ReferenceConfigurationconfig.yaml

keys

SSH host keys identify the server to connecting SSH/SFTP clients. This section lists the private keys or certificates (with associated keys) the server uses for SSH connections only — FTP/FTPS uses separate certificate groups instead. Host keys are global — all SSH endpoints share the same set. Paths are relative to the application installation directory.

Host keys must be kept secure and never shared. These are not the same as user public keys used for public key authentication.

2.14.1+ Environment variables specified as %name% can be used in file paths (not passwords or other fields).

keys:
  # Path to a key file
  - Z:\keys\ed25519.key

  # Path to a key file with an environment variable 
  - %ProgramData%\Rebex\BuruSftp\keys\ed25519.key
    
  # Path to an encrypted key file.
  - Z:\keys\ed25519.key; password="The \"strongest\" password"

  # Path to a PKCS#12 certificate
  - Z:\keys\cert.pfx

  # Path to a certificate file with an associated key file.
  - Z:\keys\rsa_cert.crt; key=Z:\keys\rsa.key

  # Path to the certificate store using a thumbprint
  - Cert:\CurrentUser\My\4110908f77c64c0edfc2de6273bfa9a98a9c5ce5
  
  # Path to the certificate store using CN and CA
  - Cert:\CurrentUser\My\example.com; CA=mycertauthority.com
  
  # All private keys from a directory (not recommended)
  - Z:\keys

Path syntax

Arguments such as password can be enclosed in double quotes ("). Use backslash (\) to escape inner double quotes and backslashes.

Private key file path:

<path> [; password="<password>"]
  • password: 2.10.0+ Password to decrypt the key file. If not specified, the key file is assumed to be unencrypted.

When the path points to a directory, all files in the directory are scanned for private keys. This feature is not recommended and will be likely removed in future versions.

2.10.0+ Certificates can be loaded from file or store using certificate path format.

Supported file formats

Private key formats:

  • PKCS #8 (RFC 5208)
  • OpenSSH/OpenSSL (SSLeay)
  • New OpenSSH
  • PuTTY .ppk

Supported host key algorithms can be found on the dedicated documentation page.

Key generation

Server keys are generated by the installer and stored in <config root>/keys directory, usually C:\ProgramData\Rebex\BuruSftp\keys.

Keys can also be created manually using the burusftp keygen or burusftp init command, or any third-party tool such as ssh-keygen, openssl genpkey, or PuTTYgen. See Generate SSH Server Keys (CLI) for a step-by-step guide.

Remarks

When the keys section is missing, keys will be searched for in the following locations:

ipFilter

Previous Page

logging

Next Page

On this page

Path syntaxSupported file formatsKey generationRemarks