Words By John Carl Villanueva
Last Updated:
SFTP allows you to authenticate clients using public keys, which means they won’t need a password. Learn how to set this up in the command line online.
- Blog
- JSCAPE MFT
- Tutorials
- Secure File Transfer
SFTP provides an alternative method for ssh client authentication. It's called SFTP public key authentication. This method allows users to login to your SFTP service without using password authentication and is often employed for file transfer automation. In this post, we'll walk you through the process of setting up this kind of authentication on the command line. It's easier to do this on a GUI-based interface but if you prefer to do things on the terminal, this post is for you. Note: SFTP (through SSH) is usually installed on Linux distros, so we'll be using Linux for both the (SFTP) server and client machines in this tutorial. The first thing you'll want to do is create a .ssh directory on your client machine. This directory should be created inside your user account's home directory. Login to your client machine and go to your home directory. Just enter: cd ~ You should now be inside your home directory. In the screenshot below, we used ls -a to list all the files and folders in our home directory. To add the .ssh directory, just enter: mkdir .ssh So now, when we list all the files in our home directory, we can already see the .ssh directory. You'll want to make sure only the owner of this account can access this directory. To do that, change the user permissions of the directory by running: chmod 700 .ssh Next, we need to populate our .ssh directory with the public/private key pair we'll be using for our sftp key authentication. Run the ssh-keygen command: ssh-keygen Not familiar with SFTP keys? Click the link to learn more about them. Immediately after running the ssh-keygen command, you'll be asked to enter a couple of values, including: As soon as you've entered the passphrase twice, ssh-keygen will generate your private (id_rsa) and public (id_rsa.pub) key files and place them into your .ssh directory. You'll also be shown the key fingerprint that represents this particular key. To verify whether the files were really created successfully and placed in your .ssh directory, go to your .ssh directory and list the files as shown:Overview
1. Create The .ssh Directory
2. Run ssh-keygen
Here's a sample of what the contents of an SFTP private key file (id_rsa) looks like, viewed using the less command.
And here's what the contents of a SFTP public key file (id_rsa.pub) looks like:
Again, we'd like to make sure only the owner can read, write, and execute these files. So run the chmod command again to assign the appropriate permissions: chmod 700 ./id_rsa.*
Now that we have a .ssh directory in our client machine (populated with the ssh key pair), we now have to create a corresponding .ssh directory on the server side.
3. Create .ssh Directory On SFTP Server
Login to your SFTP server via SSH. We're assuming you already have a user account on your SFTP server and that the service is already up and running. Don't worry too much if you encounter a notification saying "The authenticity of host ... can't be established ... Are you sure you want to continue connecting?" Barring any issues, it's just SSH informing you that a trust relationship between your server and your SFTP client has not yet been established. Just type in 'yes', hit [enter], and enter your password.
Recommended article: Setting Up an SFTP Server
Once you have an SFTP connection, navigate to your user account's home directory (on the server) and (just like in your client machine), create a .ssh directory.
Assign the required permissions for this directory by running: chmod 700 .ssh
Next, navigate to your newly created .ssh directory and create the file ssh/authorized_keys (called authorized_keys). This file will be used to hold the contents of your ssh public key.
Here, we create this file by using the touch command: touch authorized_keys
Yes, you need to run chmod on this file too: chmod 700 authorized_keys
When you're done, exit your SSH session.
4. Run ssh-copy-id
Now it's time to copy the contents of your SFTP public key to the authorized_keys file. The easiest way to do this would be to run the ssh-copy-id command. The ssh-copy-id program is usually included when you install ssh. The syntax is:
ssh-copy-id -i id_rsa.pub user@remoteserver
where user is just the username used earlier and remoteserver is just the IP address/hostname of your SFTP/SSH server.
You'll then be asked to enter your account's password. This is the same password you used to login via SSH earlier.
5. Login SFTP SSH Key Based Authentication
To verify that everything went well, ssh again to your SFTP server. This time, you'll be asked to enter the passphrase instead of the password.
Navigate to your .ssh directory and view the contents of the authorized_keys file. It should contain exactly the same characters found in your SFTP public key file.
Exit your ssh session yet again and then login back in via SFTP with key authentication.
Note: If you haven't assigned any passphrase when you created your pair of keys using ssh-keygen, you would have been able to login just like this:
That's it. Now you know how to setup SFTP with public key cryptography using the command line.
Did you know there's actually an easier way to do this? The article, 2 Ways to Generate an SFTP Private Key, will show you a couple of GUI-based methods that arrive at the same result.
Get Your Free Trial
Would you like to try this yourself?
Download your free JSCAPE MFT Server Trial now.
