SFTP (SSH) Host Key

---

SFTP (and its underlying protocol) SSH have a concept of Host Keys, which is a way for clients to confirm using secure cryptography that they are connecting to the correct server (host).

Ordinarily in SSH, each host will use a unique host key that is generated by and associated with each host.

However, in a business-to-business service such as SFTP, it is best to use one single host key persistently over time so clients always recognize the service when connecting.

Files.com makes use of a 4096-bit RSA SSH host key. The host key itself (in OpenSSH format) as well as fingerprints in 3 different formats are provided below. Use whichever format is required by your SFTP app.

OpenSSH host key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCD+pdvc7zeWkcDuyo4k7fca+BVqSSnbGteq2fcquo+jbN9rXySnlbHyAZsxwXIxn/TMWFQCgD619TbdMQ2F4x0tC/UfrNiF0tCQ0UZNlOuQz6G2a0QBzMRgeugGqbFOHHQTaOcgMJoW0ai8vbpHlGMybqcjQg+MWC8fNl4WcX9Ruze713WhcTIbrA4P7iqlyjFkiaQMX642mO0/RboME/4TdyNg7w0bxJaLifiIGtStZ5cRWSW8nxr/PEdQPeSg/2HshyUFJx6GD7ej3NeFsDuYCYFdBXGpZ/Tp6i2mIC/NoVO+3Hz7Pw6JA+H3tEy8U9zqSwPk9RIGlKoWTtZvo9xcBwCFIPyMymU83gfioZYZN4uK196oX/2sspMUIOTUlA4eeIdmbDbK0w1QYGr1bOk/5bKgxybDx4m7FsY3NDylZKDmS1SMVPg1C/GYVdpheOHZpzH5f8qT34ZRFGmktIhRqD+cSiNdcDMDebRBeFG/mCIVSNnoEiDKjKqH/+dpdiJHlTDSH1QCg/d+HSX4eEVG0AudIeSELjaJg2V0kVbk9gF28G0BzQ6NxGm9d7hZD61BfjcuxgRr1bqx6uEip0WrNTinNEIleB1L6M5BUapeICBe+F0Kte+qBYrVENWJoai9V9l/IuBvYWIWkMf0MsuGeiQi2IOvEMfwrD9jBlWqw==

SHA256 fingerprint: JvS7SrgY9QfsC2otdG0TGo0aWcvvieGg1R2Vx8/5VSw

SHA1 fingerprint: go2g72JG1emRzP54QtFmFrE0DTg

SHA1 hex digest: 82:8d:a0:ef:62:46:d5:e9:91:cc:fe:78:42:d1:66:16:b1:34:0d:38

MD5 fingerprint: 79:e1:fc:1c:8d:d7:95:25:84:c5:70:16:4d:07:e0:c5

Please refer to the documentation for your specific SFTP client for exact details about how to use a host key fingerprint.

For example, WinSCP provides host key fingerprint capability via its -hostkey option. When using the WinSCP command line, you can specify:

-hostkey="ssh-rsa 4096 JvS7SrgY9QfsC2otdG0TGo0aWcvvieGg1R2Vx8/5VSw"

When using the WinSCP Script Command option, you can specify:

open sftp://user:XXXXX@[subdomain].files.com -timeout=30 -privatekey=C:\path\to\my-private.key -hostkey="ssh-rsa 4096 JvS7SrgY9QfsC2otdG0TGo0aWcvvieGg1R2Vx8/5VSw"

For sites configured to use the ExaVault host key, use the appropriate format listed here for your SFTP client to check the host key.

OpenSSH Host key ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDk7ZSzE4vqFaZoLCpErMNFz81iT+EIXifOT+TYwPozcq16lOWUAa2EyG/xSAK5l5otYG8fdTt8H8HeDYKaxWo4vQ2bLNuiVUlGTUAUxjxhAZGJzed/gfID/RnOStnabZIT9ElOObv5U0ZKgDrvsbjbB8Y51XxfwaqqXtIq/WIIstpX4sjTOpM3YmuY8OLbd/p0SQcjTg5PFlIgQuRX8hOo811lQzbp9t2QsUEhMcKGAPsRCM/nbn3p8/JD0nc3PtjKolrLfsBaR9aDwkV/b9SprpcBXrVvmHIhg5qjt88r7QW0f8MJiYkuQsG80g7VtlKf+OUGTR93+hNrXSmZp5F3

