Skip to main content

Authentication

What are SSH Keys?

SSH keys are a secure way to prove your identity to a remote server without using a password. They work as a lock-and-key system: you generate a key pair consisting of a public key (the lock, which you place on the server) and a private key (the key, which stays on your computer). When your system connects, the server checks that your private key matches the public key on file — if it does, you're granted access.

SSH keys are more secure than passwords for automated file transfers because they can't be guessed or brute-forced, and they don't need to be typed or stored in scripts as plain text.

Overview

SFTP supports password and SSH key authentication. SSH key authentication is the recommended method for automated, unattended connections.

SSH Key Authentication

SSH / OpenSSH (Linux and macOS)

  1. Set the private key file to read-only:
chmod 400 {key.pem}
  1. Connect to the server:
ssh -i {key.pem} {username}@{server_ip}

On first connection you will see a host authenticity prompt:

The authenticity of host '{server_ip}' can't be established.
ECDSA key fingerprint is SHA256:...
Are you sure you want to continue connecting (yes/no)?

Type yes to accept the host key and add it to your ~/.ssh/known_hosts file.

PuTTY (Windows)

PuTTY requires the private key in its own .ppk format. Use PuTTYgen to convert a .pem file:

  1. Open PuTTYgen.
  2. Under Type of key to generate, select RSA.
  3. Click Load. Change the file filter from PuTTY Private Key Files (*.ppk) to All Files (*.*).
  4. Select your .pem file and click Open.
  5. Click Save private key. When prompted about a passphrase, you may save without one for unattended use.
  6. Save the file with a .ppk extension.

Use the resulting .ppk file when configuring PuTTY or any Windows client that relies on PuTTY-format keys.

WinSCP (Windows)

  1. Open WinSCP and click New Site.
  2. Set File protocol to SFTP.
  3. Enter the Host name and set Port number to 22.
  4. Enter the User name.
  5. Click Advanced > SSH > Authentication.
  6. Under Private key file, select your .ppk file.
  7. Click OK, then Login.

Transmit (macOS)

Transmit is a macOS SFTP client that supports SSH key authentication. When creating a new connection, select the SFTP protocol and provide your private key file in the authentication settings.

Best Practices

  • Store the private key in ~/.ssh -- Keep private keys in the standard SSH directory for your operating system.
  • Never share private keys -- Treat the private key like a password. Do not email it, store it in version control, or paste it into chat.
  • Set read-only permissions -- Use chmod 400 on Linux/macOS. On Windows, restrict the file's ACL so only your user account has read access. See SFTP Troubleshooting for Windows permission commands.
  • Use a passphrase when practical -- A passphrase-protected key adds a second layer of security for interactive sessions.

Need help? Contact the eCourtDate team at help@ecourtdate.com.