 |
|
|
|
How to use SFTP (with client validation - public key authentication)
|
|
|
|
|
In public key authentication, SSH
clients and servers authenticate each other via public/private
key pairs. Each must have access to their own private key, and they
must have access to
each other's public key (unless server validation is disabled).
The client's public key must be
registered with the SSH server, typically by copying it into the
server's authorized_keys file.
The
client's private key is loaded via SSHFTPClient's setAuthentication
method before calling connect, supplying the full path of the private
key file, the SSH username and the passphrase of the private key file:
Both DSA and RSA keypairs can be
used.
There are no formal standards for
SSH private key files, however three main formats are in
common use. All are supported by edtFTPj/PRO (PuTTY since version 1.5.7).
|
Private Key Type
|
Start of key
|
|
OpenSSH
|
-----BEGIN DSA PRIVATE KEY-----
|
|
SSH.com
|
---- BEGIN SSH2 ENCRYPTED PRIVATE
KEY ----
|
|
PuTTY
|
PuTTY-User-Key-File-2:
|
The format is automatically
detected when the file is loaded.
Note that earlier versions of edtFTPj/PRO (prior to 1.5.7) do not support PuTTY keys, but they can be easily converted into
SSH.COM or OpenSSH formats via PuTTYgen. The PuTTYgen.exe utility can be freely downloaded from
here. It is
a simple GUI application that can generate keypairs, and import and export keys in various formats.
On the File menu item, select Load Private Key and load your PuTTY private key file. You can
optionally enter your key's passphrase (which is advisable – otherwise the converted key will be
saved without a passphrase, which is insecure). Then via Conversions -> Export OpenSSH key you
can export your private key to another file in OpenSSH format (similarly for ssh.com format).