April 21, 2023

Fido U2f Ssh/SFTP Keys Now Supported for SFTP Authentication

As part of File.com's commitment to data security for our customers, the team has just rolled out support for newer types of SSH key, adding even higher levels of protection for your data.

The Files.com platform now supports the use of FIDO U2F SSH Keys for SFTP authentication.

What is FIDO U2F?

FIDO Universal 2nd FactorExternal LinkThis link leads to an external website and will open in a new tab (U2F) is an open authentication standard that enables internet users to securely access online services with a single security key.

Universal 2nd Factor (U2F) is an open standard that strengthens and simplifies two-factor authentication (2FA) using specialized Universal Serial Bus (USB) or near-field communication (NFC) devices based on similar security technology found in smart cards.

Typically, the 2nd Factor used for authentication is a hardware device, such as a USB hardware key, that has been provided to the user.

SSH/SFTP Key Types for FIDO U2F

In OpenSSH FIDO devices are supported by new public key types ecdsa-sk and ed25519-sk, along with corresponding certificate types.

SSH/SFTP Keys that are generated as either ecdsa-sk or ed25519-sk types are now supported for use with SFTP authentication on the Files.com platform.

Why use FIDO U2F?

FIDO U2F should be used when you need to apply stronger security to SSH/SFTP authentication for your users.

As a second factor of authentication, U2F improves upon previous methods, such as Time-based one-time passwordsExternal LinkThis link leads to an external website and will open in a new tab (TOTP) by storing the shared secret on a hardware device where it is never exposed as plain text, preventing it from being copied or shared to other users.

The downside of U2F lies in its use of a hardware key, prohibiting the ability to create any backup copy. If the physical hardware key is ever destroyed, damaged, or lost, then there is no way to restore it. A new replacement hardware key will need to be used to generate brand new SSH/SFTP FIDO U2F Keys for the user.

Are FIDO U2F type SSH/SFTP Keys right for me?

If your SSH/SFTP Keys are going to be used for manual connections, made by your users (humans), then FIDO U2F is a great way to implement strong 2-Factor Authentication (2FA). Your users will only be able to connect if they possess their hardware key or card.

If your SSH/SFTP Keys are going to be used for programmatic connections, made by your systems or scripts, then U2F cannot be used as there is no human involvement.

Contact our team for more information.

Questions? Need help?

Please let us know how we can assist you. We’re here and glad to help. Please contact us by email, chat (in your web interface when logged in), or phone (1-800-286-8372 ext. 2).

Get Instant Access to Files.com

The button below will take you to our Free Trial signup page. Click on the white "Start My Free Trial" button, then fill out the short form on the next page. Your account will be activated instantly. You can dive in and start yourself or let us help. The choice is yours.