Our Products:   CompleteFTP  edtFTPnet/Free  edtFTPnet/PRO  edtFTPj/Free  edtFTPj/PRO
0 votes
in CompleteFTP by (6.2k points)
edited by

I have run a vulnerability scan which recommends disabling the use of DSA 1024 bit server host server keys. How can i do this?

1 Answer

0 votes
by (6.2k points)
edited by

Best security practices require server host keys to be at least 2048 bits in length. This is easy for RSA keys, but by definition, DSA server host keys are 1024 bits in length. The best solution to avoid being flagged in security scans is to disable DSA host keys. 

This can be done in the CompleteFTP Manager by going to:

Sites/Settings>SFTP>Algorithms>Public Key Algorithms

Under 'Public Key Algorithms' click in the box and you will see a drop down menu, uncheck the 'DSA' option and the server will then be forced to use only RSA keys.