SFTP-Server: Hostkeys and Advanced Security Settings
Multiple host keys in one folder
If a folder is specified as the key path in the communication profile, several host keys can be used simultaneously. Exactly one host key can be used for each algorithm. If several host keys match an algorithm, the last host key loaded is used.
The hostkeys can also be created using external tools. An attempt is made to load each file when the server is started.
The specified folder must already exist, otherwise a file will be created.
Advanced security settings
The server can be further customised via ‘Advanced security settings’ in the context menu.
Host keys that are to be created automatically can be activated. The hostkeys are not created until the first connection is established. This setting does not deactivate the hostkeys that have already been created, i.e. saved hostkeys are always loaded.
After ticking the ‘Active’ box, supported algorithms can be deactivated or their order changed.
Description of the host key algorithms
Name | Algorithm | Default value / key size |
|---|---|---|
ssh-rsa | RSA | 2048 Bit |
ssh-dss | DSA | 1024 Bit |
EC | elliptic curve | ecdsa-sha2-nistp256 |
EDDSA | Specific elliptic eurve | ed25519 |
Single key file
The algorithm is selected via the file /home/ieffect/FTPSERVER/config.properties
sftp.server.algorithm=<algorithm>
sftp.server.algorithm.<server-profile>=<algorithm>If nothing specified RSA will be used.
The first line configures an algorithm for all SFTP servers.
The second line configures an algorithm for a single SFTP server which is determined by specifying the communication profile <server-profile>.
Possible values for <algorithm> | Used algorithm |
|---|---|
EC | EC |
DSA | ssh-dss / DSA |
RSA | ssh-rsa / RSA |
EDDSA25519 | EDDSA |
For the key size or the exact algorithm, see “Description of the host key algorithms”.