Differences
This shows you the differences between the selected revisions of the page.
| guide_public_key 2019-09-14 | guide_public_key 2023-12-06 (current) | ||
| Line 1: | Line 1: | ||
| ====== Set up SSH public key authentication ====== | ====== Set up SSH public key authentication ====== | ||
| - | //This guide contains description of setting up public key authentication for use with WinSCP. You may want to learn more about [[public_key|public key authentication]] or [[ssh_keys|SSH keys]] instead//. | + | //This guide contains a description of setting up public key authentication for use with WinSCP. You may want to learn more about [[public_key|public key authentication]] or [[ssh_keys|SSH keys]] instead//. |
| ===== Before Starting ===== | ===== Before Starting ===== | ||
| Line 11: | Line 11: | ||
| If you do not have a key pair yet, start with [[public_key#generate|generating new key pair]]. | If you do not have a key pair yet, start with [[public_key#generate|generating new key pair]]. | ||
| - | ===== Configure Server to Accept Public Key ===== | + | ===== [[server]] Configure Server to Accept Public Key ===== |
| Connect to your SSH server using WinSCP with the %%SSH%% protocol, using other means of authentication than public key, e.g. typically using password authentication. | Connect to your SSH server using WinSCP with the %%SSH%% protocol, using other means of authentication than public key, e.g. typically using password authentication. | ||
| Line 18: | Line 18: | ||
| ==== [[configure_openssh]] OpenSSH ==== | ==== [[configure_openssh]] OpenSSH ==== | ||
| - | You can use //Session > Install Public Key into Server// command on the main window, or //Tools > Install Public Key into Server// command on //[[ui_login_authentication|SSH > Authentication page]]// page on Advanced Site Settings dialog. The functionality of the command is similar to that of OpenSSH ''[[https://linux.die.net/man/1/ssh-copy-id|ssh-copy-id]]'' command. | + | You can use //Session (Tabs) > Install Public Key into Server// command on the main window, or //Tools > Install Public Key into Server// command on //[[ui_login_authentication|SSH > Authentication page]]// page on Advanced Site Settings dialog. The functionality of the command is similar to that of OpenSSH ''[[https://manpages.debian.org/stable/openssh-client/ssh-copy-id.1.en.html|ssh-copy-id]]'' command. |
| Or you can configure the key manually: | Or you can configure the key manually: | ||
| - | * Navigate into a ''.ssh'' subdirectory of your account home directory. You may need to enable [[ui_pref_panels#common|showing hidden files]] to see the directory. If the directory does not exists, you need to [[task_create_directory|create it]] first. | + | * Navigate into a ''.ssh'' subdirectory of your account home directory. You may need to enable [[ui_pref_panels#common|showing hidden files]] to see the directory. If the directory does not exist, you need to [[task_create_directory|create it]] first. |
| * Once there, open a file ''authorized_keys'' for [[task_edit|editing]]. Again you may have to create this file, if this is your first key. | * Once there, open a file ''authorized_keys'' for [[task_edit|editing]]. Again you may have to create this file, if this is your first key. | ||
| - | * Switch to the [[ui_puttygen|PuTTYgen]] window, select all of the text in the //[[ui_puttygen#authorized_keys|Public key for pasting into authorized_keys file]]// box, and copy it to the clipboard (''Ctrl+C''). Then, switch back to the editor and insert the data into the open file, making sure it ends up all on one line. Save the file. WinSCP can [[ui_login_authentication#private_key_tools|show you the public key]] too. | + | * Switch to the [[ui_puttygen|PuTTYgen]] window, select all of the text in the //[[ui_puttygen#authorized_keys|Public key for pasting into OpenSSH authorized_keys file]]// box, and copy it to the clipboard (''Ctrl+C''). Then, switch back to the editor and insert the data into the open file, making sure it ends up all on one line. Save the file. WinSCP can [[ui_login_authentication#private_key_tools|show you the public key]] too. |
| * Ensure that your account home directory, your ''.ssh'' directory and file ''authorized_keys'' are not group-writable or world-writable. Recommended permissions for ''.ssh'' directory are ''700''. Recommended permissions for ''authorized_keys'' files are ''600''. Read more about [[task_properties|changing permissions]]. | * Ensure that your account home directory, your ''.ssh'' directory and file ''authorized_keys'' are not group-writable or world-writable. Recommended permissions for ''.ssh'' directory are ''700''. Recommended permissions for ''authorized_keys'' files are ''600''. Read more about [[task_properties|changing permissions]]. | ||
| + | |||
| + | ==== OpenSSH on Windows ==== | ||
| + | |||
| + | There are some specifics when setting up the [[guide_windows_openssh_server#key_authentication|public key authentication on OpenSSH server on Windows]]. | ||
| ==== ssh.com ==== | ==== ssh.com ==== | ||
| Line 35: | Line 39: | ||
| For other %%SSH%% server software, you should refer to the manual for that server. | For other %%SSH%% server software, you should refer to the manual for that server. | ||
| - | ===== Configure WinSCP Session ===== | + | ===== [[winscp]] Configure WinSCP Session ===== |
| When configuring session, specify path to your private key on //[[ui_login_authentication|SSH > Authentication page]]// of Advanced Site Settings dialog. | When configuring session, specify path to your private key on //[[ui_login_authentication|SSH > Authentication page]]// of Advanced Site Settings dialog. | ||
| Alternatively, load the private key into [[ui_pageant|Pageant]]. | Alternatively, load the private key into [[ui_pageant|Pageant]]. | ||
| - | ''echo ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSol9EqWv09pCsKLd2vDQAHhanV2wKpFyjxENU3ApFRa9E2YdHFrD8zVw4QklGXpsY04R7RjK3omcc2eraEPuabkOmqd2QkfeWe+ZKV0yaLYCqHydUdZwd9pghWwzDrYNuBO2V2EQsRdEy2kc/IY9mJOnUYqJXB9cqVoDikFZA1ZRKaKGIHtQZXGJEjZ2fww8uFAbyIpsOFmFP/Z03kPc3Q9A19bF9JEKZo1be3kcNs4qsyM9EEwcVb9B36 | + | ===== Public Key Authentication in Clouds ===== |
| + | |||
| + | Cloud providers have typically their own mechanism to setup a public key authentication to virtual servers running in the cloud. | ||
| + | |||
| + | For details see guides for connecting to: | ||
| + | |||
| + | * [[guide_amazon_ec2|Amazon EC2]]; | ||
| + | * [[guide_google_compute_engine|Google Compute Engine]]; | ||
| + | * [[guide_microsoft_azure|Microsoft Azure]]. | ||
| ===== Further Reading ===== | ===== Further Reading ===== | ||
| - | * [[public_key|Using Public Keys for Authentication]]; | + | * [[public_key|*]]; |
| - | * [[ui_puttygen|Using PuTTYgen]]; | + | * [[ui_puttygen|*]]; |
| - | * [[ssh_keys|Understanding SSH Key Pairs]]. | + | * [[ssh_keys|*]]. |