Skip to main content

Ability to have a dedicated SSH/SFTP host Key pair.

Completed

Comments

8 comments

  • Official comment
    Grant
    Development

    We've just release version 12.4, and it provides an initial solution to this feature request for a dedicated host key pair for SSH SFTP.

    We've released a post describing the new feature and changes here:

    https://www.cerberusftp.com/ssh-host-keys-decoupled-from-tls-certificate/

    Our solution solves the immediate problem of the SSH key pair changing every time you need to change your SSL certificate.  SSH host keys and SSL keys are now completely separate. You can safely renew and change your SSL certificate every year without fear of your SSH clients getting warnings that the host key has changed.

     

  • Grant
    Development

    Hey guys, thanks for the feedback on this issue.  We understand the concerns and pain the lack of a dedicated SSH key pair is causing.  While I can't promise a release date yet, I can tell you that our team has been discussing this one a lot lately.  I strongly suspect we are going to add it to our near term roadmap for 12.0.  

    I'll let you know as soon as we have something firm as far as a release version.

    3
  • Jérôme Bouvattier

    ;-)

    I'm pretty sure that, on top of pleasing us, they will save them a good number of support tickets.

    2
  • Brandon Wallace

    Agreed 100%.  Also, the UI should tell you when you go to replace your SSL certificate that your SSH fingerprint will change.  I wasn't aware and found out the hard way.

    2
  • Jérôme Bouvattier

    Great news Grant!
    Thanks for listening to us.

    2
  • Brandon Wallace

    That's awesome.  Thanks for your responsiveness on this feature request!

    2
  • Grant
    Development

    You're welcome.  Talked this one over with the development team and we are tentatively planning on addressing this in 12.4.  We've already assigned it to a member of our development team.

    We're still working out the details on our approach for addressing this one, but at a bare minimum I think we will provide a new key pair field for SSH keys, distinct from the SSL key pair.  That will allow administrators to change their SSL key pair (used by HTTPS and FTPS/ES) without changing the key pair used for SSH SFTP.

    2
  • Tom

    Jerome, I feel like we work for the same company (kidding).

    In all seriousness, I provided the exact same feedback in a recent Cerberus FTP "Tell us what we can do better" survey. This is really the only pain point left for us.

    Let's hope they at least consider it.

     

    1

Please sign in to leave a comment.