FileZilla Pro Enterprise Server: How to Configure SFTP

The SFTP Server configuration panel contains two tabs:

  • the Connection Security tab, where you can upload the host key or let the server generate one for you;
  • the Welcome message tab, that allows you to set up the welcome message.

To upload a host private key you need it in PEM (Privacy-Enhanced Mail) format.

If you don’t have yet a host private key you can create a key pair using tools like PuTTYgen.

To generate a key using PuTTYgen, select the desired key type and parameters in the bottom part of PuTTYgen. We recommend using Ed25519 from the EdDSA family of algorithms as it offers both a good level of security as well as good performance.

Click on the Generate button and move the mouse until the progress bar is full.

PuTTYgen has now generated the key pair.

Note: Keep note of the host public key SHA256 fingerprint, you need to communicate it to the users through a trusted channel, so that they can check the host public key at their first connection.

Now you have to export the private key in PEM format. Select Export OpenSSH key (force new file format) from the Conversion top down menu and save it with the .pem file name extension.

PuTTYgen will ask you to confirm you want to save the key without a passphrase to protect it, confirm the choice by pressing the Yes button.

To upload the private key in FileZilla Pro Enterprise Server go to Protocol settings > SFTP (SSH) and select Provide a host key from the Server host key top-down menu.

In the Private key file field enter the full local path of the private key file. Make sure that only the account under which the server runs has access rights to such a file.

Click the Apply button, if everything is correct FileZilla Pro Enterprise Server will update the Information about the host key fields accordingly.

SFTP host key validation is designed to protect against man-in-the-middle attacks. Host key valida tion ensures the FTP server that a client is connecting to is the right one. When the client connects to the SFTP server for the first time, the server’s host key fingerprint is displayed and the client is prompted to accept the host key. Before accepting the key the user of the SFTP client must check if the fingerprint matches the one provided by the server’s administrators through a secure channel.

Once accepted, this key will be stored within the client, which will then be used to check if the Host key matches each time it connects to the SFTP server.

You might consider using the welcome message to remind the user about the importance of the host key validation process.

The video tutorial below shows how to configure FileZilla Pro Enterprise Server to authenticate SFTP users using Public Key Authentication.

Video tutorial:How to set up SFTP Public Key Authentication with FileZilla Pro Enterprise Server

Tags: , ,