Differences
This shows you the differences between the selected revisions of the page.
| guide_public_key 2022-02-19 | guide_public_key 2026-03-26 (current) | ||
| Line 1: | Line 1: | ||
| - | |||
| ====== Set up SSH public key authentication ====== | ====== Set up SSH public key authentication ====== | ||
| //This guide contains a description of setting up public key authentication for use with WinSCP. You may want to learn more about [[public_key|public key authentication]] or [[ssh_keys|SSH keys]] instead//. | //This guide contains a description of setting up public key authentication for use with WinSCP. You may want to learn more about [[public_key|public key authentication]] or [[ssh_keys|SSH keys]] instead//. | ||
| Line 19: | Line 18: | ||
| ==== [[configure_openssh]] OpenSSH ==== | ==== [[configure_openssh]] OpenSSH ==== | ||
| - | You can use //Session > Install Public Key into Server// command on the main window, or //Tools > Install Public Key into Server// command on //[[ui_login_authentication|SSH > Authentication page]]// page on Advanced Site Settings dialog. The functionality of the command is similar to that of OpenSSH ''[[https://linux.die.net/man/1/ssh-copy-id|ssh-copy-id]]'' command. | + | You can use //Session (Tabs) > Install Public Key into Server// command on the main window, or //Tools > Install Public Key into Server// command on //[[ui_login_authentication|SSH > Authentication page]]// page on Advanced Site Settings dialog. The functionality of the command is similar to that of [[&man_ref(1,ssh-copy-id)|OpenSSH ''ssh-copy-id'' script]].((WinSCP also has a [[commandline#copyid|command-line equivalent]].)) |
| Or you can configure the key manually: | Or you can configure the key manually: | ||
| - | * Navigate into a ''.ssh'' subdirectory of your account home directory. You may need to enable [[ui_pref_panels#common|showing hidden files]] to see the directory. If the directory does not exists, you need to [[task_create_directory|create it]] first. | + | * Navigate into a ''.ssh'' subdirectory of your account home directory. You may need to enable [[ui_pref_panels#common|showing hidden files]] to see the directory. If the directory does not exist, you need to [[task_create_directory|create it]] first. |
| * Once there, open a file ''authorized_keys'' for [[task_edit|editing]]. Again you may have to create this file, if this is your first key. | * Once there, open a file ''authorized_keys'' for [[task_edit|editing]]. Again you may have to create this file, if this is your first key. | ||
| * Switch to the [[ui_puttygen|PuTTYgen]] window, select all of the text in the //[[ui_puttygen#authorized_keys|Public key for pasting into OpenSSH authorized_keys file]]// box, and copy it to the clipboard (''Ctrl+C''). Then, switch back to the editor and insert the data into the open file, making sure it ends up all on one line. Save the file. WinSCP can [[ui_login_authentication#private_key_tools|show you the public key]] too. | * Switch to the [[ui_puttygen|PuTTYgen]] window, select all of the text in the //[[ui_puttygen#authorized_keys|Public key for pasting into OpenSSH authorized_keys file]]// box, and copy it to the clipboard (''Ctrl+C''). Then, switch back to the editor and insert the data into the open file, making sure it ends up all on one line. Save the file. WinSCP can [[ui_login_authentication#private_key_tools|show you the public key]] too. | ||
| * Ensure that your account home directory, your ''.ssh'' directory and file ''authorized_keys'' are not group-writable or world-writable. Recommended permissions for ''.ssh'' directory are ''700''. Recommended permissions for ''authorized_keys'' files are ''600''. Read more about [[task_properties|changing permissions]]. | * Ensure that your account home directory, your ''.ssh'' directory and file ''authorized_keys'' are not group-writable or world-writable. Recommended permissions for ''.ssh'' directory are ''700''. Recommended permissions for ''authorized_keys'' files are ''600''. Read more about [[task_properties|changing permissions]]. | ||
| + | |||
| + | If you cannot log in directly with the account yet (e.g., you need to use ''sudo'' to switch to ''root''), you might not be able to use WinSCP to set up the key.((Although WinSCP can, with some limitations, [[faq_su|change user after login]], this is unlikely to work at this stage.)) In this case, set up the key using shell commands that replicate the procedure above. | ||
| ==== OpenSSH on Windows ==== | ==== OpenSSH on Windows ==== | ||