respond with
password to first prompt are both checked.
4. Click Save
5. Now try to login using the new settings
B. To create a WinSCP session using an account you were provided by ICE.
ICE
MFT Server Keyboard-Interactive Setup Guide
1. Click the New button the right.
2. Enter mft.euclearing.theice.com or the IP address (63.247.112.40). Some companies use a
Proxy or NAT to connect to MFT. You will need to contact your IT department for that
information
3. Enter the ICE provided user name. It is NOT recommended to enter the password
4. Make sure the “Advanced options” checkbox is checked.
5. In the SSH section, click on “Authentication”
6. Make sure that “Attempt “keyboard-interactive” authentication (SSH-2) and Respond with
password to first prompt are both checked.
7. Click Save
8. Now try to login using the new settings
ICE
MFT Server Keyboard-Interactive Setup Guide
To setup FileZilla for using “Interactive” mode, please use the following steps.
A.
If you have an account already setup.
1. Simply change the Logon Type to “Interactive” and then click “OK”.
2. Each time you connect, you will be prompted for a password.
B. To create a FileZilla session using an account you were provided by ICE.
ICE
MFT Server Keyboard-Interactive Setup Guide
3. Click the New button below the “My Sites” window.
4. For “Host:”, enter mft.euclearing.theice.com or the IP address (63.247.112.40). Some
companies use a Proxy or NAT to connect to MFT. You will need to contact your IT
department for that information
5. Change the “Protocol:” to “SFTP – SSH File Transfer Protocol”. Make sure also placed 22 in
the “Port:” box.
6. Choose “Interactive” for “Logon Type:”
7. Enter the ICE provided user name.
8. Click “OK”
9. Each time you connect, you will be prompted for a password.