In order to use public and private key based authentication to SFTP to your server, you need to have SSH enabled on your hosting account. Most hosts do not enable SSH by default, so you might want to check with your host and get it enabled if it isn't already. Once SSH is enabled, connecting to your server is simple. Here are three main steps involved:
- Generating public and private Key pairs using Cpanel.
- Downloading and converting the private key into PPK (PuTTY Private Key) format.
- Connecting to your server using an FTP client and using the PPK key for authentication.
So let's look at these steps in details:
Generating Public and Private Key Pairs Using Cpanel
You should now have a idrsa.pub file which contains your new public SSH key. Add SSH key to your VM. In the previous step, you generated an SSH key pair. Select Use existing public key in the dropdown for SSH public key source so that you can use the public key you just generated. Take the public key and paste it into your VM setup, by copying. A private key is stored on a client side (do not pass it to anyone!), and a public key is added to the authorizedkeys file on the SSH server. To generate RSA keys on a Windows client, you must install the OpenSSH client. In Windows 10 1809 (and newer) and Windows Server 2019, the OpenSSH client is installed as a separate feature.
In order to use SFTP, we first need to generate public and private key pairs. This can easily be done using Cpanel as detailed in the steps below:
Step 1:Login to Your Cpanel and click on SSH Shell Access under the security section.
Step 2: Click on the Manage SSH Keys button and then Click on the Generate a New Key link.
Step 3: On this page, enter the following details:
Key Password: Any password. (Note: This is the passpharse that you will need to enter while you SFTP.)
Key Type: RSA
Key Size: 2048
Once all details are entered, click on Generate Key (refer image above). This will generate a public and private key pair. You should now be able to see these files in your Manage SSH Keys page.
Step 4: On the Manage SSH Keys page, click on Manage Authorization and then click the Authorize button. This will authorize the key for usage as shown in the image below.
Step 5: Click on the View or Download link in the Private Keys section to covert and download your private key.
Converting Private Key to PPK Format
We now need to convert the private key to PPK format. You can do this using the covert key option on Cpanel, or you can download the raw file and covert it to PPK format using PuttyGen. In most cases, the Cpanel convert option works pretty good, so you can stick with it. But in-case, you don't have that option in your Cpanel account, you can use the Puttygen method. Let's look at both these methods:
Option 1: Converting the key to PPK format using Cpanel Covert key option:
To use this option, enter your passphrase in the space provided and click Convert as shown in the image below. You can then download the converted key to your computer and save it in an accessible location.
Note: The passpharse is the key password that you used while generating the keys in Cpanel.
Option 2: Converting the Key to PPK format Using PuttyGen:
This option involves using PuttyGen to convert the key. If you don't have PuttyGen installed, you can download it free from here. Once downloaded and installed, follow these steps:
Ssh Use Private Key File Download
Step 1: As shown in the image above (marked Option 2), click on the 'Download Key' button on the View or Download SSH Keys page. This will download the private key (id_rsa) to your computer. Copy and save this file in an accessible location.
Step 2: Open the PuttyGen application and click Run.
Step 3: Go to Conversions > Import Key, browse to the location of your downloaded private key file (id_rsa) and select the file.
Once you load the file you will be prompted to enter the passpharse. Enter the passpharse and click ok.
Step 4: Make sure that the SSH2 RSA option is selected and the number of bits is set to 2048.
Step 5: Click on Save private key and save the file with your preferred name. (Refer image above).
SFTP to the Server
Now that we have our public and private keys setup, we can SFTP to the server. You can do this using any FTP client like Filezilla or WinSCP. I am using WinSCP for this tutorial.
Step 1: Open WinSCP and create a new FTP connected by clicking on New Site and enter the following details:
Host Name: ftp.domainname.com
Port Number: 22
Username: Cpanel Username
Password: Cpanel Password
Step 2: Click on the Advanced botton to open the Advanced Site Settings page as shown in point no.6 in the image above.
