Currently Serv-U only supports a single SSH client key per user for strong authentication. Allowing multiple SSH keys for a single user would:
- Allow administrators and end users to replace (rotate) existing SSH keys in an orderly manner.
- When only a single key is allowed, administrators and end users must carefully coordinate the switch from one key to another. This often requires a live phone call or similar time-consuming operation.
- When multiple keys are allowed, clients may send in their public key at their leisure, admins may apply the public key and their leisure, and then clients may switch the client key they use to authenticate at their leisure. (Then, ideally, the admin would remove the original client key.)
- Allow multiple SSH clients to generate their own keys and share a common user account. While not a security best practice, it is nonetheless common for companies to design data collection or distribution schemes that allow multiple clients to access a single SFTP server account to upload files or download files. (For example, embedded Linux apps may "phone home" and post hourly status or log data to a common user account, though each client authenticates with a different client key.)
- Allow power users (often administrators) who have generated different SSH keys on different client machines to connect to SFTP from those various machines without the need to perform time-intensive key synchronization across multiple client machines.
