New SSH Key Pair creation
The MFT edition of Serv-U enables you to use SFTP over SSH2. The Secure Shell (SSH) protocol enables secure system administration and file transfers over insecure networks. SSH key pairs enable a client to connect to the server using the SFTP protocol. Two keys are generated by a SSH key generator:
- A private key,
<xxxxxx>.key
, that is held on the client computer - A public key
<xxxxxx>.pub
, that is held on the server
Both keys are required for a connection to be valid.
SSH key pair generation for users is provided by Serv-U for testing purposes only. Sharing private keys between more than one computer negates the security advantages of SSH Public Key Authentication. The SSH key pair should be generated on the client computer, and then the SSH public key should be sent to the server or server administrator.
The SSH Public Key Path
The public keys should be located in secured directories on the server. You can then refer to this in Serv-U using the public key path. This path can include the following macros:
%HOME%
|
The home directory of the user account. |
%USER%
|
The login ID, used if the public key will have the login ID as part of the file name. |
%DOMAIN_HOME%
|
The home directory of the domain, set in Domain Details > Settings, used if the keys are in a central folder relative to the domain home directory. |
Examples:
%HOME%\SSHpublic.pub
%HOME%\%USER%.pub
%DOMAIN_HOME%\SSHKeys\%USER%.pub
Add a public key for a user or a group
- A SSH key pair is created on the client computer using a utility such as PUTTYgen or openssh. You can use RSA or DSA keys.
- The public key is sent to the server administrator, the private key retained by the user or group.
Refer to the FTP client documentation for instructions on using the private key and SFTP.
- Copy the public key to the appropriate directory on the server.
- In Serv-U, navigate to the User Properties page for the client or the Group Properties page for a group.
- Click Manage Keys.
- Click Add Key.
- Enter a name to use for this key.
- Enter or navigate to the directory where the public key is located and select it. See above for the macros that can be used in this path.
- Click Save.
- The public key is added for this user or group.
Create a new SSH key pair for testing
- In Serv-U, navigate to the User Properties or Group Properties page as appropriate.
- Click Manage Keys.
- Click Create Key.
- Type the name of the key pair (for example, MyKey), which is also used to name the storage file.
- select an output directory of the certificate (for example,
C:\ProgramData\SolarWinds\Serv-U\
). - Select the key type (default of DSA is preferred, but RSA is available).
- Select the key length.
- Enter the password to use for securing the key file.
- Click Create.
Create multiple keys
For the purposes of public key authentication, you can associate multiple public keys with a user or group account.
To create multiple keys for an account:
- Click Manage Keys.
- Click Add Key, and then specify the key name and the key path.
When authenticating a client, Serv-U checks all the keys you provide here. If authenticating against one key fails, Serv-U proceeds to check the next key.
For optimal results, the following best practices are recommended:
- It is recommended that you do not create more than 100 keys per user account.
- If you have a large number of public keys, divide the keys between multiple users, and define the common user properties at group level.
- Avoid storing the public keys in a network path.