SSH Host Keys unavailable with NT Authentication

SSH Host Keys unavailable with NT Authentication

When using the Windows NT/SAM or Windows ADSI Authentication connectors in Titan FTP Server 2019 or Cornerstone MFT Server 2019, you may notice that the Public Host Key feature of SFTP/SSH is not available for use.

User Authentication Settings

SSH/SFTP Settings

This scenario will occur when the "Impersonate NT User After Login" option on the NT/SAM Authentication connector is enabled.

The reason for this is that in order for Titan/Cornerstone to be able to Impersonate the Windows NT/AD user context after login, Titan/Cornerstone needs to log in to the Windows NT/AD server to acquire an impersonation token which allows Titan/Cornerstone to operate under the context of the user. Since Windows NT/AD logins require both a username and a password, the server needs to acquire that information from the SFTP client user during login. This means that Password authentication must be used by the SFTP client to receive the credentials to pass along to the NT server for login. Since Password authentication is required, Host Key authentication cannot be enabled as Windows NT will not accept an SSH Host Key in lieu of the Windows Password.

Administrators will want to keep this in mind when designing their authentication strategy. If Public Host Key access from SFTP clients will be a requirement, even if it's just for one user, then the Impersonate NT User After Login option cannot be used.

    • Related Articles

    • SSH Public Key Authentication with Titan Server -- Enable and Configure

      Please see the video below for a visual and descriptive guide to using SSH Public Key Authentication with Titan Server. Titan Server: SSH Public Key Authentication
    • How To: Create SSH Keys and apply to a User

      How To: Create SSH Keys and apply to a User Question How can I create SSH keys for users and use it as authentication aside from password? Reasoning SSH Key Authentication is more secure than Password authentication. Answer Follow the below ...
    • How To: Setup Key Authentication for SFTP in Titan

      Question How do I setup key authentication for SFTP in Titan. Reasoning I have a requirement from end users that need to add an extra layer of security by connecting to Titan via SFTP with key authentication.  Answer You have the option in Titan to ...
    • How To: Create a SFTP Key in Titan Nextgen

      Related To Titan Nextgen Builds 1.x Question How do I create a SFTP keys in Titan Nextgen? Reasoning I would like to be able to create a SFTP host keys for secure SFTP encrypted connections. Answer You have the option in Titan Nextgen to create ...
    • Cornerstone SSH Host Keys

      Cornerstone MFT Server can use Secure File Transfer Protocol (SFTP), a Host Key Authentication method which adds Secure Shell (SSH) protection to your data transfers. This is Public Key Infrastructure (PKI), which is the use of a key pair made up of ...