> For the complete documentation index, see [llms.txt](https://docs.exavault.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.exavault.com/using-exavault/users/ssh-key-authentication.md). # SSH Key Authentication SSH keys authenticate SFTP sessions in place of passwords. Keys are harder to compromise than passwords, and they let automated scripts authenticate without storing a password anywhere. ## Why Use SSH Keys? Many organizations rely on automated scripts to handle file transfers over SFTP. When scripts use password-based authentication, the password has to live somewhere the script can read it, which creates a risk of exposure through plain-text files, shared storage, or version control. SSH key authentication removes that risk. Scripts no longer carry a password, credentials are less likely to leak, and authentication for automated and scheduled transfers stays consistent across runs. ## Steps for Adding SSH Key Authentication Enabling SSH key authentication is a straightforward process. First, [create or obtain](#creating-ssh-keys) a keypair. Next, [upload the public key](#uploading-your-key) to the `.ssh` directory in your home folder using SFTP. After that, configure your SFTP client to [use your private key for authentication](#using-your-key). ### Creating SSH Keys The exact steps for creating a key depend on your environment. See the appropriate guide for your situation. * [Creating an SSH Key on Windows](/using-exavault/users/ssh-key-authentication/creating-an-ssh-key-on-windows.md) * [Creating an SSH Key on Linux](/using-exavault/users/ssh-key-authentication/creating-an-ssh-key-on-linux.md) * [Creating an SSH Key on macOS](/using-exavault/users/ssh-key-authentication/creating-an-ssh-key-on-macos.md) ### Uploading Your Key To use your key with ExaVault, first connect to the system through SFTP using a password. When you connect to SFTP, a virtual directory named `.ssh` appears in your home folder. Upload your public key file to that directory. This step is only available over SFTP — the `.ssh` directory does not appear in the web interface or other access methods. ### Using Your Key After your public key is in the `.ssh` directory, configure your SFTP client to use your private key for authentication. The exact steps vary by SFTP client. Command-line clients on Linux and macOS accept the `-i` or `--identity-file` parameter to specify the private key: `sftp -i /path/to/my_ssh_key.key username@MYCOMPANY.files.com` ## Removing Your Key To disable access for a particular SSH key, connect to the SFTP server and delete the public key from the `.ssh` directory in your home folder. ## Supported Key Types ExaVault supports two SSH key formats: RSA and ed25519. All public keys must be provided in OpenSSH format when uploading or configuring them in your user profile or automation system. ## SSH Keys Come In Pairs An SSH key is a matched pair: a public key and a corresponding private key. Generating an SSH key always produces both halves together. The private key must never be shared. It stays under the control of the user, script, or system that connects to the SFTP account. The private key is the equivalent of your password and is protected the same way. The public key can be shared with any system that needs to grant secure access to the holder of the corresponding private key. The public key does not need to be kept secret and can be distributed freely. The public key has no power, authorization, or authority without the corresponding private key. Never share a private key. When exchanging SSH keys for use with SFTP or SSH access, only send the public key. ## No Shell Access SSH keys grant access to the SFTP service only. Even with a valid key, users cannot open an interactive shell or terminal session on the server. The environment is restricted to file transfer. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.exavault.com/using-exavault/users/ssh-key-authentication.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.