Blog

Managed File Transfer and Network Solutions

2 Ways to Generate an SFTP Private Key

Posted by John Carl Villanueva on Tue, Aug 05, 2014 @ 03:34 PM

Overview

One of the major security features of SFTP is public key authentication. This method of authentication allows JSCAPE MFT Server to verify a user's identity during login by asking for a secret item only he, the user, has. That something is an SFTP private key file. But how can a user get hold of such a file?

In this post, we'll show you how. In fact, we'll show you two places where a private key file can be obtained. 

The first place is in the Key Manager, which can be reached via the JSCAPE MFT Server Manager and hence can only be accessed by a server admin. The second place is via the JSCAPE MFT Server Web User Interface and can be accessed by anyone with a user account on the server.

Let's have a look at those two options.

1. Obtaining an SFTP private key via the Key Manager

To generate an SFTP private key via the Key Manager, launch the JSCAPE MFT Server Manager, go to the Server menu and then select Key Manager.

 

01 mft server 9 server key manager resized 600

 

Next, navigate to the Client Keys tab and then click the Generate button.

 

02 mft server 9 create client key resized 600

 

Fill up the fields in the Generate Client Key dialog. You'll need to enter the following information:

Key alias - We recommend you use the username of the user account this key will be binded with. 

Key algorithm - Choose between RSA or DSA. Click that link for a thorough discussion on these two key algorithms.

Key length - Choose between 1024 and 2048. Read the post "Choosing Key Lengths for Encrypted File Transfers" if you need more information on the subject.

Validity - Specifies how many days you would like this key to remain valid.

Common name (CN) - This should be the full name of the user.

Organization unit (OU) - Indicates the specific unit in your organization that will be using this key, e.g. Accounting

Organization (O) - The name of your organization

Locality (L) - The name of your city.

State/Province (ST) - The name of your state or province.

Country (C) - Your 2-character country code, e.g. "US"

 

03 mft server 9 generate client key resized 600

 

Click the OK button when done.

You'll then be asked to specify the name of the file that will hold this key. Make sure the file is saved in the PEM format. Otherwise, you won't be able to use it for SFTP public key authentication. As an added layer of protection, you can also specify a password for this file.

 

04 mft server 9 export private key resized 600

 

Click the OK button when done and then Save the file to your desired folder. Because it is this file which the user will be required to submit during login, you will have to send this file to the user after it has been created. It's just a file, so you can burn it to a CD or copy it to a USB stick and then transport it securely to the intended user. While it is possible to email the file, email is not a recommended option unless the key is encrypted because emails can be intercepted and your key compromised.

 

05 mft server 9 save sftp private key resized 600

 

After saving the file, you should be able to see your newly created client key in your list of client key certificates.

 

06 mft server 9 new client key resized 600

 

Note that this method can only be carried out by someone with administrative access to your JSCAPE MFT Server. However, it's also possible for a user to generate his own private key file by himself. If you want to know how, read the next section.

 

2. Obtaining an SFTP private key via the User Web UI

To obtain an SFTP private key as a user, login to JSCAPE MFT Server through the Web User Interface.

 

mft server web user interface resized 600

 

Once inside, click the link labeled My Account at the upper-right corner of the screen.

 

mft server web user interface my account resized 600

 

Next, scroll down to the section Public Key Authentication and then click Generate Key Pair.

 

mft server generate key pair resized 600

 

Choose an encryption type and length and then select PEM for the file type. When done, click the Generate button.

 

mft server generate private key file pem resized 600

 

The private key file will then automatically be download to your system. Click Save File to save it in your default download folder. 

 

open key file

 

Be sure you move that file from the download folder to another location; a location only you know. 

Bonus tip

There's still another way of generating an SFTP private key. Your users can actually generate their own keys locally using a third party software like PuTTYGen. Once the key is generated, they can send them to your server admin, who will then import the key into the key manager and then bind it with a user account.

Here's a video that shows you how it's done:

Public Key Authentication using PuTTY

There, now you know three ways of generating SFTP private key files. 

If you want to try this out, feel free to download a free evaluation edition of JSCAPE MFT Server.

 

 

Subscribe via E-mail

Download Now
Free Consultation
Request Demo

Latest Blog Posts

POODLE vulnerability (CVE-2014-3566) patch for JSCAPE MFT Server
JSCAPE MFT Monitor 3.1 Released
How To Automatically PGP-Encrypt A File Upon Upload Using Triggers
3 Ways To Generate OpenPGP Keys