Setup CrushFTP SFTP with ECDSA Support


This document shows how to properly configure ECDSA support for SFTP on a CrushFTP server. This is needed for VMware NSX-T backups to properly function.
----
!Create ECDSA Key
You will need to use cmd to generate the ssh_host_ecdsa_key. This does require you use Windows 2019 as the underlying OS for CrushFTP since Windows 2019 includes the ssh-keygen commands built in. If you are not able to use Windows 2019, you may wish to install the OpenSSH application on your Windows Server to gain access to the ssh-keygen utility. [https://github.com/PowerShell/Win32-OpenSSH/wiki/Install-Win32-OpenSSH]


__Steps to Create ECDSA Key files__\\

1. Open Command Prompt as Administrator\\
2. Run Below commands to generate key files:
cd D:\Program Files\CrushFTP
D:
ssh-keygen -A
ssh-keygen -t ecdsa -f ssh_host_ecdsa_key -N ""

__Output:__

%%prettify 
{{{
Generating public/private ecdsa key pair.
Your identification has been saved in ssh_host_ecdsa_key.
Your public key has been saved in ssh_host_ecdsa_key.pub.
The key fingerprint is:
SHA256:uoSFybTIOdocoYO69ew/o58ULcKnvRCRJgDNThGYF14 contso\username@server-name
The key's randomart image is:

+---[ECDSA 256]---+
|+==oo.E          |
| .+o o           |
| oo *            |
|.o.X = .         |
|+ * O = S        |
|.= o O +         |
|o + + =          |
| o o +o+         |
|.  .=+*o         |
+----[SHA256]-----+

}}}
/%


----
!Modify CrushFTP SFTP Settings
You will need open the CrushFTP Admin interface to change the SFTP configuration to correctly configure ECDSA support.

1.	Login to CrushFTP HTTPS interface with admin\\
2.	Click on > Admin > Preferences > and select the SFTP interface you wish to modify\\
3.	Click on the SSH Tab, and edit the Server Host Key (DSA): ./ssh_host_ecdsa_key\\
[attachments|ecdsa.png]\\
4.	Click on Save\\
5.	Test the connection with Filezilla or WinSCP\\