The video tutorial below shows how to configure FileZilla Pro Enterprise Server to authenticate SFTP users using Public Key Authentication.In this knowledge base article are listed the steps which should be completed to establish an SFTP connection to your hosting account with the FileZilla FTP client: You might consider using the welcome message to remind the user about the importance of the host key validation process. Once accepted, this key will be stored within the client, which will then be used to check if the Host key matches each time it connects to the SFTP server. Before accepting the key the user of the SFTP client must check if the fingerprint matches the one provided by the server’s administrators through a secure channel. When the client connects to the SFTP server for the first time, the server’s host key fingerprint is displayed and the client is prompted to accept the host key. Host key valida tion ensures the FTP server that a client is connecting to is the right one. SFTP host key validation is designed to protect against man-in-the-middle attacks.
Make sure that only the account under which the server runs has access rights to such a file.Ĭlick the Apply button, if everything is correct FileZilla Pro Enterprise Server will update the Information about the host key fields accordingly. In the Private key file field enter the full local path of the private key file. To upload the private key in FileZilla Pro Enterprise Server go to Protocol settings > SFTP (SSH) and select Provide a host key from the Server host key top-down menu. PuTTYgen will ask you to confirm you want to save the key without a passphrase to protect it, confirm the choice by pressing the Yes button. Select Export OpenSSH key (force new file format) from the Conversion top down menu and save it with the.
Now you have to export the private key in PEM format. Note: Keep note of the host public key SHA256 fingerprint, you need to communicate it to the users through a trusted channel, so that they can check the host public key at their first connection. We recommend using Ed25519 from the EdDSA family of algorithms as it offers both a good level of security as well as good performance.Ĭlick on the Generate button and move the mouse until the progress bar is full.
To generate a key using PuTTYgen, select the desired key type and parameters in the bottom part of PuTTYgen. If you don’t have yet a host private key you can create a key pair using tools like PuTTYgen. To upload a host private key you need it in PEM (Privacy-Enhanced Mail) format.
0 kommentar(er)
