Setup Sftp to Use Public-Key Authentication

Setup SFTP to use public-key authentication

In the client you need to generate its public key and add it to server's authorized key list.

The following are the commands you can use.

On client machine

ssh-keygen -t dsa -f id_dsa
mv id_dsa* ~/.ssh/
scp ~/.ssh/id_dsa.pub USER_NAME@SERVER:~/.ssh/HOST_NAME.key

On the server

cat ~/.ssh/HOST_NAME.key >> ~/.ssh/authorized_keys2

How to Setup SFTP with Publickey and Password on Ubuntu

The problem you are experiencing is due to file and owner permissions of the user's home folder.

chown root:root /home/username
chmod 755 /home/username

How to use SFTP connection with key file using C# and .NET

Probably every SFTP/SSH library supports public key authentication.

For example:

• SSH.NET (NuGet package):

  var privateKey = new PrivateKeyFile(@"C:\some\path\key.pem");
  var client = new SftpClient("example.com", "username", new[] { privateKey });
  client.Connect();
  

  If the private key is encrypted:

  var privateKey = new PrivateKeyFile(@"C:\some\path\key.pem", "passphrase");
  

• WinSCP .NET assembly (NuGet package):

  SessionOptions sessionOptions = new SessionOptions
  {
      Protocol = Protocol.Sftp,
      HostName = "example.com",
      UserName = "username",
      SshHostKeyFingerprint = "ssh-rsa 2048 ...=",
      SshPrivateKeyPath = @"C:\some\path\key.ppk",
  };
  
  using (Session session = new Session())
  {
      session.Open(sessionOptions);
  
      // Your code
  }
  

  WinSCP needs the key converted to PPK format (You can use WinSCP GUI for that, or PuTTYgen). Also note that WinSCP verifies the SSH host key (SshHostKeyFingerprint). SSH.NET fails to do that by default, what is a security flaw.

  If the private key is encrypted, add PrivateKeyPassphrase or SecurePrivateKeyPassphrase.

  WinSCP GUI can generate a code template for you.

  (I'm the author of the library)

Java program to get a file on SFTP server using public key authentication and proxy server

The most commonly used Java SSH library is JSch, which supports both public key authentication and HTTP proxy:

• How to transfer a file using a proxy with JSch library
• Can we use JSch for SSH key-based communication?

Combined, the code would be like:

JSch jsch = new JSch();
jsch.addIdentity("/path/to/private/key");
Session session = jsch.getSession("user", "host");
ProxyHTTP  proxy = new ProxyHTTP("proxy", proxyport)
proxy.setUserPasswd("proxyusername", "proxypassword");
session.setProxy(proxy);
session.connect();

For downloading a file, see:

How to retrieve a file from a server via SFTP?

You will have to verify server host key as well.

Public/Private key authentication for Ruby Net::SFTP

Net::SFTP.start passes its options hash directly to Net::SSH.start, so we should look to its documentation. It lists three options that look relevant:

• :keys => an array of file names of private keys to use for publickey and hostbased authentication
• :key_data => an array of strings, with each element of the array being a raw private key in PEM format.
• :keys_only => set to true to use only private keys from keys and key_data parameters, even if ssh-agent offers more identities. This option is intended for situations where ssh-agent offers many different identites.

The answer to a related question suggests that you may need to use all three:

Net::SFTP.start(ftp_host, user,
  key_data: [],
  keys: "tmp/some-certs/privatekey.pem",
  keys_only: true)

If you want to use the raw key data from the SOME_PRIVATE_KEY environment variable instead, it ought to look like this:

Net::SFTP.start(ftp_host, user,
  key_data: [ ENV["SOME_PRIVATE_KEY"] ],
  keys: [],
  keys_only: true)

---

Related Topics