When configuring an SFTP server, you now have the option to use public/private key authentication instead of a username and password to connect to the server. This option requires that you have a private/public SSH key pair, and that the public key is in place on your SFTP server.
On the FTP Properties dialog, when the SFTP protocol is selected you will now see an SFTPSettings area. Check the box if you wish to Use key authentication for this SFTP server.
Click the Read Fingerprint button to request the public key fingerprint from the server. The fingerprint is a hash of the FTPserver's public key, which MAPSstores in order to verify that it is connecting to the correct SFTP server.
The option to Always trust server prevents MAPSfrom verifying that the stored fingerprint matches the fingerprint from the server when using key authentication. You would usually only check this option when connecting to internal servers or testing environments where you are not concerned about man-in-the-middle attacks.
If key authentication is not enabled, you will need to specify a username and password in the section below the SFTPsettings as you did previously.
FTP Servers - Keys Screen
Underneath the FTP screen, there is now a Keys screen where you add the private SSH key(s) to MAPS. Keys installed here must correspond to the public key on your SFTPserver. When connecting to an SFTPserver, MAPSattempts to authenticate to the server using the first key in the list. If authentication fails, it goes down the list of keys until a match is found or until all keys have been tried.
Click Add Key to browse for a key file to import. The key and its details will then be added to the list on the Keys screen.
- Filename - The name of the key file of the private key.
- Algorithm - Specifies the encryption algorithm used for the key. MAPSsupports DSA and RSA encryption.
- Comment - The "Comment" field from within the key file.
- Fingerprint (MD5) - The fingerprint (hash) of the key.
Key Format
MAPSsupports SSH keys generated using the DSAor RSA encryption algorithms.
You can generate the SSHkey pair using a program of your choice. PuTTYgen is a free, open-source utility (not supplied by Evisions) that can be used for this purpose. Please refer to their documentation for installation and usage instructions.
You should store the private key in a secure location, making sure it is not distributed to any other party. Messages encoded using your public key can only be decrypted using your private key. For more information on public-key cryptography, refer to http://en.wikipedia.org/wiki/Public-key_ cryptography.
FAQs
Authenticate using public keys
You can use authorized public keys to authenticate SFTP connections when importing and exporting contacts. Under Authentication in the Data Source pane, choose Saved key as the authentication method and pick the public key you wish to use to use for this connection.
Does SFTP use public and private keys? ›
The user's Public & Private Keys are a pair of keys used to authenticate a client when it connects to an SFTP server. The user's private key is kept secret and stored locally on the user's PC while the user's public key is uploaded and registered on the SFTP server the user connects to.
What are the authentication options for SFTP? ›
There are two methods of SFTP authentication: password authentication and SSH key authentication.
What is the basic authentication of SFTP? ›
Authenticating an SFTP server with a password is simple. The administrator creates a username and password combination for a user. After the setup is complete, whenever the user signs in, the server checks the username/password combination and approves or denies the request based on whether the password is correct.
How to generate public and private key for SFTP? ›
Users can generate their own SSH keys by logging in with their username and password, selecting their username at the top right of the page, selecting My account > SFTP keys > Add SFTP key, selecting the Generate in browser option, then selecting Generate key pair.
How to specify private key in SFTP? ›
Set Up the SFTP Private Key
- ssh-keygen -t rsa.
- Generating public/private rsa key pair.
- Enter file in which to save the key (/home/ofsaapp/. ...
- Created directory '/home/ofsaapp/. ...
- Enter passphrase (empty for no passphrase):
- Enter same passphrase again:
- Your identification has been saved in /home/ofsaapp/.
An SSH key is used to access a remote server through an SSH connection. The keys come in pairs, a public key and a private key. The public key is kept within the server and the private key is with the user or the client. The server authenticates the user by sending a message encrypted using the public key.
How to SSH public key authentication? ›
Setting Up Public Key Authentication for SSH
This is typically done with ssh-keygen. Private key stays with the user (and only there), while the public key is sent to the server. Typically with the ssh-copy-id utility. Server stores the public key (and "marks" it as authorized).
Does SFTP use TLS or SSL? ›
No, SFTP (Secure File Transfer Protocol) does not use TLS (Transport Layer Security). SFTP is actually an extension of the SSH (Secure Shell) protocol and, as such, it utilizes the security mechanisms provided by SSH, which include strong encryption, authentication, and data integrity.
What is the best encryption for SFTP? ›
Best Practices for CSV File Transfer via SFTP
- Symmetric Encryption Algorithm: Symmetric encryption algorithms use a single key for both encryption and decryption. ...
- Public-Key Encryption Algorithm: Public-key encryption algorithms like RSA use two keys for encryption and decryption: a public key and a private key.
What's the Difference Between FTP vs SFTP, Then? The key difference between FTP vs SFTP is that SFTP uses a secure channel to transfer files while FTP doesn't. With SFTP, your connection is always secured and the data that moves between your FTP client and your web server is encrypted.
Do you need a key for SFTP? ›
Here's how the SFTP connection process works: Authentication: Upon connecting to the server, the client is required to provide valid SSH keys or, alternatively, a user ID and password, depending on the server's configuration. This step ensures that only authorized users can proceed.
Does SFTP use a SSH key? ›
People that need access to the server via SFTP can just generate a SSH key pair where you upload their public key.
How does SFTP work for dummies? ›
How does SFTP work? Before an SFTP file transfer can occur, the client and server verify the connection via a three-way handshake (see the following TCP section for more details). Then, they authenticate each other (see the SSH section below). Finally, the file is transferred over the encrypted channel in packets.
Can public key be used for authentication? ›
Secure Shell (SSH) public key authentication is a method that allows a user device to pair with remote servers and systems using cryptographic key pairs. Once authenticated, the user device establishes an encrypted connection with the server for safe data transfer.
How can you authenticate your document using public key cryptography? ›
In public key cryptography, a sender proves their identity to a recipient by using their private key to create a digital signature that is attached to the message. (Kichan Nam, 2003) The recipient can then use the sender's public key to verify the signature and confirm the sender's identity.
How do I connect to SFTP server using public key FileZilla? ›
Connect to SFTP with a key file:
- In FileZilla/FileZilla Pro Click New in the Site Manager dialog box.
- Select SFTP – SSH File Transfer Protocol.
- Enter the IP address or the host name of your server.
- Select key file as the logon type.
- Enter the username.
- Enter the path for the key file.
- Click OK to accept the host.
Enable SSH public key authentication
- Log in to the server.
- Verify that the user exists: `getent passwd <username>`
- Look up the value assigned to the AuthorizedKeysFile parameter within. ...
- Switch to the user's home directory: `cd /directory-path` ...
- Check permission levels for the .ssh/ directory.