Step 3: On the Advanced Site Settings page click on Authentication and then browse to the location of your PPk file. Refer image below:
Step 4: Once done, click ok and then click Save to save the settings.
Step 5: Click Login to login to your server using SFTP. Once the connection is establised and the server has finished verifing the private and public keys, you will be promoted to enter the passpharse. Enter the passpharse and click Ok.
You should now be connected to your server using SFTP.
Below you find a step by step guide, if you prefer you can watch our How to Use SSH Private Keys for SFTP video tutorial.
Before connecting to an SFTP remote server, you’ll need some connection information:
- The address of the server, and its port number if it uses a non-standard one.
- Your user ID for the server. This might be different to your usual login for the site.
- Some servers won’t require a login, and will instead allow an anonymous connection (typically for downloads).
- If you have a user ID, your password for the server if that is required. Like your user ID, this might be different to your usual password for the site.
There are three mechanisms for use of the FileZilla client with SSH2 keys:
- In the profile settings in the Site Manager of the FileZilla Pro client. If the SFTP Protocol is specified, it is possible to specify the Logon Type as “Key File” and specify the location of the private key file (in .ppk or .pem format – see below for conversion options from other formats.) The user is prompted for the key file’s password if necessary.
- In the Edit – Settings menu of the FileZilla Pro client, you can add the key file under Connection – SFTP, and FileZilla Pro can then use the public key authentication in the site manager with the ‘Interactive’ Logontype on connection. Note: Importing a site’s public key is not supported.
- (Windows only) Using PuTTY tools. To allow the use of RSA/DSA key files with FileZilla Pro, you’ll need two tools from PuTTY: Pageant and (assuming your key file isn’t already in PPK format) PuTTYgen. If your key file is already in PuTTY’s PPK format you can skip this paragraph. However if your key is in OpenSSH format, you first need to convert it to PuTTY’s PPK format. To do this, launch PuTTYgen and from the “Conversions” menu, select the “Import key” option. Select your key and follow the prompts to enter your pass phrase. Save your private key.
Now run Pageant. In your system tray, you’ll see the Pageant icon appear. Right-click the icon and select “Add Key” and select your private key (PPK) file. Follow the prompt to enter your pass phrase and you’re done.
Now simply launch FileZilla Pro and connect to your server using SFTP using SSH2 with a username and an empty password. Don’t forget to close pageant when you’re done.
FileZilla Pro supports the standard SSH agents. If your SSH agent is running, the SSH_AUTH_SOCK environment variable should be set. (Note, the “Normal” logon type should be set for the site in order to use the SSH agent socket.)
On a Mac
If for some reason you are not using ssh-agent and on a Mac, you don’t need to perform a ssh key conversion. Import your key via Settings and then use “Normal” logon type in your site connection definition. The imported key will get used.
The following instructions assume you have a working SSH configuration which allows you to ssh to the same host without a password. They are adapted from a thread on superuser.com for your convenience:
Linux Ssh Private Key File
- In FileZilla Pro->Settings.. select Connection->SFTP
- Press the Add key file… button
- Press Command-Shift-G to bring up a path selection window and type “~/.ssh”
- Select the “id_rsa” key file and click Open (this imports the key)
- Click OK to close the Settings dialog
- Open File->Site Manager…
- Select the site with which you want to use the key
- Choose Protocol “SFTP” and select Logon Type “Normal”. Don’t worry about a password if you key file doesn’t have a password, if it has one set it here.
- Click Connect and you’ll see your files
Ssh Private Key File Extension
The video tutorial below shows how to connect to a SFTP with Key File.
Video tutorial: How to connect to a SFTP with Key File
Tags: FileZilla connect with ssh key, FileZilla key file, FileZilla ppk, FileZilla public key, FileZilla ssh key, FileZilla use ssh key, how to connect to a SFTP, Key File, SFTP, SFTP remote server, SSH Private Keys