Set up SSH public key authentication
This guide contains a description of setting up public key authentication for use with WinSCP. You may want to learn more about public key authentication or SSH keys instead.
- Before Starting
- Generate Key Pair
- Configure Server to Accept Public Key
- Configure WinSCP Session
- Public Key Authentication in Clouds
- Further Reading
Before starting you should:
Generate Key Pair
If you do not have a key pair yet, start with generating new key pair.
Configure Server to Accept Public Key
Connect to your SSH server using WinSCP with the SSH protocol, using other means of authentication than public key, e.g. typically using password authentication.
Once logged in, configure your server to accept your public key. That varies with SSH server software being used. The most common SSH server is OpenSSH.
You can use Session (Tabs) > Install Public Key into Server command on the main window, or Tools > Install Public Key into Server command on SSH > Authentication page page on Advanced Site Settings dialog. The functionality of the command is similar to that of OpenSSH
Or you can configure the key manually:
- Navigate into a
.sshsubdirectory of your account home directory. You may need to enable showing hidden files to see the directory. If the directory does not exist, you need to create it first.
- Once there, open a file
authorized_keysfor editing. Again you may have to create this file, if this is your first key.
- Switch to the PuTTYgen window, select all of the text in the Public key for pasting into OpenSSH authorized_keys file box, and copy it to the clipboard (
Ctrl+C). Then, switch back to the editor and insert the data into the open file, making sure it ends up all on one line. Save the file. WinSCP can show you the public key too.
- Ensure that your account home directory, your
.sshdirectory and file
authorized_keysare not group-writable or world-writable. Recommended permissions for
700. Recommended permissions for
600. Read more about changing permissions.
OpenSSH on Windows
There are some specifics when setting up the public key authentication on OpenSSH server on Windows.
- Save a public key file from PuTTYgen, and copy that into the
.ssh2subdirectory of your account home directory.
- In the same subdirectory, edit (or create) a file called
authorization. In this file you should put a line like
Key mykey.pub, with
mykey.pubreplaced by the name of your key file.
Other SSH Servers
For other SSH server software, you should refer to the manual for that server.
Configure WinSCP Session
When configuring session, specify path to your private key on SSH > Authentication page of Advanced Site Settings dialog.
Alternatively, load the private key into Pageant.
Public Key Authentication in Clouds
Cloud providers have typically their own mechanism to setup a public key authentication to virtual servers running in the cloud.
For details see guides for connecting to: