How to Set Up SSH Keys for Passwordless Login

Let’s discuss SSH Keys. Are they something you’ve heard about but never really understood? Have you wanted to set them up but don’t know where to begin? You’re not the only one with these questions.

Setting up SSH keys header

Is how to set up SSH keys a common support request?

Actually, yes. It can be common for new file-sharing users who are planning on doing SFTP transfers, and often in cases where a customer or a vendor is requiring the use of SSH keys.

Wait, What Are SSH Keys?

SSH keys are a great way to let users connect to an account without having to transmit a password. They can help with automated processes where you don’t want to be physically typing in a password every time.

The SSH keys themselves come in pairs. There’s a public key and a private key. The private key gets stored on the local computer of the user that will connect to the account, and you keep it secret. The public portion of the key actually gets stored on the computer you want to connect to — for example, in your ExaVault account.

Graphic of public and private key

Getting Started With SSH Keys

The easiest way to get started with SSH keys is to see if your SFTP service provider can make the keys for you. It never hurts to ask, and this makes the process nice and simple. In some cases, you can just as easily create the key pair directly from your file-sharing account.

With ExaVault all you have to do is log in to your account and find the user you want to create SSH keys for. Then, choose the ‘Generate SSH Keys’ option.

Generate SSH keys option for a user.

You’ll then get a little prompt to confirm that you want to make the SSH key pair, and then it will create the keys for you. You’ll notice an automatic download on your system. This is the private key, but the public key is already in place in the ‘.sftp’ folder located in the user’s home folder. You don’t have to do anything else apart from importing the private key into your SFTP client and testing the connection to see if it works.

What if I already have a public key that I want to use, how do I do that?

In many cases, you’ll be getting a public key from a vendor or partner, or you’ll want to create one yourself, and you won’t want to have your cloud provider generate one. In that case, the first thing you want to do is check if it is in the proper format.

Checking and Fixing Key Format

Many providers, ExaVault included, require the public key to be in the RFC-4716 format. If you open it up in a text editor, you may see ‘BEGIN SSH2 PUBLIC KEY’ at the top and ‘END’ at the bottom, and a few lines of information. This is a good indication the key is in RFC-4716 format, and will likely work as-is.

ExaVault SSH keys public key formatting
Example of ExaVault public key formatting.

If mine doesn’t look like that…

It may be longer or shorter. A lot of times the key will have a little prefix like ‘ssh-rsa’. This is absolutely a valid SSH key. It’s just not in the format that ExaVault (or many other SFTP servers) will recognize.

Unformatted SSH Keys
Unformatted SSH key

You’ll need to do a little tech wizardry to convert the key into the RFC-4716 format. If you have access to a Mac or Linux computer, you can do this conversion on your own.

Section from setting up SSH keys help page

Open up a terminal on your Mac. Make sure that you’re in the location where your key is stored. Then run the command to convert your key.

Now, look at the new key. It should be in the proper format and ready to upload as soon as you rename that file as need. Remember, for ExaVault the file should be named ‘authorized_keys‘.

Reformatted public ssh key
Reformatted public SSH key

If you happen to be a windows user, you won’t be able to jump out to the command line and make this transformation quite so easily. Probably the simplest solution at that point is to reach out and contact support. Go ahead and store the public keys in the correct folder in your account. Doing this will make it even easier for tech support to look at the key and make that final transformation for you.

Uploading & Testing Your Key

Now it’s time for the big moment. If you’ve got a public key in RFC-4716 format, you’ll want to upload it to the server. With ExaVault, SSH keys get stored inside the user’s home folder in a special folder named ‘.sftp’. Sometimes you will run across a ‘.ssh’ folder with other providers.

dot sftp folder

Make sure the file is named ‘authorized_keys’ for it to be recognized by the ExaVault server.

public key naming format

Finally, try to connect (or have your vendor try to connect) with the private key in their SFTP software. If everything worked, tada! You’re done. If not, visit our help page for troubleshooting steps. 

Is it possible to have more than one key pair of SSH keys in my account?

For most services, this shouldn’t be a problem. It is a common request that comes up, especially in cases where you have multiple users who are using the same home folder. In that case, you will take your keys and list them one after another in the ‘authorized_keys’ file, which will look a little something like the example below.

Multiple SSH keys in file
Multiple SSH keys stored in ExaVault.

So you’ll have your first key in the file and then immediately after it you add the next key. Just keep going until you have all the keys needed in your key file.

Ready to Go With SSH Keys.

Properly formatted and stored SSH keys let you create automatic logins to your SFTP service. They also help with password-less login for automated file transfers. There are options to set up SSH keys automatically or manually depending on your situation and SFTP service provider.

For more information on SSH keys or to learn how to set up SSH keys for your ExaVault account, check out our video >> Watch Now!