This guide contains a description of setting up public key authentication for use with WinSCP. You may want to learn more about public key authentication or SSH keys instead.
- Create an SSH key. From Tools, select Create or Import SSH Keys. From the PuTTY Key Generator dialog, click the Generate button. As the SSH key generates, hover your mouse over the blank area in the dialog. It may take a minute or two. When SSH key generation is complete, you see the public key and a few other fields.
- Generate an SSH key pair. If you do not have an existing SSH key pair, generate a new one. Open a terminal. Type ssh-keygen -t followed by the key type and an optional comment. This comment is included in the.pub file that’s created. You may want to use an email address for the comment. For example, for ED25519.
To generate SSH keys in macOS, follow these steps: Enter the following command in the Terminal window. Ssh-keygen -t rsa. This starts the key generation process. When you execute this command, the ssh-keygen utility prompts you to indicate where to store the key. Press the ENTER key to accept the default location.
- Configure Server to Accept Public Key
Advertisement
Before starting you should:
- Have WinSCP installed;
- Know how to connect to the server without public key authentication.
If you do not have a key pair yet, start with generating new key pair.
Connect to your SSH server using WinSCP with the SSH protocol, using other means of authentication than public key, e.g. typically using password authentication.
Once logged in, configure your server to accept your public key. That varies with SSH server software being used. The most common SSH server is OpenSSH.
You can use Session > Install Public Key into Server command on the main window, or Tools > Install Public Key into Server command on SSH > Authentication page page on Advanced Site Settings dialog. The functionality of the command is similar to that of OpenSSH ssh-copy-id command.
Or you can configure the key manually:
- Navigate into a
.sshsubdirectory of your account home directory. You may need to enable showing hidden files to see the directory. If the directory does not exists, you need to create it first. - Once there, open a file
authorized_keysfor editing. Again you may have to create this file, if this is your first key. - Switch to the PuTTYgen window, select all of the text in the Public key for pasting into OpenSSH authorized_keys file box, and copy it to the clipboard (
Ctrl+C). Then, switch back to the editor and insert the data into the open file, making sure it ends up all on one line. Save the file. WinSCP can show you the public key too. - Ensure that your account home directory, your
.sshdirectory and fileauthorized_keysare not group-writable or world-writable. Recommended permissions for.sshdirectory are700. Recommended permissions forauthorized_keysfiles are600. Read more about changing permissions.
There are some specifics when setting up the public key authentication on OpenSSH server on Windows.
- Save a public key file from PuTTYgen, and copy that into the
.ssh2subdirectory of your account home directory. - In the same subdirectory, edit (or create) a file called
authorization. In this file you should put a line likeKey mykey.pub, withmykey.pubreplaced by the name of your key file.
For other SSH server software, you should refer to the manual for that server.
When configuring session, specify path to your private key on SSH > Authentication page of Advanced Site Settings dialog.
Alternatively, load the private key into Pageant.
Cloud providers have typically their own mechanism to setup a public key authentication to virtual servers running in the cloud.
Generate An Ssh Key Mac
For details see guides for connecting to:
- Amazon EC2;
- Google Compute Engine;
- Microsoft Azure.
How To Generate An Ssh Key On Windows
- Using public keys for authentication;
- Using PuTTYgen;
- Understanding SSH key pairs.