Using public key authentication in SFTP/SSH

 Top  Previous  Next

The SFTP/SSH service supports public key authentication.  In public key authentication the client must authenticate to the server using a username and private key known only the the user that may or may not be protected with a password.  For increased security the SFTP/SSH service may be configured to require BOTH a private key and the account password.

 

To authenticate using public key authentication perform the following steps:

 

Create a client key

 

1.  Go to File > Key Manager > Client keys panel and click on the Generate button to create a new client key.  When prompted for an Alias enter the username that you would like to bind this client key to.  For the Type and Length fields you may leave these as the default values or select from options provided.  Click Next to continue.

 

Figure 75

 

clip0075

 

2.  Enter details about the user who will use this key.  In the Common Name field you can use the persons full name.  Click Next to continue.

 

Figure 102

 

clip0102

 

3.  Next you will need to export the private key.  This is the key you will use in your SFTP/SSH client for authenticating with SFTP/SSH service.  You will NOT need the certificate and public keys so you may deselect these files for export.  When exporting private key select the PEM file type format.  Click OK to export your private key and add client key to the client keys listing.

 

Figure 103

 

clip0103

 

Figure 104

 

clip0104

 

4.  The next step is to bind this client key to the user.  This allows this client key to be used by this user for authentication purposes.  Go to the Users node, select the user for this key and click Edit button.  In the Client keys field check the client key that you created earlier and click OK.

 

Figure 105

 

clip0105

 

5.  Next you must enable SFTP/SSH server to allow authentication using public keys.  If you have already done this then you may skip this step.  Go to the Services node, select the SFTP service and click Edit.  Change Authentication option for service to use one of the publickey options.  Click OK then Apply to apply the changes.

 

6.  You have successfully enabled public key authentication for the SFTP/SSH service.  To authenticate, instruct your SFTP/SSH client to use the private key you exported in Step 3.  Some SFTP/SSH clients, i.e. Putty, use a proprietary private key format. Therefore it may be necessary that you convert the PEM formatted key to the client proprietary key format prior to connecting.  For Putty client you may use the Putty puttygen.exe tool to make this conversion.

 

See also

 

  Setting SFTP/SSH authentication mode