TracCloud: SSH Keys for SFTP Authentication: Difference between revisions

By default, Redrock will provide a single username and password to access your campus SFTP directory. If you would prefer to authenticate using SSH keys, we'll simply need a copy of your public key to install on our end. We've included basic instructions below for creating a key pair with a simple CLI tool and logging into the SFTP site using WinSCP. This isn't the only method to accomplish this, there are multiple ways to generate key pairs and many FTP clients available.

Generating a key pair

Using Linux or MacOS, run the ssh-keygen -t ecdsa command in a terminal. Passphrase should be left blank. To create a key longer than the default (256 bits), append -b 384 or -b 521 to your command. Both your private and public key can be found in ~/.ssh (by default). If you're connecting to our SFTP server using OpenSSH 8.8 or later, an ECDSA key is required. For 8.7 and earlier, an RSA key can be used if you prefer. Click here to view instructions for Windows (ssh.com). Like with Linux & MacOS, you should generate an ECDSA key with PuTTY.

id_ecdsa is your private key, which should not be shared.

id_ecdsa.pub is your public key, which should be provided to Redrock Software.

SFTP Clients

After Redrock Software receives your public key(s), you can login using your preferred SFTP client. WinSCP is a common choice, which is shown as an example below.

Edit your site configuration.

Locate the SSH settings and select your private key.

Some SFTP clients (such as WinSCP) may require that the private key be in a PuTTY format. For WinSCP, you can follow the on-screen instructions to convert the key and use the new .ppk file instead. This does not require changing your public key.

Save your site configuration settings and connect. If you have any trouble, reach out to Redrock Software at helpdesk@go-redrock.com.