SSH Key Authentication
Last updated
Last updated
Using SSH keys to authenticate SFTP sessions instead of passwords provides enhanced security, convenience, and automation capabilities. SSH keys are significantly harder to compromise than passwords, making them a more secure option for protecting file transfers.
Many organizations rely on automated scripts to handle secure file transfers over SFTP. When scripts use password-based authentication, there's a risk of accidentally exposing credentials—whether in plain text, in shared files, or in version control systems.
By using SSH key authentication:
You eliminate the need to store passwords in scripts
You reduce the risk of credential leakage
You streamline authentication for automated and scheduled file transfers
Enabling SSH Key authentication is a straight forward process. First, a keypair. Next, to the .ssh
directory in your home folder using SFTP. With those steps done, you can configure your SFTP client to .
The exact steps for creating a key will differ depending on your environment. See the appropriate guide for your situation.
In order to use your key with ExaVault, you must first connect to the system through SFTP using a password.
When you connect to SFTP, a virtual directory name .ssh
appears in your home folder. Upload your public key file to the .ssh
directory. You cannot perform this step when you are connecting in other ways, such as using the web interface.
After your SSH key is uploaded to the .ssh directory, you need to configure your SFTP client to use your private key for authentication. The exact steps for this will vary by SFTP client.
Command-line clients, such as those on Linux or macOS, will allow accept command-line parameters -i
or --identity-file
to specify your private key.
sftp -i /path/to/my_ssh_key.key username@MYCOMPANY.files.com
To disable access for a particular SSH key in your account, connect to the SFTP server and delete the public key from the .ssh
directory in your home folder.
ExaVault supports the following SSH key formats:
RSA
ed25519
All public keys must be provided in OpenSSH format when uploading or configuring them in your user profile or automation system.
An SSH Key is really a matched pair: a public key and a corresponding private key.
When generating an SSH key, the two halves (public and private) will always be created.
The private key must never be shared, and should remain under the control of the user, script, or system, that will be using SFTP to connect to an SFTP account. The private key is the equivalent of your password and should be protected similarly.
The public key can be shared with any system that needs to provide secure access to the user, script, or system, that owns the corresponding private key. The public key does not need to be kept secret and can be distributed freely. The public key has no power, authorization, or authority without the corresponding private key.
Never share a private key. Whenever exchanging SSH keys for use with SFTP or SSH access, only send or share the public key portion.
SSH keys grant access to the SFTP service only. Even with a valid key, users will not be able to open an interactive shell or terminal session on the server. This helps maintain a secure and controlled environment focused solely on file transfer.