Users of SSH clients know to trust specific machines because their keys will match publicly available SSH fingerprints. As part of the instructions you give your clients, you SHOULD be distributing the fingerprint of your MOVEit DMZ SSH server so your clients can confirm the identity of your server. (Without this protection, anyone could spoof this or any other SSH server!)

The following OpenSSH session shows this mechanism in action. Specifically, OpenSSH asks the end user if they want to trust the remote server after displaying the MD5 hash of the remote server's SSH server key.

d:\>sftp sshftpuser@moveit.myorg.com 
Connecting to moveit.myorg.com... 
The authenticity of host 'moveit.myorg.com (33.44.55.66)' can't be established. 
DSA key fingerprint is 0f:70:32:8f:03:fa:b4:fc:e3:36:bb:ed:37:16:e9:32. 
Are you sure you want to continue connecting (yes/no)? yes 
sshftpuser@moveit.myorg.com's password:

MOVEit DMZ's SSH key is automatically generated the first time the server is started and an associated fingerprint is created at the same time. To view your MOVEit DMZ SSH key fingerprint log into a Windows console on your MOVEit DMZ server. Open Start -> All Programs -> MOVEit DMZ -> MOVEit DMZ Config and navigate to the SSH tab to view your MOVEit DMZ's SSH key MD5 hash.

Server Key Backup

The MOVEit DMZ SSH server key is stored encrypted in the registry under the SSHServer\PrivKey registry entry. Any registry backup, including the registry backup performed by the MOVEit DMZ Backup Utility, will back up this key.

Server Key Export

To export MOVEit DMZ's public SSH server key in either OpenSSH or SSH2 format, see the related instructions in SSH - Configuration.