CompleteFTP Key Checker
=======================

A standalone tool that checks SSH host keys and user public keys in
a CompleteFTP configuration database for vulnerabilities disclosed
by Trail of Bits.  The vulnerabilities affect keys generated by older
versions of CompleteFTP and would let an attacker recover the
corresponding private key from the public key.


What it checks
--------------

* RSA keys generated by CompleteFTP versions 10.0.0 - 12.0.0 with
  insufficient entropy (weak RNG).
* DSA keys generated by CompleteFTP versions 10.0.0 - 23.0.4 with
  insufficient entropy (weak RNG).
* RSA keys with the public exponent swapped for the private exponent
  on certain Linux builds (exponent swap).

For each affected key the tool also reports whether the key is
currently usable (URGENT) or stored but not currently usable (LOWER
PRIORITY), based on the site, user, SFTP, algorithm, and per-site
access configuration in the database.


Quick start
-----------

Linux:    ./KeyChecker
Windows:  KeyChecker.exe

By default it reads the CompleteFTP config database at:

  Windows:
    C:\ProgramData\Enterprise Distributed Technologies\Complete FTP\config.db
  Linux:
    /var/lib/completeftp/config/config.db

To check a different config database (for example one copied off
another server):

  KeyChecker /path/to/config.db

To save the full report to a file:

  KeyChecker > report.txt


What you'll see
---------------

A single integrated report:

  * Database path, CompleteFTP version, and number of keys checked.
  * A one- or two-line verdict at the top.
  * "About these findings" - a short paragraph explaining the
    vulnerability and that current builds are safe.
  * URGENT - user authentication keys (when present): step-by-step
    Manager instructions plus a list of each affected user with the
    affected key's bit length and MD5 fingerprint.
  * URGENT - site host keys (when present): same shape, with the
    Manager steps for site settings and a note about the one-time
    SSH-client fingerprint warning that follows host-key replacement.
  * LOWER PRIORITY - keys that are affected but cannot currently be
    used because the user account, site, SFTP, or algorithm path is
    disabled.  Listed with bit lengths and MD5 fingerprints, grouped
    by exposure reason.
  * "Note about DSA / SSH-DSS" (when DSA findings exist) - the
    deprecation guidance.
  * "Note about site host keys" (when applicable) - the sites whose
    host keys could not be checked, with a per-site reason.
  * A final headline (FAILED / WARNING / OK) and an exit code.

Each affected key is listed with its MD5 fingerprint in the form
"MD5:xx:xx:..." - the same format the CompleteFTP Manager displays
in its key-management dialogs.  Use it to identify a specific key
when a user or site has more than one.


What to do about findings
-------------------------

For URGENT (currently usable) keys, follow the per-section Manager
steps printed in the report.  Both sections rely on you matching
the MD5 fingerprint shown in the report against the Fingerprint
column in the Manager dialog, then deleting only the affected
row(s) - other unaffected keys for the same user or site are left
alone.

  USER KEYS:    Users panel -> select the user -> ellipsis next to
                "Public keys" -> Manage Public Keys dialog -> match
                fingerprint -> delete -> Generate new keypair or
                Import the replacement public key.

  SITE HOST KEYS:  Open the site's settings (Settings panel in
                Standard / Professional, or Sites panel in Enterprise)
                -> SFTP/SCP -> Advanced SFTP/SCP Settings -> ellipsis
                next to "RSA Key" or "DSA Key" -> Generate private
                key.  Replacing a host key produces a one-time
                fingerprint mismatch warning on existing SSH clients;
                notify users and any automated transfers (WinSCP,
                FileZilla, scheduled scripts) in advance so they can
                accept the new fingerprint without alarm.

For LOWER PRIORITY (dormant) keys: they are not an immediate
exposure, but they may become exposed if you re-enable the relevant
user account, site, SFTP service, or algorithm path.  Either
replace them at your convenience using the same Manager steps as
above, or - for user keys on accounts you do not plan to re-enable -
delete the affected keys without replacement.

For DSA findings specifically: SSH-DSS is deprecated in modern SSH
and is being removed from common clients.  Where operationally
possible, the preferred remediation is to disable SSH-DSS on the
affected sites (Site Settings -> SFTP/SCP -> Advanced -> SSH key
algorithm) rather than regenerate the DSA key.  Replace DSA keys
with Ed25519 or modern RSA where you can.


Options
-------

  --host <host> [port]
                    Probe a live SSH server for its host key without
                    reading a configuration database.  Useful for
                    checking servers you do not have local access to.

  -h, --help        Show usage.


Log file
--------

Diagnostic output is written to KeyChecker.log in the same directory
as the executable.  Include this file if you contact us for help with
something the tool reported.


Exit codes
----------

  0   No affected keys found.
  1   Affected keys present (URGENT or LOWER PRIORITY), or one or
      more keys could not be checked.


Contact
-------

For support contact us via the CompleteFTP support system or
https://enterprisedt.com.
