Two Ways To Generate An SFTP Private Key

Generate an SFTP private key via JSCAPE MFT Server's Key Manager or the Web User Interface. For Key Manager access, navigate to Keys, select the Client Keys tab, and click Generate. Fill in key details and export the file. Alternatively, users can log in to the Web User Interface, go to My Account, and generate a key pair under Public Key Authentication. This process secures SSH FTP with two-factor authentication, enhancing user identity verification during login.
  1. Blog

One of the major security features of SSH FTP is public key authentication. This authentication method allows JSCAPE MFT Server to verify a user's identity during login by asking for only the user's secret item β€” an SFTP private key file (SSH key). Using keys to authenticate users while requiring a username and passphrase gives us two-factor authentication.

private key

In this post, we'll show you how to generate a private key for your SFTP server. We'll show you two places where a private key file can be obtained.

Interested in a more straightforward way to manage SFTP keys? Schedule a demo today to see how the JSCAPE MFT Server can streamline secure file transfers and simplify key management for better security and compliance.

The first place you can generate an SFTP private key file is in the Key Manager, which can be reached via the JSCAPE MFT Server Manager and can only be accessed by a server admin. The second place is via the JSCAPE MFT Server Web User Interface, which anyone with a user account on the server can access.

Let's have a look at those two options.

1. Obtaining An SFTP Private Key Via The Key Manager

To generate an SFTP private key pair via the Key Manager, launch the JSCAPE MFT Server Manager, log in, and then go to Keys.

mft server keys module

Next, navigate to the Client Keys tab and click the Generate button.

client keys generate mft server

Fill out the fields in the Generate Client Key dialog. You'll need to enter the following information:

Key alias - We recommend you use the username of the user account to which this key will be bound.

Key algorithm - Choose between RSA or DSA. Click that link for a thorough discussion of these two key algorithms.

Key length - Choose between 1024 and 2048. Read the post "Choosing Key Lengths for Encrypted File Transfers " if you need more information.

Validity - Specify how many days you want this key to remain valid.

Common name (CN) - This should be the user's full name.

Organization unit (OU) - Indicates the specific unit in your organization that will use this key, e.g., Accounting.

Organization (O) - The name of your organization.

Locality (L) - The name of your city.

State/Province (ST) - The name of your state or province.

Country (C) - Your 2-character country code, e.g. "US".

generate client key

Click the OK button when done.

You'll then be asked to specify the file name holding this key. Make sure the filename is saved in the PEM format. Otherwise, you won't be able to use it for SFTP public key authentication. As an added layer of protection, you can also specify a password for this file.

export private key

Click the OK button when done, and then Save the file to your desired folder. Because it is this file that the user will be required to submit during login, you will have to send this file to the user after it has been created. It's just a file, so you can burn it to a CD or copy it to a USB drive and then transport it securely to the intended user. While it is possible to email the file, email is not a recommended option unless the key is encrypted because emails can be intercepted, and your key will be compromised.

opening private key

After saving the file, you should see your newly created client key in your list of client key certificates.

newly created sftp key

Note that this method can only be carried out by someone with administrative access to your JSCAPE MFT Server. However, it's also possible for a user to generate another SFTP private key file by themselves. If you want to know how read the next section.

2. Obtaining An SFTP Private Key Via The User Web UI

To obtain an SFTP private key as a user, log in to JSCAPE MFT Server through the Web User Interface.

login jscape mft server user web ui

Once inside, click the link labeled My Account at the upper-right corner of the screen.

jscape mft server user web ui my account

Next, navigate to the section Public Key Authentication and then click Generate Key Pair.

public key authentication generate key pair

Choose an encryption type and length, then select PEM for the file type. You may also specify a password. When done, click the OK button.

generate key pair web ui

The private key file will then automatically download to your SFTP client. Click Save File to save it in your default download folder.

save private key file prv

Be sure to move that file from the download folder to another location only you know.

Bonus Tip

There's still another way of generating an SFTP private key. Your users can generate their keys locally using third-party software like PuTTYGen. Once the key is generated, they can send it to your server admin, who will import the key into the key manager and bind it with a user account.

Here's a video that shows you how it's done:

Public Key Authentication using PuTTY

There, now you know three ways of generating SFTP private key files.

Get Your Free Trial

Would you like to try this yourself? JSCAPE MFT Server is platform-agnostic and can be installed on Microsoft Windows, Linux, Mac OS X, and Solaris. It can handle any file transfer protocol and multiple protocols from a single server. Additionally, JSCAPE enables you to handle any file type, including batch files and XML. Get a free trial of JSCAPE MFT Server with your request.

Related Content

Setting Up SFTP Public Key Authentication On The Command Line

What Port Does SFTP Use?

Guide On How To Set Up An SFTP Server

How To Automatically Transfer Files From SFTP To Azure Blob Storage