SFTP provides an alternative method for client authentication. It's called SFTP public key authentication. This method allows users to login to your SFTP service without entering a password and is often employed for automated file transfers. In this post, we'll walk you through the process of setting up this kind of authentication on the command line. It's really easier to do this on a GUI-based interface but if you simply love doing things on the terminal, this post is for you.
Overview
- Generate Public Key Sftp Server Login
- Sftp Public And Private Key
- Generate Public Key Sftp Server List
The following keys are used to allow an SFTP Client adapter to connect with a remote SFTP server. User Identity Key – Private/Public key pair used to identify Sterling B2B Integrator as a user on a remote server. Generate this key within Sterling B2B Integrator and provide the public part of the key to your trading partner. SSH keys are a way to identify trusted computers, without involving passwords. The steps below will walk you through generating an SSH key and adding the public key to the server. Step 1: Check for SSH Keys First, check for existing SSH keys on your computer. Open Git Bash, Cygwin, or Terminal, etc. To generate the public/private key pair, enter this in the Command Prompt: ssh-keygen At the first prompt, “Enter file in which to save the key,” press Enter to save it in the default location. Save the text file in the same folder where you saved the private key, using the.pub extension to indicate that the file contains a public key. If you or others are going to use an SSH client that requires the OpenSSH format for private keys (such as the ssh utility on Linux), export the private key: On the Conversions menu, choose Export.
Note: SFTP (through SSH) is usually installed on Linux distros, so we'll be using Linux for both the (SFTP) server and client machines in this tutorial.
1. Create the .ssh directory
The first thing you'll want to do is create a .ssh directory on your client machine. This directory should be created inside your user account's home directory. Login to your client machine and go to your home directory. Just enter:
cd ~
You should now be inside your home directory.
In the screenshot below, we used
ls -a
to list all the files and folders in our home directory.
To add the .ssh directory, just enter:
mkdir .ssh
So now, when we list all the files in our home directory, we can already see the .ssh directory.
You'll want to make sure only the owner of this account can access this directory. To do that, change the user permissions of the directory by running:
chmod 700 .ssh
2. Run ssh-keygen
Next, we need to populate our .ssh directory with the public/private key pair we'll be using for our sftp key authentication. Run the ssh-keygen command:
ssh-keygen
Not familiar with SFTP keys? Click that link to learn more about them.
Immediately after running the ssh-keygen command, you'll be asked to enter a couple of values, including:
- The file in which to save the private key (normally id_rsa). Just press Enter to accept the default value.
- The passphrase - this is a phrase that functions just like a password (except that it's supposed to be much longer) and is used to protect your private key file. You'll need it later, so make sure it's a phrase you can easily recall.
As soon as you've entered the passphrase twice, ssh-keygen will generate your private (id_rsa) and public (id_rsa.pub) key files and place them into your .ssh directory. You'll also be shown the key fingerprint that represents this particular key.
To verify whether the files were really created successfully and placed in your .ssh directory, go to your .ssh directory and list the files as shown:
Here's a sample of how the contents of an SFTP private key file (id_rsa) looks like, viewed using the
less
command.
and here's how the contents of a SFTP public key file (id_rsa.pub) looks like:
Again, we'd like to make sure only the owner can read, write, and execute these files. So run the chmod command yet again to assign the appropriate permisssions:
chmod 700 ./id_rsa.*
Now that we have a .ssh directory in our client machine (populated with the private/public key pair), we now have to create a corresponding .ssh directory on the server side.
3. Create .ssh directory on SFTP server
Login to your SFTP server via SSH. We're assuming you already have a user account on your SFTP server and that the service is already up and running. Don't worry too much if you encounter a notification saying 'The authenticity of host ... can't be established ... Are you sure you want to continue connecting?' Barring any untoward incidents, it's just SSH informing you that a trust relationship between your server and your client has not yet been established. Just type in 'yes', hit [enter], and enter your password.
Recommended article: Setting Up an SFTP Server
Once you're logged in, navigate to your user account's home directory (on the server) and (just like in your client machine), create a .ssh directory.
Assign the required permissions for this directory by running:
chmod 700 .ssh
Next, navigate to your newly created .ssh directory and create the file authorized_keys. This file will be used to hold the contents of your public key. Here, we create this file by using the
touch
command like so:
touch authorized_keys
Yes, you need to run chmod on this file too:
chmod 700 authorized_keys
When you're done, exit your SSH session.
