SSH Key Authentication

Using SSH keys to authenticate with SFTP rather than passwords offers increased security, convenience, and efficiency. SSH keys are more difficult to hack than passwords and thus are more secure.

Many organizations use scripts to automate file transfers over SFTP because they want secure transfers. By using SSH keys for authentication with those scripts, you avoid embedding passwords in code that may be shared or checked into a source code repository.

Supported Keys

ExaVault supports rsa and ed25519 key types. Public keys should be provided in OpenSSH format.

Configuring SSH Keys

To associate a public key with a user, the user must first connect using SFTP (with password authentication). A folder named .ssh will be automatically created in the user's root folder when they connect with SFTP.

Using an SFTP connection, upload the public key file to the .ssh folder. The public key file must end with the ".pub" extension. Each file should contain exactly 1 public key.

You can associate a user account with multiple SSH keys by uploading each public key to that same .ssh folder.

Note that password authentication will remain available even if an SSH key has been uploaded for a user account.

Removing SSH Keys

Deleting a public key file from the .ssh folder for a user will disable the key.

No Shell Access

SSH key authentication allows users to connect via SFTP, but does not allow them to open a terminal session.

HyperPrivacy Mode vs Normal Mode

SSH key authentication works the same in both HyperPrivacy Mode and a normal ExaVault installation. The system will automatically create a .ssh folder even for users who do not have home folders (in HyperPrivacy Mode).

Last updated

©2023 Orange Platform LLC dba ExaVault. All rights reserved.