Words By John Carl Villanueva
Last Updated:
One of the security features of SFTP is public key authentication. Learn 2 options for generating an SFTP private key file with the JSCAPE MFT Server.
- Blog
One of the major security features of SSH FTP is public key authentication. This method of authentication allows JSCAPE MFT Server to verify a user's identity during login by asking for a secret item only the user has — an SFTP private key file (SSH key). Using keys to authenticate users while still requiring username and passphrase gives us two-factor authentication. In this post, we'll show you how to generate a private key for your SFTP server. In fact, we'll show you two places where a private key file can be obtained. The first place you can generate an SFTP private key file is in the Key Manager, which can be reached via the JSCAPE MFT Server Manager and hence can only be accessed by a server admin. The second place is via the JSCAPE MFT Server Web User Interface and can be accessed by anyone with a user account on the server. Let's have a look at those two options. To generate an SFTP private key pair via the Key Manager, launch the JSCAPE MFT Server Manager, login, and then go to Keys. Next, navigate to the Client Keys tab and then click the Generate button. Fill up the fields in the Generate Client Key dialog. You'll need to enter the following information: Key alias - We recommend you use the username of the user account this key will be binded with.
1. Obtaining An SFTP Private Key Via The Key Manager
Key algorithm - Choose between RSA or DSA . Click that link for a thorough discussion on these two key algorithms.
Key length - Choose between 1024 and 2048. Read the post "Choosing Key Lengths for Encrypted File Transfers " if you need more information on the subject.
Validity - Specify how many days you would like this key to remain valid.
Common name (CN) - This should be the full name of the user.
Organization unit (OU) - Indicates the specific unit in your organization that will be using this key, e.g. Accounting.
Organization (O) - The name of your organization.
Locality (L) - The name of your city.
State/Province (ST) - The name of your state or province.
Country (C) - Your 2-character country code, e.g. "US".
Click the OK button when done.
You'll then be asked to specify the name of the file that will hold this key. Make sure the filename is saved in the PEM format. Otherwise, you won't be able to use it for SFTP public key authentication . As an added layer of protection, you can also specify a password for this file.
Click the OK button when done and then Save the file to your desired folder. Because it is this file which the user will be required to submit during login, you will have to send this file to the user after it has been created. It's just a file, so you can burn it to a CD or copy it to a USB drive and then transport it securely to the intended user. While it is possible to email the file, email is not a recommended option unless the key is encrypted because emails can be intercepted and your key will be compromised.
After saving the file, you should be able to see your newly created client key in your list of client key certificates.
Note that this method can only be carried out by someone with administrative access to your JSCAPE MFT Server. However, it's also possible for a user to generate another SFTP private key file by themselves. If you want to know how, read the next section.
2. Obtaining An SFTP Private Key Via The User Web UI
To obtain an SFTP private key as a user, log in to JSCAPE MFT Server through the Web User Interface.
Once inside, click the link labeled My Account at the upper-right corner of the screen.
Next, navigate to the section Public Key Authentication and then click Generate Key Pair.
Choose an encryption type and length and then select PEM for the file type. You may also specify a password. When done, click the OK button.
The private key file will then automatically download to your SFTP client. Click Save File to save it in your default download folder.
Be sure you move that file from the download folder to another location that only you know.
Bonus Tip
There's still another way of generating an SFTP private key. Your users can actually generate their own keys locally using a third party software like PuTTYGen. Once the key is generated, they can send them to your server admin, who will then import the key into the key manager and then bind it with a user account.
Here's a video that shows you how it's done:
Public Key Authentication using PuTTY
There, now you know three ways of generating SFTP private key files.
Get Your Free Trial
Would you like to try this yourself? JSCAPE MFT Server is platform-agnostic and can be installed on Microsoft Windows, Linux, Mac OS X and Solaris, and can handle any file transfer protocol as well as multiple protocols from a single server. Additionally, JSCAPE enables you to handle any file type, including batch files and XML. Download your free 7-day trial of JSCAPE MFT Server now.
Download JSCAPE MFT Server TrialRelated Content
Setting Up SFTP Public Key Authentication On The Command Line
What Port Does SFTP Use?
Guide On How To Set Up An SFTP Server
How To Automatically Transfer Files From SFTP To Azure Blob Storage
As an expert in the field of secure file transfer protocols and server administration, I have a comprehensive understanding of the concepts discussed in the article by John Carl Villanueva, dated December 11, 2022. Public key authentication in the context of SSH FTP (SFTP) is a crucial aspect of securing file transfers, and I will delve into the details of the two options presented for generating an SFTP private key file using the JSCAPE MFT Server.
1. Public Key Authentication in SFTP: Public key authentication is a method that allows the JSCAPE MFT Server to verify a user's identity during login by requesting a secret item possessed only by the user—an SFTP private key file (SSH key). This approach, in conjunction with a username and passphrase, provides a two-factor authentication mechanism, enhancing the overall security of the file transfer process.
2. Key Generation via JSCAPE MFT Server: The article outlines two locations where an SFTP private key file can be generated: the Key Manager accessible through the JSCAPE MFT Server Manager (for server admins) and the JSCAPE MFT Server Web User Interface (for users with a server account).
a. Obtaining via Key Manager:
- Access the Key Manager through the JSCAPE MFT Server Manager.
- Navigate to the Client Keys tab and click the Generate button.
- Complete the Generate Client Key dialog with information such as key alias, algorithm (RSA or DSA), key length, validity, common name, organization details, etc.
- Specify the file name in PEM format and set a password for additional security.
-
Save the file, ensuring it is securely delivered to the user for login.
b. Obtaining via User Web UI:
- Log in to JSCAPE MFT Server through the Web User Interface.
- Access My Account and navigate to Public Key Authentication.
- Click Generate Key Pair, choose encryption type and length, select PEM for file type, and optionally set a password.
-
Save the downloaded private key file in a secure location known only to the user.
c. Bonus Tip - Third-Party Software:
- Users can generate their SFTP private keys using third-party software like PuTTYGen.
- Users send the generated keys to the server admin, who imports them into the Key Manager and binds them with a user account.
3. Security Considerations:
- Emphasizes the importance of saving private key files in PEM format for compatibility with SFTP public key authentication.
- Recommends avoiding email for transferring keys due to security concerns, suggesting alternative secure methods such as burning to CD or copying to a USB drive.
4. Additional Resources:
- Provides a bonus tip on another method for users to generate SFTP private keys using third-party software, specifically PuTTYGen.
- Encourages readers to explore JSCAPE MFT Server through a free trial, highlighting its platform-agnostic nature and versatility in handling various file transfer protocols.
In conclusion, the article provides a comprehensive guide on SFTP private key generation, catering to both server administrators and users, and underscores the significance of secure practices in the process.
