keys

Paths to SSH server (host) private keys or certificates (with associated keys). Paths are relative to application installation directory. Arguments such as password can be enclosed in double quotes ("). Use backslash (\) to escape other inner double quotes and backslashes.

2.14.1+ Environment variables specified as %name% can be used in file paths (not passwords or other fields).

# example
keys:
  # Path to a key file
  - Z:\keys\ed25519.key

  # Path to a key file with an environment variable 
  - %ProgramData%\Rebex\BuruSftp\keys\ed25519.key
    
  # Path to an encrypted key file.
  - Z:\keys\ed25519.key; password="The \"strongest\" password"

  # Path to a PKCS#12 certificate
  - Z:\keys\cert.pfx

  # Path to a certificate file with an associated key file.
  - Z:\keys\rsa_cert.crt; key=Z:\keys\rsa.key

  # Path to the certificate store using a thumbprint
  - Cert:\CurrentUser\My\4110908f77c64c0edfc2de6273bfa9a98a9c5ce5
  
  # Path to the certificate store using CN and CA
  - Cert:\CurrentUser\My\example.com; CA=mycertauthority.com
  
  # All private keys from a directory (not recommended)
  - Z:\keys

Path syntax

Private key file path:

<path> [; password="<password>"]
  • password: 2.10.0+ password to decrypt the key file. If not specified, the key file is assumed to be unencrypted.

2.10.0+ Certificates can be loaded from file or store using certificate path.

Supported file formats

Private key formats:

  • PKCS #8 (RFC 5208)
  • OpenSSH/OpenSSL (SSLeay)
  • New OpenSSH
  • PuTTY .ppk

Key generation

Server keys are generated by the installer and stored in <config root>/keys directory, usually C:\ProgramData\Rebex\BuruSftp\keys.

Keys can be also created manually using burusftp keygen or burusftp init command or any third-party tool, such as ssh-keygen, openssl genpkey or PuTTYgen.

Remarks

When keys section is missing, then keys will be searched for in the following locations: