Differences
This shows you the differences between the selected revisions of the page.
| guide_public_key 2009-11-22 | guide_public_key 2026-03-26 (current) | ||
| Line 1: | Line 1: | ||
| - | ====== Set up public key authentication ====== | + | ====== Set up SSH public key authentication ====== |
| - | //This guide contains description of setting up public key authentication for use with WinSCP.// | + | //This guide contains a description of setting up public key authentication for use with WinSCP. You may want to learn more about [[public_key|public key authentication]] or [[ssh_keys|SSH keys]] instead//. |
| + | |||
| + | ===== Before Starting ===== | ||
| Before starting you should: | Before starting you should: | ||
| Line 6: | Line 8: | ||
| * [[guide_connect|Know how to connect to the server without public key authentication]]. | * [[guide_connect|Know how to connect to the server without public key authentication]]. | ||
| - | ===== Generate Key Pair ===== | + | ===== [[generate]] Generate Key Pair ===== |
| If you do not have a key pair yet, start with [[public_key#generate|generating new key pair]]. | If you do not have a key pair yet, start with [[public_key#generate|generating new key pair]]. | ||
| - | ===== Configure Server to Accept Public Key ===== | + | ===== [[server]] Configure Server to Accept Public Key ===== |
| - | Connect to your SSH server using WinSCP with the SSH protocol, using other means of authentication than public key, e.g. typically using password authentication. | + | Connect to your SSH server using WinSCP with the %%SSH%% protocol, using other means of authentication than public key, e.g. typically using password authentication. |
| - | Once logged in, configure your server to accept your public key. That varies with SSH server software being used: | + | Once logged in, configure your server to accept your public key. That varies with %%SSH%% server software being used. The most common %%SSH%% server is OpenSSH. |
| - | ==== OpenSSH ==== | + | ==== [[configure_openssh]] OpenSSH ==== |
| - | [[task_navigate|Navigate]] into the ''.ssh'' subdirectory of your account home directory. You may need to enable [[ui_pref_panels#common_options|showing hidden files]] to see the directory. If the directory does not exists, you need to [[task_create_directory|create it]] first. | + | |
| - | Once there, open the file ''authorized_keys'' for [[task_edit|editing]] ((In earlier versions of OpenSSH 2 the file might be called ''authorized_keys2''.)). Again you may have to create this file if this is the first key you have put in it. | + | You can use //Session (Tabs) > Install Public Key into Server// command on the main window, or //Tools > Install Public Key into Server// command on //[[ui_login_authentication|SSH > Authentication page]]// page on Advanced Site Settings dialog. The functionality of the command is similar to that of [[&man_ref(1,ssh-copy-id)|OpenSSH ''ssh-copy-id'' script]].((WinSCP also has a [[commandline#copyid|command-line equivalent]].)) |
| - | Then switch to the [[ui_puttygen|PuTTYgen]] window, select all of the text in the //[[ui_puttygen#authorized_keys|Public key for pasting into authorized_keys file]]// box, and copy it to the clipboard (''Ctrl+C''). Then, switch back to the editor and insert the data into the open file, making sure it ends up all on one line. Save the file. | + | Or you can configure the key manually: |
| + | |||
| + | * Navigate into a ''.ssh'' subdirectory of your account home directory. You may need to enable [[ui_pref_panels#common|showing hidden files]] to see the directory. If the directory does not exist, you need to [[task_create_directory|create it]] first. | ||
| + | * Once there, open a file ''authorized_keys'' for [[task_edit|editing]]. Again you may have to create this file, if this is your first key. | ||
| + | * Switch to the [[ui_puttygen|PuTTYgen]] window, select all of the text in the //[[ui_puttygen#authorized_keys|Public key for pasting into OpenSSH authorized_keys file]]// box, and copy it to the clipboard (''Ctrl+C''). Then, switch back to the editor and insert the data into the open file, making sure it ends up all on one line. Save the file. WinSCP can [[ui_login_authentication#private_key_tools|show you the public key]] too. | ||
| + | * Ensure that your account home directory, your ''.ssh'' directory and file ''authorized_keys'' are not group-writable or world-writable. Recommended permissions for ''.ssh'' directory are ''700''. Recommended permissions for ''authorized_keys'' files are ''600''. Read more about [[task_properties|changing permissions]]. | ||
| + | |||
| + | If you cannot log in directly with the account yet (e.g., you need to use ''sudo'' to switch to ''root''), you might not be able to use WinSCP to set up the key.((Although WinSCP can, with some limitations, [[faq_su|change user after login]], this is unlikely to work at this stage.)) In this case, set up the key using shell commands that replicate the procedure above. | ||
| + | |||
| + | ==== OpenSSH on Windows ==== | ||
| + | |||
| + | There are some specifics when setting up the [[guide_windows_openssh_server#key_authentication|public key authentication on OpenSSH server on Windows]]. | ||
| ==== ssh.com ==== | ==== ssh.com ==== | ||
| - | [[ui_puttygen#saving_public|Save a public key file]] from [[ui_puttygen|PuTTYgen]], and copy that into the ''.ssh2'' subdirectory of your account home directory. In the same subdirectory, [[task_edit|edit]] (or create) a file called ''authorization''. In this file you should put a line like ''Key mykey.pub'', with ''mykey.pub'' replaced by the name of your key file. | + | |
| + | * [[ui_puttygen#saving_public|Save a public key file]] from [[ui_puttygen|PuTTYgen]], and copy that into the ''.ssh2'' subdirectory of your account home directory. | ||
| + | * In the same subdirectory, [[task_edit|edit]] (or create) a file called ''authorization''. In this file you should put a line like ''Key mykey.pub'', with ''mykey.pub'' replaced by the name of your key file. | ||
| ==== Other SSH Servers ==== | ==== Other SSH Servers ==== | ||
| - | For other SSH server software, you should refer to the manual for that server. | + | For other %%SSH%% server software, you should refer to the manual for that server. |
| - | ==== Permissions ==== | + | ===== [[winscp]] Configure WinSCP Session ===== |
| - | You may also need to ensure that your account home directory, your ''.ssh'' directory, and any other files involved (such as ''authorized_keys'', ''authorized_keys2''; or ''authorization'') are not group-writable or world-writable. | + | When configuring session, specify path to your private key on //[[ui_login_authentication|SSH > Authentication page]]// of Advanced Site Settings dialog. |
| - | Read more about [[task_properties|changing permissions]] | + | Alternatively, load the private key into [[ui_pageant|Pageant]]. |
| - | ===== Configure WinSCP Session ===== | + | ===== Public Key Authentication in Clouds ===== |
| - | When configuring session, specify path to your private key on //[[ui_login_session#session_group|Session tab]]// of Login dialog. | + | |
| - | Alternatively, load the private key into [[public_key|Pageant]]. | + | Cloud providers have typically their own mechanism to setup a public key authentication to virtual servers running in the cloud. |
| - | ===== Further Reading ===== | + | For details see guides for connecting to: |
| - | * [[public_key|Using Public Keys for Authentication]]; | + | |
| - | * [[ui_puttygen|Using PuTTYgen]]. | + | |
| + | * [[guide_amazon_ec2|Amazon EC2]]; | ||
| + | * [[guide_google_compute_engine|Google Compute Engine]]; | ||
| + | * [[guide_microsoft_azure|Microsoft Azure]]. | ||
| + | |||
| + | ===== Further Reading ===== | ||
| + | * [[public_key|*]]; | ||
| + | * [[ui_puttygen|*]]; | ||
| + | * [[ssh_keys|*]]. | ||