4. Run ssh-copy-id
Now it's time to copy the contents of your SFTP public key to the authorized_keys file. The easiest way to do this would be to run the ssh-copy-id command. The ssh-copy-id program is usually included when you install ssh. The syntax is:
ssh-copy-id -i id_rsa.pub user@remoteserver
where user is just the username used earlier and remoteserver is just the IP address/hostname of your SFTP/SSH server.
You'll then be asked to enter your account's password. This is just the same password you used to login via SSH earlier.
5. Login SFTP SSH key based authentication
To verify that everything went well, ssh again to your SFTP server. This time, you'll be asked to enter the passphrase instead of the password.
Navigate to your .ssh directory and view the contents of the authorized_keys file. It should contain exactly the same characters found in your SFTP public key file.
Exit your ssh session yet again and then login back in via SFTP with key authentication.
Note: Had you not assigned any passphrase when you created your public and private keys using ssh-keygen, you would have been able to login just like this:
That's it. Now you know how to setup SFTP with public key authentication using the command line. There's actually an easier way to do this. The article 2 Ways to Generate an SFTP Private Key will show you a couple of GUI-based methods that arrive at the same result.
Get started
Generate Public Key Sftp Server Login
Looking for an SFTP server? Download the free, fully-functional evaluation edition of JSCAPE MFT Server now.
Be up-to-date on tips like this. Follow us on Twitter!
Several tools exist to generate SSH public/private key pairs. The following sections show how to generate an SSH key pair on UNIX, UNIX-like and Windows platforms.
Generating an SSH Key Pair on UNIX and UNIX-Like Platforms Using the ssh-keygen Utility
UNIX and UNIX-like platforms (including Solaris and Linux) include the ssh-keygen utility to generate SSH key pairs.
To generate an SSH key pair on UNIX and UNIX-like platforms using the ssh-keygen utility:
- Navigate to your home directory:
-
Run the ssh-keygen utility, providing as
filename
your choice of file name for the private key:The ssh-keygen utility prompts you for a passphrase for the private key. -
Enter a passphrase for the private key, or press Enter to create a private key without a passphrase:
Note:While a passphrase is not required, you should specify one as a security measure to protect the private key from unauthorized use. When you specify a passphrase, a user must enter the passphrase every time the private key is used.The ssh-keygen utility prompts you to enter the passphrase again.
- Enter the passphrase again, or press Enter again to continue creating a private key without a passphrase:
- The ssh-keygen utility displays a message indicating that the private key has been saved as
filename
and the public key has been saved asfilename
.pub
. It also displays information about the key fingerprint and randomart image.
Generating an SSH Key Pair on Windows Using the PuTTYgen Program
Sftp Public And Private Key
The PuTTYgen program is part of PuTTY, an open source networking client for the Windows platform.
To generate an SSH key pair on Windows using the PuTTYgen program:
Generate Public Key Sftp Server List
-
Download and install PuTTY or PuTTYgen.
To download PuTTY or PuTTYgen, go to http://www.putty.org/ and click the You can download PuTTY here link.
- Run the PuTTYgen program.
- Set the Type of key to generate option to SSH-2 RSA.
- In the Number of bits in a generated key box, enter 2048.
-
Click Generate to generate a public/private key pair.
As the key is being generated, move the mouse around the blank area as directed.
-
(Optional) Enter a passphrase for the private key in the Key passphrase box and reenter it in the Confirm passphrase box.
Note:While a passphrase is not required, you should specify one as a security measure to protect the private key from unauthorized use. When you specify a passphrase, a user must enter the passphrase every time the private key is used.
-
Click Save private key to save the private key to a file. To adhere to file-naming conventions, you should give the private key file an extension of
.ppk
(PuTTY private key).Note:The.ppk
file extension indicates that the private key is in PuTTY's proprietary format. You must use a key of this format when using PuTTY as your SSH client. It cannot be used with other SSH client tools. Refer to the PuTTY documentation to convert a private key in this format to a different format. -
Select all of the characters in the Public key for pasting into OpenSSH authorized_keys file box.
Make sure you select all the characters, not just the ones you can see in the narrow window. If a scroll bar is next to the characters, you aren't seeing all the characters.
- Right-click somewhere in the selected text and select Copy from the menu.
- Open a text editor and paste the characters, just as you copied them. Start at the first character in the text editor, and do not insert any line breaks.
- Save the text file in the same folder where you saved the private key, using the
.pub
extension to indicate that the file contains a public key. -
If you or others are going to use an SSH client that requires the OpenSSH format for private keys (such as the
ssh
utility on Linux), export the private key:- On the Conversions menu, choose Export OpenSSH key.
- Save the private key in OpenSSH format in the same folder where you saved the private key in
.ppk
format, using an extension such as.openssh
to indicate the file's content.