SHA256 fingerprint: BafxoY7Md78+Iwj2Chcv/kRIO2ZH2EpNuL5H42WiDJY

SHA1 fingerprint: KfsbIcTkzl5tFqH30AqNHeJDq2s

SHA1 hex digest: 29:fb:1b:21:c4:e4:ce:5e:6d:16:a1:f7:d0:0a:8d:1d:e2:43:ab:6b

MD5 fingerprint: 0e:ce:3e:a2:be:7e:45:1f:0b:dd:c5:41:e0:96:c9:b7

When migrating SFTP services from another vendor or an on-premise situation to Files.com, it is desirable to continue use of any existing host key that may already be in use.

Files.com provides the ability to customize your SFTP host key, so that migrating existing SFTP services to the Files.com platform is smooth.

To configure your SFTP host key, type "SFTP Host key" in the search box at the top of every page and then click on the matching result. Scroll down to locate the setting labelled SFTP Host Key.

The available options are:

• Use Files.com host key (default)
• Use ExaVault host key
• Use SmartFile host key
• Use a custom host key

The Use Files.com host key option uses the Files.com SFTP host key described above. This is the default.

ExaVault is another Managed File Transfer service that was acquired by Files.com in 2021. The Use ExaVault host key option uses the ExaVault SFTP host key and is provided for customers who have migrated from the ExaVault platform to the Files.com platform.

As of mid-2023, the ExaVault host key was only available in our USA region, but we expect to bring the ExaVault host key to all regions very soon.

SmartFile is another Managed File Transfer service that was acquired by Files.com in 2023. The Use SmartFile host key option uses the SmartFile SFTP host key and is provided for customers who have migrated from the SmartFile platform to the Files.com platform.

The Use a custom host key option allows you to import your own SFTP host key and is provided for customers who are migrating from other SFTP services, such as on premises solutions, to the Files.com platform.

We recommend using the Files.com host key unless you have a business reason to choose another option.

Host keys must be generated securely and securely protected on the server side in order to fulfill their intended function, which is authentication of the server and protection against connection interception.

The Files.com Host Key was securely generated in a key signing ceremony in 2010 and has been securely protected on the Files.com network since its original generation. We are not aware of any security concerns related to the Files.com host key.

Files.com acquired ExaVault in 2021. We are not aware of any specific concerns related to the ExaVault host key, but we don't have enough information to guarantee that it was generated or stored securely prior to our acquisition.

Files.com acquired SmartFile in 2023. We are not aware of any specific concerns related to the SmartFile host key, but we don't have enough information to guarantee that it was generated or stored securely prior to our acquisition.

When importing a Custom Host Key from another vendor, you must take care to ensure that the other vendor has destroyed any copies of the host key after you have discontinued service at that vendor.

To use a custom host key, select the Use a custom host key option.

Enter a name for this host key. This should be something descriptive that informs you of the key's origin.

Paste the host key text into the text box.

Click the Save button.

Once saved, the SFTP host key will take effect within 5 minutes.

You can also view the fingerprint of an imported SFTP host key by returning to the Use a custom host key option. The SHA256 and MD5 fingerprints of the current imported SFTP host key will be shown, allowing you to verify its integrity. You can replace the imported SFTP host key by selecting the Replace host key link and entering the text of the replacement SFTP host key.

Custom SFTP host keys should be in PEM format.

Files.com supports the following SFTP host key types:

• RSA
• DSA
• ECDSA
• ed25519

RSA type host keys in PEM format will begin with -----BEGIN RSA PRIVATE KEY----- and end with -----END RSA PRIVATE KEY-----.

DSA type host keys in PEM format will begin with -----BEGIN DSA PRIVATE KEY----- and end with -----END DSA PRIVATE KEY-----.

ECDSA type host keys in PEM format will begin with -----BEGIN EC PRIVATE KEY----- and end with -----END EC PRIVATE KEY-----.

ed25519 type host keys in PEM format will begin with -----BEGIN OPENSSH PRIVATE KEY----- and end with -----END OPENSSH PRIVATE KEY-----.