How to Set Up a Public Key Authentication for SFTP. In this post, we introduce the SSH server, and its working principle then walk you through the process of setting up a public key authentication for SFTP.
SFTP offers a public key authentication for ssh client authentication. Using this method users log in to the SFTP service without providing a password authentication. System administrators often use this setup for file transfer automation.
OpenSSH server is quite simple to install and supports a private key and a public key for authentication between two hosts. It is compatible with several platforms, such as Linux, Unix based systems, and even Windows. For secure communications and file transfers, the tool also provides strong encryption algorithms. The encryption and authentication options protect the confidentiality of your data during rest or transmission over an unsecured network.
It also comes with port forwarding and tunnelling capabilities that help access remote services and resources without getting exposed to security risks. Even create remote backups and exchange files securely between two hosts. It offers robust security, several authentication options, and other features for secure file transfers and remote access. Additionally, visit the active community support via security web forums.
The server daemon and client tools provided by OpenSSH effectively replace the legacy technologies by enabling secure, encrypted remote control and file transfer activities. SSH open source version is available as a source code in the form of precompiled binaries under a BSD license. End user assistance is not offered by the project team, however, community based support is offered via a number of security web forums (on a voluntary basis).
Here is a quick overview of how the OpenSSH server operates.
First and foremost, as and when a client tries to establish a connection with the OpenSSH server, the server uses different authentication techniques to verify the client’s identity. It may use a public key authentication technique, password based authentication, or certificate based authentication to cross check the user’s identity.
Once the tool verifies the client’s identity, an encrypted communication channel is established between the server and the client based on the type of client tool connecting. Let’s say, the remote computer gets connected via the ssh client application, after verifying the client identity, the OpenSSH server establishes a remote control session. Similarly, if the connection is established with SCP, after authentication, a secure file transfer between the server and client is started by the OpenSSH server daemon.
The encryption ensures that all your transmissions are secure and safe from tampering or eavesdropping. Next step is setting up a session for the client so that he/she can execute commands on the server or exchange files. This session further allows clients to perform additional remote management operations.
As the OpenSSH server receives a command, it immediately executes on the operating system of the server. After execution, the server forwards the result or output back to the client. Apart from command execution, the server also supports quick file transfers between clients and the server. There are different commands that facilitate secure file transfers.
How to Set Up a Public Key Authentication for SFTP
In this section, we show you how to set up a public key authentication for the SFTP server.
Install SSH Server
Before starting, you need to install an SSH package and set up an SFTP server on the server machine. First, install an SSH package using the following command.
apt install ssh -y
After the SSH package installation, start and enable the SSH service using the following command.
By default, the password based authentication is enabled in your SSH server. So, you need to enable the key-based authentication on the SSH server.
Go to the SFTP server and edit the SSH main configuration file.
nano /etc/ssh/sshd_config
Change the following lines.
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
Save and close the file when you are done. Then restart the SSH service to implement the changes.
systemctl restart ssh
Verify SFTP Public Key Authentication
At this point, the SFTP server is configured to connect using the public key. Now, its time to test it. On the client machine, open the FileZillaFTP client and create a new connection. See the following screen.
Provide your SFTP server IP, port, username then click on the Connect button. You will be connected to the SFTP server without password as shown below.
SFTP also allows you to connect your SFTP server via command line without providing a password. To do so, open your terminal interface and run the following command.
sftp user1@your-sftp-ip
After the successful key-based authentication, you will get into the SFTP shell as shown below.
Now, run the following command to exit from the SFTP shell.
How to Set Up a Public Key Authentication for SFTP Conclusion
In this post, we have set up an SFTP server and created an SFTP user. We also created an SSH key on the client machine and transfer it to the SFTP server for key-based authentication. Then, we verify the SFTP public key authentication via the FileZilla FTP client.
SFTP works in a client server architecture and uses public key authentication to protect data from fraudsters. With the help of SFTP, organizations securely exchange data across different systems over a reliable network connection. If you are looking for a protocol that maintains the confidentiality of your data during transfers, we recommend SFTP.
I am a fan of open source technology and have more than 10 years of experience working with Linux and Open Source technologies. I am one of the Linux technical writers for Cloud Infrastructure Services.
00votes
Article Rating
Subscribe
Login and comment with
I allow to create an account
When you login first time using a Social Login button, we collect your account public profile information shared by Social Login provider, based on your privacy settings. We also get your email address to automatically create an account for you in our website. Once your account is created, you'll be logged-in to this account.
DisagreeAgree
Login and comment with
I allow to create an account
When you login first time using a Social Login button, we collect your account public profile information shared by Social Login provider, based on your privacy settings. We also get your email address to automatically create an account for you in our website. Once your account is created, you'll be logged-in to this account.