How Do I Set Up SSH Keys With My ExaVault Account?

Action disabled: source

How Do I Set Up SSH Keys With My ExaVault Account?

If you want to create automatic logins to your ExaVault SFTP service, you can do so via an SSH key pair. You can create such a key pair automatically or manually.

You can create keys directly from your account:

  1. Log in into your account as the master user or as an admin user.
  2. Click the Users button.
  3. Pick the user you want to create keys for and choose the Generate SSH Keys button from the drop-down menu. This will create the .sftp folder in the home folder of the user, and the public key will be added to the authorized_keys file and placed inside the .sftp folder ( e.g. /.sftp/authorized_keys). You will be prompted to download the private key file.
  4. Import the private key into your SFTP software on your local computer.

You should now be able to connect without a password.

Linux / Mac OS X - Manual Key Creation (Experts Only)

  1. Open a terminal and use OpenSSH to generate a public/private key pair. You should not enter a password when prompted (e.g. just press return):
    ssh-keygen -t rsa -f mykey
  2. Convert the public key to RFC-4716 format, which is the only format our SFTP server accepts for public keys:
    ssh-keygen  -e  -f  mykey.pub  >  mykey.rfc4716.pub


    Prior to OpenSSH v5.4, there was a bug which allows for comments longer than 72 characters, which is in violation of the RFC-4716 spec. Our FTP server will reject such keys as invalid. If you're using a version of OpenSSH prior to v5.4, you should open the key file and delete any comment longer than 72 characters.

  3. Change the name of the public key to read authorized_keys.
    mv  mykey.rfc4716.pub  authorized_keys
  4. Using an SFTP client with a username and password, upload the RFC-4716 format key to your ExaVault SFTP server. It must be placed inside of a folder named .sftp in the home folder of the user (e.g. /.sftp/authorized_keys ).
  5. Import the private key into your SFTP software on your local machine. There are many ways to do this, depending on the software. For example, if you use sftp you would enter:
    sftp -oIdentityFile=mykey account@account.exavault.com

You should now be able to connect without a password.

Windows - Manual Key Creation (Experts Only)

Due to the multiple applications necessary to create an SSH key in Windows, we strongly recommend using an ExaVault-generated SSH key for Windows machines. However, ExaVault does support the use of SSH keys manually created in Windows as long as they are converted properly.

  1. Download and install the PuTTy application from http://www.putty.org/. Version 0.70 is the latest version. Install the 32-bit version of the application. When installing, use the default settings for installation.
  2. Start the PuTTyGen application. This application is installed as part of the PuTTy installation. Under the Key menu, verify that the key is set to SSH-2 RSA key. Under the Parameters section, confirm that the type of key is set to RSA. Confirm that the number of bits is set to 2048.
  3. Click the Generate button. When prompted move the mouse over the blank area in the application.
  4. Click the Save Public Key button. When prompted, name the file authorized_keys and make note of where you save this file.
  5. Click the Save Private Key button. Take note of the name and location of this file. When prompted, click the Yes button if you do not want to include a passphrase on the key.
  6. Convert the public key (the one you named authorized_keys) to a UNIX file format. The key will not be recognized by the server if it contains Windows line endings. Open the file in a text editor that can convert line endings from Windows to UNIX. Notepad++ is a free software that can convert Windows line endings to UNIX line endings. Save the file after converting the line endings.
  7. Using an SFTP client with a username and password, upload the authorized_keys file to your ExaVault SFTP server. It must be placed inside of a folder named .sftp in the home folder of the user (e.g. /.sftp/authorized_keys ).
  8. Import the private key into your SFTP software on your local machine. There are many ways to do this, depending on the software.

You should now be able to connect without a password.

Example SSH Keys

If you are having trouble generating your SSH keys, you can find an example pair here to verify that your keys are formatted correctly. These keys are for verification purposes only. Because both the public and private keys are provided in this example to anyone, please do not upload the public key to your SFTP server!

SSH Keys FAQ

Can I use multiple SSH keys with SFTP?

Yes! Simply append each additional public key into the authorized_keys file on the FTP server as described above.

Can I use a key that was provided to me?

You may have a customer or client who already has an SSH key pair that you need to import.

You can upload a public key that was provided to you as long as it conforms to the RFC-4716 format. Often you will need to convert your key to the RFC-4716 format. To convert the key, see Steps 2 and 3 of the Linux/Mac OS X key creation instructions.

If the key was created on a Windows machine, you may need to edit the public key so that it does not contain Windows line endings using a text editor that can convert Windows line endings to UNIX line endings.

If you run into problems using your key, email us at support@exavault.com.

Did you find an issue with this article? Let us know!

account/04-users/04-ssh-keys.txt · Last modified 2019/07/11 18:50 (external edit)