Setup CrushFTP SFTP with ECDSA Support on CrushFTP 10.1.0.50. Recent CrushFTP builds have the strong ciphers support on the SFTP tab.

This document shows how to properly configure ECDSA support for SFTP on a CrushFTP server. This is needed for VMware NSX-T backups to properly function.

1. Create ECDSA Key#

Steps to Create ECDSA Key files

1. Open Command Prompt as Administrator
2. Run Below commands to generate key files:

cd C:\Program Files\CrushFTP
ssh-keygen -A
ssh-keygen -t ecdsa -f ssh_host_ecdsa_key -N ""

Output:

Generating public/private ecdsa key pair.
Your identification has been saved in ssh_host_ecdsa_key.
Your public key has been saved in ssh_host_ecdsa_key.pub.
The key fingerprint is:
SHA256:uoSFybTIOdocoYO69ew/o58ULcKnvRCRJgDNThGYF14 contso\username@server-name
The key's randomart image is:

+---[ECDSA 256]---+
|+==oo.E          |
| .+o o           |
| oo *            |
|.o.X = .         |
|+ * O = S        |
|.= o O +         |
|o + + =          |
| o o +o+         |
|.  .=+*o         |
+----[SHA256]-----+

2. Modify CrushFTP SFTP Settings#

1. Login to CrushFTP HTTPS interface with admin
2. Click on > Admin > Preferences > and select the SFTP interface you wish to modify
3. Click on the SSH Tab, and edit the Server Host Key (DSA): ./ssh_host_ecdsa_key

4. Click on Save
5. Test the connection with Filezilla or WinSCP

Recent CrushFTP builds of 10.1.0.70+ have the strong ciphers support on the SFTP tab.

Thanks for the contribution to Russell Hamker