Sun, 29 Aug 2010

Connect to SFTP server with public-key authentication

Transfer files smart; transfer files SFTP

For years I used a local FTP server to distribute alpha and beta versions of my software to testers. But with the steady increase of NATs and firewalls FTP became slightly annoying, because of its multiple connections. As I use FreeBSD for my server anyway it was a simple choice to replace FTP with SFTP because it only uses one connection.

The negative aspect of using SFTP is the lack of readily available clients for end-users. FTP is incorporated into all browsers, so it’s easy for them to use because they know their way around their browser. Mostly. Using SFTP, however, requires them to to download, install and get comfortable with another piece of software.

Authentication is another negative. Because SFTP is SSH, it’s a wonderful target for anyone trying to break into your system. So I decided to go with public/private-key authentication (Actually, not until tailing my logfile wasn’t enough because of thousands of failed login-attempts in a short period of time). End-user-friendly? Nope!

So each and every time I give someone access to the server or someone switches operating systems I need to hold their hands and guide them through the process on how to connect. That’s why I write this, to end that once and for all.


Required Software

Download and install the following software:

The Key

PuTTYgen is used to generate the private/public-key pair.

(1) Generate a new key. Move your mouse wildly but without destroying anything. ;P

(2) Choose a pass-phrase to secure the newly created key. You will need to enter this every time you load the key in Pageant.

(3) Save the private key to a file and remember its location. This key needs to be added to Pageant’s key-ring. (see below) You may also save the public key for backup-purposes.

(4) This text-box contains the public key. It is this very key that needs to be sent to the server’s administrator so that he can authorise you for accessing the server. Alternatively the public key can be saved to a file (see (3)) which then can be sent to the administrator. The result is the same. It only depends on the means of communication and which way is more convenient for you.

Finally add the key to Pageant. Right-click Pageant in your system-tray and select Add Key to add your private key to its key-ring.

Setting up the keys is hereby done. Continue to Configure FileZilla

Unix-like (FreeBSD, Linux, Mac OS X)

Required Software

Unless you are using some obscure Linux-distribution or some other strangely configured system, all you need to do is installing FileZilla, because everything else is already installed. Download the client for Mac OS X from here. On FreeBSD use the ports- or package- collection and on Linux use your favourite package manager.

The Key

Open up your terminal.

Firstly, check if you don’t already have a public/private-key pair:

$ ls ~/.ssh/

If ls cannot find the file, there is no key and a new one needs to be created:

$ ssh-keygen

Accept the default path for the key and enter a pass-phrase to protect your private key. You need to enter this phrase every time ssh-agent loads the key, which depends on your configuration, but usually means: only when the key is needed and after restarting the computer.

Now that there is a valid key-file, the key within it or the file itself needs to be sent to the server’s administrator.

Configure FileZilla

Start FileZilla and open the SiteManager:

Create a New Site (1) and enter the appropriate information:

(2) & (5) Enter the hostname, optional port and username as required by the server you want to connect to.

(3) Set the server-type to SFTP (surprise, eh?)

(4) Change the logon-type to Interactive so that FileZilla asks for the key from Pageant (Windows) or ssh-agent (Unix-like)

If you are running Windows make sure that Pageant is running before trying to connect.

You may connect now!

  1. Part of PuTTY-Suite. Download the installer here. [return]

Enable Javascript to see comments