Filezilla Sftp Generate Public Key

admin

SFTP provides an alternative method for client authentication. It's called SFTP public key authentication. This method allows users to login to your SFTP service without entering a password and is often employed for automated file transfers. In this post, we'll walk you through the process of setting up this kind of authentication on the. Setting up SFTP access for multiple users. Make sure that it supports SFTP and public key authentication. To configure FileZilla to use a private key for SFTP access, follow these steps. If you used Linux or Mac OS X to generate the key pair, FileZilla may display a message that it needs to convert the key file.

Documentation » Getting Started » Protocols » SSH »

In every SSH/SFTP connection there are four keys (or two key-pairs) involved. This article explains a difference between them and what keys an SFTP client user needs to care about.

The SSH employs a public key cryptography. A public-key cryptography, also known as asymmetric cryptography, is a class of cryptographic algorithms which requires two separate keys, one of which is secret (or private) and one of which is public.1 Together they are known as a key-pair. In SSH, the public key cryptography is used in both directions (client to server and server to client), so two key pairs are used. One key pair is known as a host (server) key, the other as a user (client) key.

Filezilla Sftp Generate Public Key

A user private key is key that is kept secret by the SSH user on his/her client machine. The user must never reveal the private key to anyone, including the server (server administrator), not to compromise his/her identity.

To protect the private key, it should be generated locally on a user’s machine (e.g. using PuTTYgen) and stored encrypted by a passphrase. The passphrase should be long enough (that’s why it’s called passphrase, not password) to withstand a brute-force attack for a reasonably long time, in case an attacker obtains the private key file.

Different file formats are used to store private keys. WinSCP supports PuTTY format, with .ppk extension.

A user public key is a counterpart to user private key. They are generated at the same time. The user public key can be safely revealed to anyone, without compromising user identity.

Filezilla Generate Ssh Key

To allow authorization of the user on a server, the user public key is registered on the server. In the most widespread SSH server implementation, the OpenSSH, file ~/.ssh/authorized_keys is used for that.

Learn more about public key authentication in general and how to setup authentication with public keys.

Advertisement

A host private key is generated when the SSH server is set up. It is safely stored in a location that should be accessible by a server administrator only. The user connecting to the SSH server does not need to care about host private key in general.

A host public key is a counterpart to host private key. They are generated at the same time. The host public key can be safely revealed to anyone, without compromising host identity.

To allow authorizing the host to the user, the user should be provided with host public key in advance, before connecting. The client application typically prompts the user with host public key on the first connection to allow the user to verify/authorize the key. The host public key is then saved and verified automatically on further connections. The client application warns the user, if the host key changes.

  1. The text is partially copied from Wikipedia article on Public-key cryptography. The text is licensed under GNU Free Documentation License.Back

Overview

SFTP provides an alternative method for client authentication. It's called SFTP public key authentication. This method allows users to login to your SFTP service without entering a password and is often employed for automated file transfers. In this post, we'll walk you through the process of setting up this kind of authentication on the command line. It's really easier to do this on a GUI-based interface but if you simply love doing things on the terminal, this post is for you.

Note: SFTP (through SSH) is usually installed on Linux distros, so we'll be using Linux for both the (SFTP) server and client machines in this tutorial.

1. Create the .ssh directory

The first thing you'll want to do is create a .ssh directory on your client machine. This directory should be created inside your user account's home directory. Login to your client machine and go to your home directory. Just enter:

cd ~

You should now be inside your home directory.

In the screenshot below, we used ls -a to list all the files and folders in our home directory.

To add the .ssh directory, just enter:

mkdir .ssh

So now, when we list all the files in our home directory, we can already see the .ssh directory.

You'll want to make sure only the owner of this account can access this directory. To do that, change the user permissions of the directory by running:

Filezilla Sftp Generate Public Key West

chmod 700 .ssh

2. Run ssh-keygen

Next, we need to populate our .ssh directory with the public/private key pair we'll be using for our sftp key authentication. Run the ssh-keygen command:

ssh-keygen

Filezilla Sftp Generate Public Key System

Not familiar with SFTP keys? Click that link to learn more about them.

Immediately after running the ssh-keygen command, you'll be asked to enter a couple of values, including:

  • The file in which to save the private key (normally id_rsa). Just press Enter to accept the default value.
  • The passphrase - this is a phrase that functions just like a password (except that it's supposed to be much longer) and is used to protect your private key file. You'll need it later, so make sure it's a phrase you can easily recall.

As soon as you've entered the passphrase twice, ssh-keygen will generate your private (id_rsa) and public (id_rsa.pub) key files and place them into your .ssh directory. You'll also be shown the key fingerprint that represents this particular key.

To verify whether the files were really created successfully and placed in your .ssh directory, go to your .ssh directory and list the files as shown:

Here's a sample of how the contents of an SFTP private key file (id_rsa) looks like, viewed using the less command.

and here's how the contents of a SFTP public key file (id_rsa.pub) looks like:

Again, we'd like to make sure only the owner can read, write, and execute these files. So run the chmod command yet again to assign the appropriate permisssions:

Server

chmod 700 ./id_rsa.*

Now that we have a .ssh directory in our client machine (populated with the private/public key pair), we now have to create a corresponding .ssh directory on the server side.

3. Create .ssh directory on SFTP server

Login to your SFTP server via SSH. We're assuming you already have a user account on your SFTP server and that the service is already up and running. Don't worry too much if you encounter a notification saying 'The authenticity of host ... can't be established ... Are you sure you want to continue connecting?' Barring any untoward incidents, it's just SSH informing you that a trust relationship between your server and your client has not yet been established. Just type in 'yes', hit [enter], and enter your password.

Recommended article: Setting Up an SFTP Server

Once you're logged in, navigate to your user account's home directory (on the server) and (just like in your client machine), create a .ssh directory.

Filezilla Sftp Generate Public Key Largo

Assign the required permissions for this directory by running:

chmod 700 .ssh

Next, navigate to your newly created .ssh directory and create the file authorized_keys. This file will be used to hold the contents of your public key. Here, we create this file by using the touch command like so:

touch authorized_keys

Yes, you need to run chmod on this file too:

chmod 700 authorized_keys

When you're done, exit your SSH session.

4. Run ssh-copy-id

Now it's time to copy the contents of your SFTP public key to the authorized_keys file. The easiest way to do this would be to run the ssh-copy-id command. The ssh-copy-id program is usually included when you install ssh. The syntax is:

ssh-copy-id -i id_rsa.pub user@remoteserver

where user is just the username used earlier and remoteserver is just the IP address/hostname of your SFTP/SSH server.

You'll then be asked to enter your account's password. This is just the same password you used to login via SSH earlier.

Filezilla Sftp Generate Public Key Using Puttygen

5. Login SFTP SSH key based authentication

To verify that everything went well, ssh again to your SFTP server. This time, you'll be asked to enter the passphrase instead of the password.

Navigate to your .ssh directory and view the contents of the authorized_keys file. It should contain exactly the same characters found in your SFTP public key file.

Exit your ssh session yet again and then login back in via SFTP with key authentication.

Note: Had you not assigned any passphrase when you created your public and private keys using ssh-keygen, you would have been able to login just like this:

That's it. Now you know how to setup SFTP with public key authentication using the command line. There's actually an easier way to do this. The article 2 Ways to Generate an SFTP Private Key will show you a couple of GUI-based methods that arrive at the same result.

Get started

Looking for an SFTP server? Download the free, fully-functional evaluation edition of JSCAPE MFT Server now.

Filezilla Sftp Generate Public Key Ssh


Be up-to-date on tips like this. Follow us on Twitter!