The list of paths to trusted SSH key files controls the public / private key authentication that SFTP allows for. If set, we will assume the user will attempt SSH public key based authentication, if no password is supplied at login time. In real-life use case the client end generates the key pair, supplies server side
the public key that the server admin will apply on their user account. Server side has no knowledge of the matching private key, that would be the end client's own secret.

Allowed values for the input field:

. a single or multiple file paths pointing to individual public key files, like /c:/sshkeys/ This option is to be used when setting up individual user accounts with SSH public keys

. a directory path pointing to a directory that contains the user public keys, the key files inside must have their filename stem part matching the user name, we then load these automatically. This option is to be used when assigning the setting by inheritance on the default user, local group template
accounts or LDAP plugin Role template or any integration plugin's global template. For example, a domain user named johndoe@intranet.local will associate with a key file named (part of user name and key file name stem matches from left to right starting with the
leftmost character)

. the content of the public key file itself

Supported key file type and format:

The key file container must be plain text with PEM encoded SSH public key in SSHv2, or putty format. The older SSHv1 format is not supported.

Supported SSH key algorithms in CrushFTP v10 are SSH2-RSA, DSA (obsolete), ECDSA and ED25519. The older SSH1 RSA algorithm is not supported.

Key size: For RSA keys, the minimum size is 1024 bits and the default is 2048 bits . Generally, 2048 bits is considered sufficient, though these can be as large as 8192 bits (slow). DSA keys must be exactly 1024 bits as specified by FIPS 186-2. For ECDSA keys either 256, 384 or 521 bits. Ed25519 keys have a fixed length.

Require public key and password for authentication:#

This option will enforce two factor private key + password authentication for SFTP.

Generating the key pair:#

OS X or Linux

Generate a key pair by issuing this command in a Terminal window:
ssh-keygen -b 2048 -t rsa -N "" -f /somefolderpath/johndoe.key

Take the resulting public key and point CrushFTP to it as described above.


Windows PowerShell now includes an openSSH stack, can use the same ssh-keygen tool as above.

If you are unsure of how to generate a public / private key pair for your SFTP client, you may want to take a look at puttygen for Windows to generate the keys.

CrushFTP can use the public key file you generate.

Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
ssh_keys.png 20.1 kB 2 29-Dec-2020 05:25 Ben Spink
ssh_keys1.jpg 143.3 kB 1 09-Aug-2021 13:18 Ada Csaba
ssh_keys2.jpg 178.0 kB 1 09-Aug-2021 14:19 Ada Csaba
« This page (revision-14) was last changed on 09-Aug-2021 14:28 by Ada Csaba
G’day (anonymous guest)
CrushFTP10 | What's New
JSPWiki v2.8.2