TracCloud: SSH Keys for SFTP Authentication

From Redrock Wiki

Revision as of 15:38, 28 May 2024 by Redrock (talk | contribs)

Using SSH Keys for SFTP Authentication

By default, Redrock will provide a single username and password to access your campus SFTP directory. If you would prefer to authenticate using SSH keys, we'll simply need a copy of your public SSH-RSA key to install on our end. We've included basic instructions below for creating a key pair with a simple CLI tool and logging into the SFTP site using WinSCP. This isn't the only method to accomplish this, there are multiple ways to generate SSH-RSA keys (using rsa-sha2-256 or rsa-sha2-512 algorithm) and many FTP clients available.

Generating a key pair

Using MacOS or Linux, run the ssh-keygen command in a terminal. Passphrase should be left blank. Both your private and public key can be found in ~/.ssh (by default). This will generate a 3072-bit pair. If you would prefer to generate a larger key, you can use the -b option. For example, ssh-keygen -b 4096. Click here to view instructions for Windows (ssh.com)

2631262.png

id_rsa is your private key, which should not be shared.

id_rsa.pub is your public key, which should be provided to Redrock Software.


SFTP Clients

After Redrock Software receives your public key(s), you can login using your preferred SFTP client. WinSCP is a common choice, which is shown as an example below.

Edit your site configuration.

6447724.png

7754403.png

Locate the SSH settings and select your private key.

5471934.png

Some SFTP clients (such as WinSCP) may require that the private key be in a PuTTY format. For WinSCP, you can follow the on-screen instructions to convert the key and use the new .ppk file instead. This does not require changing your public key.

7664159.png

Save your site configuration settings and connect. If you have any trouble, reach out to Redrock Software at helpdesk@go-redrock.com.