SFTP host key validation is designed to protect against man-in-the-middle attacks. Host key validation ensures the server that a client is connecting to is the right one. When the client connects to the SFTP server for the first time, the server’s host key fingerprint is displayed and the client is prompted to accept the host key. Before
accepting the key the user of the SFTP client must check if the fingerprint matches the one provided by the
server’s administrators through a secure channel.
Once accepted, this key will be stored within the client, which will then be used to check if the host key matches
each time it connects to the SFTP server.
For the above reason it is essential to communicate the SHA256 fingerprints of the public host keys to users
through a trusted channel. This allows them to verify the public host keys during their initial connection.
Whether you provided a private key or generated new host keys using FileZilla Pro Enterprise Server, you can
obtain the public key by utilizing the export feature. Navigate to Protocol settings › SFTP (SSH) › Connection
Security tab, choose the keys you want to export, and click on the Export public key(s) button, selecting the preferred format.
Related Topic: