Home Back to Tutorial Online Help

Setup Xlight FTP Server with SSH2/SFTP protocol

Xlight FTP Server now supports Secure File Transfer Protocol (SFTP) over SSH2 Protocol. SFTP is not FTP run over SSH2, but a new protocol designed by the IETF SECSH working group. SFTP itself does not provide authentication and security, it relies on the underlying protocol SSH2 to provide secure connection. Note: SSH2/SFTP is a optional feature for standard or professional edition of Xlight FTP Server. After 30-day evaluation period, SSH2/SFTP is an optional feature and need a separate add-on upgrade license. Only standard or professional edition Xlight FTP Server users can upgrade to SSH2/SFTP feature.

The step to create SSH2/SFTP virtual server is straightforward. When you create a new virtual server, select SSH2 as the protocol, as showed in the picture below: (Note: if the server won't have the SSH2/SFTP license, you will not be able to see SSH2 in the protocol selection.)


As the default port for FTP is 21, the default port for SSH2/SFTP is 22. After you created SSh2/SFTP virtual server, you can add users to it and manage it the same way as you manage FTP.

Manage SSH2 server host key

SSH2 server host key is an unique key to identify the Server. When you create a new SSH2/SFTP virtual server, a SSH2 host key is automatically generated for this server. However if you have an existing host key want to import or you want to backup the SSH2 host key, you can manage it from [Virtual Server Configurtion] -> [General] -> [Server SSH2 Host Key] as showed in the picture below:


SSH public key authentication

Local SFTP user can use public key authentication to replace the default password authentication. Public key authentication is user based. From user's settings, you need to enable public key authentication and select public key file for this user, as show below:


Select public key file

You can select a public key file used for public key authentication. The SSH2/SFTP client needs to use related private key for authenticating against server. The key length for DSA should always be 1024 bits as specified in FIPS 186-2. RSA key length isn’t limited to 1024 bits.


Select other public key files

Start from version 3.8.1, Xlight FTP Server can support multiple public key files for authentication. To use other public key files, you can select a file contains the location of other public key files, as showed in the picture below: