Generate SSH server keys (CLI)

SSH host keys are used by Rebex Buru SFTP Server to prove its identity to clients.

While the installer generates a default set of keys, you can use the burusftp keygen utility to manually create specific keys or refresh your server's identity.

The easiest way to establish server identity is to generate the recommended suite of modern algorithms (ECDSA, ED25519, and RSA). Use the --all flag to generate these keys to the default configuration directory, provide a path to export them elsewhere, or specify -t and -b to generate a single key of a given type and bit length.

# Generate the default set to the configuration directory
burusftp keygen --all

# Export the default set to a specific folder
burusftp keygen --all "D:\Backup\ServerKeys"

# Generate a 4096-bit RSA key
burusftp keygen -t rsa -b 4096 custom_rsa.ppk

Option	Supported Values	Default
`-t, --type`	`rsa`, `dsa`, `ed25519`, `ecdsa`	`rsa`
`-b, --bits`	Variable (e.g., `2048`, `4096`)	Depends on type
`-c, --curve`	`nistp256`, `nistp384`, `nistp521`	`nistp521`

Update the server configuration

After generating new keys, you must ensure the server is configured to use them. Open your config.yaml file and locate the keys section.

keys:
  - 'C:\ProgramData\Rebex\BuruSftp\keys\ed25519.key'
  - 'C:\ProgramData\Rebex\BuruSftp\keys\rsa_4096.ppk'

Restart the service

Restart the Buru SFTP service for the changes to take effect:

Press ⊞ Win + R, type services.msc, find Rebex Buru SFTP Server, right-click and select Restart.

burusftp svc restart

net stop RebexBuruSftp && net start RebexBuruSftp

Restart-Service RebexBuruSftp

Buru SFTP
Server documentation

How to generate SSH server keys (CLI)

Update the server configuration

On this page