The SFTP Server configuration panel contains two tabs: Connection Security tab, where you can upload the host key or let the server generate one for you; the Welcome message tab, that allows you to set up the welcome message.
To upload a private host key you need it in PEM (Privacy-Enhanced Mail) format.
To create or add a host key go to Protocol settings › SFTP (SSH) and click on the Add button.
You can either add an existing key – that you might have created using tools like PuTTYgen, in which case we recommend using Ed25519 from the EdDSA family of algorithms as it offers both a good level of security as well as good performance – or let FileZilla Pro Enterprise Server generates one or more for you.
If you want FileZilla Pro Enterprise Server to generate the keys, you have to select one or more types of keys.
If you try to create host keys whose type already exists, FileZilla Pro Enterprise Server will ask you if you want to confirm or abort the operation. If you confirm, the new key will replace the existing one.
Note: Keep note of the SHA256 fingerprints of the public host keys. You need to communicate them to the users through a trusted channel, so that they can check the public host keys at their first connection.
To upload the private host key in FileZilla Pro Enterprise Server go to Protocol settings > SFTP (SSH) and select Provide a host key from the Server host key top-down menu.
In the Private key file field enter the full local path of the private key file. Make sure that only the account under which the server runs has access rights to such a file.
Click the Apply button, if everything is correct FileZilla Pro Enterprise Server will update the Information about the host key fields accordingly.
SFTP host key validation is designed to protect against man-in-the-middle attacks. Host key valida tion ensures the FTP server that a client is connecting to is the right one. When the client connects to the SFTP server for the first time, the server’s host key fingerprint is displayed and the client is prompted to accept the host key. Before accepting the key the user of the SFTP client must check if the fingerprint matches the one provided by the server’s administrators through a secure channel.
Once accepted, this key will be stored within the client, which will then be used to check if the host key matches each time it connects to the SFTP server.
You might consider using the welcome message to remind the user about the importance of the host key validation process.
The video tutorial below shows how to configure SFTP with FileZilla Pro Enterprise Server.