SSH Key Authentication

Using SSH keys to authenticate SFTP sessions instead of passwords provides enhanced security, convenience, and automation capabilities. SSH keys are significantly harder to compromise than passwords, making them a more secure option for protecting file transfers.

Why Use SSH Keys?

Many organizations rely on automated scripts to handle secure file transfers over SFTP. When scripts use password-based authentication, there's a risk of accidentally exposing credentials—whether in plain text, in shared files, or in version control systems.

By using SSH key authentication:

• You eliminate the need to store passwords in scripts

• You reduce the risk of credential leakage

• You streamline authentication for automated and scheduled file transfers

Steps for Adding SSH Key Authentication

Enabling SSH Key authentication is a straight forward process. First, create or obtain a keypair. Next, upload the public key to the .ssh directory in your home folder using SFTP. With those steps done, you can configure your SFTP client to use your private key for authentication.

Creating SSH Keys

The exact steps for creating a key will differ depending on your environment. See the appropriate guide for your situation.

• Creating an SSH Key on Windows

• Creating an SSH Key on Linux

• Creating an SSH Key on macOS

Uploading Your Key

In order to use your key with ExaVault, you must first connect to the system through SFTP using a password.

When you connect to SFTP, a virtual directory name .ssh appears in your home folder. Upload your public key file to the .ssh directory. You cannot perform this step when you are connecting in other ways, such as using the web interface.

Using Your Key

After your SSH key is uploaded to the .ssh directory, you need to configure your SFTP client to use your private key for authentication. The exact steps for this will vary by SFTP client.

Command-line clients, such as those on Linux or macOS, will allow accept command-line parameters -i or --identity-file to specify your private key.

sftp -i /path/to/my_ssh_key.key [email protected]

Removing Your Key

To disable access for a particular SSH key in your account, connect to the SFTP server and delete the public key from the .ssh directory in your home folder.

Supported Key Types

ExaVault supports the following SSH key formats:

• RSA

• ed25519

All public keys must be provided in OpenSSH format when uploading or configuring them in your user profile or automation system.

SSH Keys Come In Pairs

An SSH Key is really a matched pair: a public key and a corresponding private key.

When generating an SSH key, the two halves (public and private) will always be created.

The private key must never be shared, and should remain under the control of the user, script, or system, that will be using SFTP to connect to an SFTP account. The private key is the equivalent of your password and should be protected similarly.

The public key can be shared with any system that needs to provide secure access to the user, script, or system, that owns the corresponding private key. The public key does not need to be kept secret and can be distributed freely. The public key has no power, authorization, or authority without the corresponding private key.

Never share a private key. Whenever exchanging SSH keys for use with SFTP or SSH access, only send or share the public key portion.

No Shell Access

SSH keys grant access to the SFTP service only. Even with a valid key, users will not be able to open an interactive shell or terminal session on the server. This helps maintain a secure and controlled environment focused solely on file transfer.