Server Identity
The MFT version of Serv-U File Server 15.3.2 introduced an improved method of encrypting passwords using the concept of Server Identity. Prior to 15.3.2, passwords were encrypted using hard coded TEA - Tiny Encryption Algorithm - keys. Server Identity is a "secret object" comprising a unique, randomly generated 128-bit ID for the server (also known as the Server UID) and a Password Encryption Key. The Password Encryption Key is an encrypted value stored in protected storage (in a registry record on Windows and in a special file on Linux). On Windows, the decrypted Password Encryption Key is available only to the Serv-U Service account and only on the host where the Serv-U instance runs. Each time the server is required to encrypt or decrypt a third-party password, the server creates a decrypted copy of the Password Encryption Key, uses it to encrypt or decrypt the data, and then securely erases the copy.
When you install Serv-U 15.3.2 or later, on a clean host machine, the Server Identity is automatically generated. This attribute can be exported and saved as a password protected file for use with replicated instances of this server.
If you install Serv-U 15.3.2 or later, on a machine on which a server definition exists, you have the option to create a new Server Identity or import an existing Server Identity.
It is especially important to back up (export) a newly created Server Identity for recovery purposes. Ensure that an exported backup copy of the Server Identity is available each time before you perform the following types of maintenance work:
-
Transfer a Serv-U instance to another host or platform.
-
Change the account under which Serv-U Service runs.
-
Make a significant update to the version of the operating system used. For example, updating from Windows Server 2012 to Windows Server 2019.
-
Make changes to the operating system that may impact overall data integrity on the host.
Be sure to include the exported backup copy of Server Identity in the periodic automatic backup process if this is practiced.
Only Serv-U local administrators or fully privileged system administrators can export and import Server Identities.
For procedures see: