SSH keys

SSH key pairs allow an additional level of security that can be used in conjunction with the SFTP protocol.

 

Key pairs are typically created by the client, and then the resulting public key is used by Core FTP Server.

 

Core FTP products use the OpenSSH SSH2 format, that can be generated using Core FTP software, or via the ssh-keygen utility.

 

 

Core FTP client -- creating a key pair


Step 1: Advanced site settings -> ssh

 



Step 2: Entering key information

 



Step 3: Selecting private key into client site profile

 




ssh-keygen usage: (Unix/Linux)

rsa keys: ssh-keygen -t
dsa keys: ssh-keygen -t dsa


For Unix/Linux, dsa keys may be the preferred method due to better compatibility across operating systems.


Putty users using psftp need to export OpenSSH public keys using Puttygen

 



Entering public key into Core FTP Server


Once you have created a key pair, the public key file is then placed in a directory on the server that cannot be accessed by the client account.

Select the public key file in the Core FTP Server's user "security properties", in the "ssh pub cert" field.




A SSH key pair can be created on the server side from the above screen, but it is not recommended due to the security issues involved in sending the private key and it's password to the client. A public key being passed from a client to the server (administrator) is a much better option from a security standpoint.

 

 

Example of a public key (file contents): AAAAB3NzaC1yc2EAAAABIwAAAIEA153PICRN2+viqQ2570jEfUPcWgknD079wX/QtdF0lIbMaOYeMba9jf/qqmfuWYSybNmpSxMZiyjbKDvH+iZ/iT0MwrK9x19Zkjb8nXugWtOOJSwiHc48DSwMkLDdbVdG/BvstHbBquBdQNkJz+VDxFO+P3TcfYbIsvx+YFxnbLU=

or
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA153PICRN2+viqQ2570jEfUPcWgknD079wX/QtdF0lIbMaOYeMba9jf/qqmfuWYSybNmpSxMZiyjbKDvH+iZ/iT0MwrK9x19Zkjb8nXugWtOOJSwiHc48DSwMkLDdbVdG/BvstHbBquBdQNkJz+VDxFO+P3TcfYbIsvx+YFxnbLU=


The '=' character should be the last character in the public key. Multiple keys can be in one file, one per line. Begining characters identifying the key type at the beginning (rsa or dsa) are acceptable and read by Core FTP Server.

Keys should be in multibyte format.

 

 

Core FTP software utilizes SSH2 and greater versions of SSH...SSH1 is not supported

 

 

Core FTP Server Build 405 and greater supports RFC 4716 SSH formatted keys

 

 

 

ssh keys