How to Configure Serv-U for SFTP Access

Hi,

I am a windows System Administrator. 2 days back I got a ticket that user is unable to establish SFTP session from a unix server to Windows Serv-u 15.1.0. I checked on server and found SSH private key(For SFTP) mentioned on Global settings but the path mentioned for Private key was actually deleted by someone from C: Drive. So I removed that private key path & password and user said he can access now. Now my security team is asking whether that private key is really required or not. also when user connected for the first time after removing private key from windows Serv-U Application he got below Warning.

The authenticity of host ******.com (xxx.xxx.xxx.xxx) can't be established.

RSA key fingerprint is XX.XXXX.....................................

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added 'bitbucket.org,xxx.xxx.xxx.xxxx(RSA) to the list of

known hosts.

Please help me with below concern ASAP.

1) Why user got above Warning

2) How an SFTP connection is established between a client & Server.josh.d

  • I'm not an sftp expert, so make sure you confirm everything below before acting on it  emoticons_happy.png

    I thought you actually needed a key to use sftp: Configuring Serv-U For SFTP Access


    You may have another key configured somewhere else.  Or, its defaulting to a built in cert.

    I assume that warning was because the key changed.  You'll get the same kind of warning when initially SSH'ing to an unknown host.  It caches keys to prevent MITM attacks.

    I think SFTP connections use the SSH protocol, so any docs you find on it should work.

    SSH File Transfer Protocol - Wikipedia, the free encyclopedia

  • Regarding the warning:

    The first time you connect to a server, it will always ask you to accept the fingerprint of the server. Once the fingerprint has been accepted, it won't ask you again for that server. It is basically a normal part of the SSH protocol, and SFTP is a subset of the SSH protocol.

    Various client programs may have options to disable/ignore this warning or automatically trust new hosts.

    If the fingerprint later changes (the SSH HostKey on the server changes), then it will no longer trust the server, and inform you that you may be the victim of a "Man in the middle" attack. The HostKey may change when a new server installed, as the HostKey is usually generated as part of the install process.

    With Serv-U this is a bit different, and it looks like all installations of Serv-U shares the same HostKey, This makes it a bit easier to load balance, but weakens the defense against Man in the middle attacks somewhat, as all the attacker has to do is to get the Serv-U HostKey and present that when doing his/her attack.