Document title ICE MFT (SFTP SERVER) KEYBOARD-INTERACTIVE MODE REQUIREMENT Version 1.0 Date 1 Sep 2014 © 2013 IntercontinentalExchange Group, Inc. The information and materials contained in this document - including text, graphics, links or other items - are provided "as is" and "as available." ICE and its subsidiaries do not warrant the accuracy, adequacy or completeness of this information and materials and expressly disclaims liability for errors or omissions in this information and materials. This document is provided for information purposes only and in no way constitutes investment advice or a solicitation to purchase investments or market data or otherwise engage in any investment activity. No warranty of any kind, implied, express or statutory, is given in conjunction with the information and materials. The information in this document is liable to change and ICE undertakes no duty to update such information. You should not rely on any information contained in this document without first checking that it is correct and up to date. The content of this document is proprietary to ICE in every respect and is protected by copyright. No part of this material may be copied, photocopied or duplicated in any form by any means or redistributed without the prior written consent of ICE. All third party trademarks are owned by their respective owners and are used with permission. This material may contain forward-looking statements that are based on current beliefs and expectations, are subject to significant risks and uncertainties, and which may differ from actual results. ICE MFT Server Keyboard-Interactive Setup Guide ICE now requires the use of “keyboard-interactive” mode for all MFT non service user accounts. With increased security risks, ICE has changed it’s policy for MFT user accounts. All nonservice user accounts will require the use of “keyboard interactive” mode when connecting to MFT via an ftp (SFTP) client. This will allow ICE to enforce a more stringent password policy. As a sftp client user you will be prompted to change your password every 60 days. The password complexity will require a minimum of 8 characters and include 3 of the following options: 1. 2. 3. 4. Upper Case Lower Case Number Special Character such as (!@#....etc) You will also not be allowed to use the 5 previously used passwords. ICE MFT Server Keyboard-Interactive Setup Guide MFT Attempt keyboard-interactive authentication The SSH-2 equivalent of TIS authentication is called ‘keyboard-interactive’. It is a flexible authentication method using an arbitrary sequence of requests and responses; so it is not only useful for challenge/response mechanisms such as S/Key, but it can also be used for (for example) asking the user for a new password when the old one has expired.1) WinSCP leaves this option enabled by default, but supplies a switch to turn it off in case you should have trouble with it. If your server uses keyboard-interactive authentication to ask for your password only, and you wish to allow WinSCP to reply with password entered on Login dialog, tick Respond with password to the first prompt. Keyboard Interactive For keyboard-interactive, TIS or Cryptocard authentication methods the server can issue its own prompt. Most of the servers use keyboard-interactive authentication just as a different method for getting the account password; for this reason, WinSCP by default responds to the first keyboardinteractive prompt with the password entered on the Login dialog (if any). To disable this behavior unset the keyboard-interactive authentication option Respond with password to the first prompt. The server may also issue multiple prompts at once. Some servers will use such prompt to request a password change. The prompt may also include instructions only, with no inputs expected, as a form of announcement – for example, to announce an expiring password. ICE MFT Server Keyboard-Interactive Setup Guide To setup WinSCP for using “Keyboard-Interactive” mode, please use the following steps. A. If you have an account already setup. 1. Make sure the “Advanced options” checkbox is checked. 2. In the SSH section, click on “Authentication” 3. Make sure that “Attempt “keyboard-interactive” authentication (SSH-2) and Respond with password to first prompt are both checked. 4. Click Save 5. Now try to login using the new settings B. To create a WinSCP session using an account you were provided by ICE. ICE MFT Server Keyboard-Interactive Setup Guide 1. Click the New button the right. 2. Enter mft.euclearing.theice.com or the IP address (220.127.116.11). Some companies use a Proxy or NAT to connect to MFT. You will need to contact your IT department for that information 3. Enter the ICE provided user name. It is NOT recommended to enter the password 4. Make sure the “Advanced options” checkbox is checked. 5. In the SSH section, click on “Authentication” 6. Make sure that “Attempt “keyboard-interactive” authentication (SSH-2) and Respond with password to first prompt are both checked. 7. Click Save 8. Now try to login using the new settings ICE MFT Server Keyboard-Interactive Setup Guide To setup FileZilla for using “Interactive” mode, please use the following steps. A. If you have an account already setup. 1. Simply change the Logon Type to “Interactive” and then click “OK”. 2. Each time you connect, you will be prompted for a password. B. To create a FileZilla session using an account you were provided by ICE. ICE MFT Server Keyboard-Interactive Setup Guide 3. Click the New button below the “My Sites” window. 4. For “Host:”, enter mft.euclearing.theice.com or the IP address (18.104.22.168). Some companies use a Proxy or NAT to connect to MFT. You will need to contact your IT department for that information 5. Change the “Protocol:” to “SFTP – SSH File Transfer Protocol”. Make sure also placed 22 in the “Port:” box. 6. Choose “Interactive” for “Logon Type:” 7. Enter the ICE provided user name. 8. Click “OK” 9. Each time you connect, you will be prompted for a password.