Cornerstone SSH Host Keys

Cornerstone SSH Host Keys

Cornerstone MFT Server can use Secure File Transfer Protocol (SFTP), a Host Key Authentication method which adds Secure Shell (SSH) protection to your data transfers. This is Public Key Infrastructure (PKI), which is the use of a key pair made up of a public and private key to encrypt data. The public key can be disseminated by the key pair owner, and any recipient can use it to encrypt data. That data can then only be decrypted by the matching private key the owner keeps secret.


Both the client and server using SFTP should generate a separate host key pair and exchange public keys. Both parties can then send encrypted data that can only be decrypted by the intended recipient.The client host key pair should be exported and sent to the Cornerstone Administrator in .pub format.Cornerstone will import it into the Host Key Database.


While it is possible to use the Host Key Management features in Cornerstone MFT to create user host key pairs for your clients, it is highly discouraged. It’s difficult to ensure the integrity of the transfer from the server computer to the client computer. If it is impossible to have clients create their own host keys, ensure your transfer is secure. Export the keys to an encrypted USB drive, or encrypt the files onto a DVD/CD ROM and physically hand deliver them to the client. Never email the host key files to the user. Email is natively unsecure; there is no way to ensure the integrity of the files during electronic transfer. Never share or send your private key to anyone; this will compromise the integrity of your host key pair. It’s good practice to password protect your private key as well, and Cornerstone MFT requires this.


Note that Cornerstone can only read OpenSSH format keys.


    • Related Articles

    • SSH Host Keys unavailable with NT Authentication

      When using the Windows NT/SAM or Windows ADSI Authentication connectors in Titan FTP Server 2019 or Cornerstone MFT Server 2019, you may notice that the Public Host Key feature of SFTP/SSH is not available for use. User Authentication Settings ...
    • How To: Create SSH Keys and apply to a User

      How To: Create SSH Keys and apply to a User Question How can I create SSH keys for users and use it as authentication aside from password? Reasoning SSH Key Authentication is more secure than Password authentication. Answer Follow the below ...
    • Titan SSH Host Keys

      Titan FTP Server can use Secure File Transfer Protocol (SFTP), a Host Key Authentication method which adds Secure Shell (SSH) protection to your data transfers. This is Public Key Infrastructure (PKI), which is the use of a key pair made up of a ...
    • SSH Public Key Authentication with Titan Server -- Enable and Configure

      Please see the video below for a visual and descriptive guide to using SSH Public Key Authentication with Titan Server. Titan Server: SSH Public Key Authentication
    • Error 1610 while importing SSHKEYGEN host keys in Cornerstone for SFTP

      If you receive the following error when you are trying to import SSH-KEYGEN host key pairs into Cornerstone/Titan Server: 'Unable to import host key due to invalid format or bad password. Make sure the SSH key is OpenSSH format (Error 1610)', there ...