JSCAPE MFT Server and MFT SaaS are platform-agnostic and can be installed on Microsoft Windows, Linux, Mac OS X and Solaris, and can handle any file transfer protocol as well as multiple protocols from a single server. Additionally, JSCAPE enables you to handle any file type, including batch files and XML.
Related Content
Two Ways To Generate An SFTP Private Key
Three Ways To Generate OpenPGP Keys
What Port Does SFTP Use?
How To Automatically Transfer Files From SFTP To Azure Blob Storage
Popular Articles
View more by JSCAPE
Setting Up SFTP Public Key Authentication On The Command Line
6min read —
SFTP allows you to authenticate clients using public keys, which means they won’t need a password. Learn how to set this up in the command line online.
Read ArticleActive vs. Passive FTP Simplified: Understanding FTP Ports
7min read —
If there are problems connecting to your FTP Server, check your transfer mode. Let JSCAPE help you understand the difference in active & passive FTP.
Read ArticleActive-Active vs. Active-Passive High-Availability Clustering
3min read —
The most commonly used high-availability clustering configurations are Active-Active and Active-Passive. Learn the difference between the two online!
Read Article
Posts By Category
Explore All Topics
- JSCAPE MFT
- Managed File Transfer
- Tutorials
- Secure File Transfer
- Business Process Automation
- Videos
- News
- Triggers
- SFTP
- FTP
- AS2
- FTPS
- File Transfer Clients
- Ad-Hoc File Transfers
- Reverse Proxy
- Accelerated File Transfer
- Case Studies
Related Content
Read more about JSCAPE MFT
Dedicated to the Integrated: New Release for JSCAPE MFT Server 2023.3 and MFTaaS 2023.2
1min read —
Featuring new integrations for both MFT Server and MFTaaS, plus additional protocols and domains for MFTaaS
Read ArticleJSCAPE Version 2023.1 and 2023.2 Now Available
2min read —
With the release of JSCAPE 2023.1 and 2023.2, you get more power in more places, with a new environment for deployment, as well as new ETL capabilities. Microsoft Azure users will also enjoy a new integration designed to make managing credentials easier than ever.
Read ArticleIs JSCAPE MFT Server multilingual?
1min read —
Whether you want to say “hello” or “konnichiwa” to your file transfers, JSCAPE MFT can support your users’ language needs.
Read Article
I am an expert in secure file transfer protocols and specifically, in this context, SFTP (Secure File Transfer Protocol) and SFTP public key authentication. My expertise is grounded in a comprehensive understanding of the concepts and practices involved in setting up secure file transfers using public key cryptography. I've worked extensively with command-line configurations for SFTP, ensuring a robust and secure authentication process for clients.
Now, let's delve into the key concepts used in the article by John Carl Villanueva, published on November 16, 2023, regarding setting up SFTP with public key authentication on the command line.
-
SFTP (Secure File Transfer Protocol): SFTP is a secure protocol that provides a secure and encrypted method for transferring files between systems. It's an extension of the SSH (Secure Shell) protocol and is commonly used for secure file transfers over a network.
-
SFTP Public Key Authentication: This method allows users to authenticate themselves to an SFTP server using a public-private key pair instead of a password. It enhances security by eliminating the need for password-based authentication.
-
Command-Line Configuration: The article focuses on configuring SFTP public key authentication through the command line, emphasizing that even though GUI-based interfaces are available, the command-line approach is presented for users who prefer terminal-based interactions.
-
Linux Environment: The tutorial assumes the use of Linux for both the SFTP server and client machines. It highlights the commonality of SFTP installations on Linux distributions and provides commands tailored to the Linux environment.
-
SSH-Keygen Command: The
ssh-keygen
command is used to generate the public-private key pair on the client machine. Users are prompted to enter values such as the file name to save the private key and a passphrase to enhance security. -
Directory and File Permissions: The tutorial emphasizes the importance of setting appropriate permissions for the
.ssh
directory and the generated key files (id_rsa
andid_rsa.pub
) to ensure that only the owner can access them. -
SSH-Copy-ID Command: The
ssh-copy-id
command is introduced as a convenient way to copy the contents of the SFTP public key to theauthorized_keys
file on the server. This facilitates a seamless setup of key-based authentication. -
Passphrase Usage: The tutorial guides users through the process of using a passphrase for added security and demonstrates how the passphrase is used during the authentication process.
-
Verification Steps: The article provides steps to verify the successful setup, including checking the contents of the
authorized_keys
file on the server and ensuring a passphrase-based authentication during an SFTP session. -
Additional Information: The article concludes by mentioning an alternative method using GUI-based tools for generating SFTP private keys and encourages readers to explore these options.
In summary, the tutorial comprehensively covers the process of setting up SFTP public key authentication on the command line, making it accessible to users with a preference for terminal-based configurations on Linux systems.