How Do I Set Up SSH Keys With My ExaVault Account?

SSH keys offer strong authentication options for your SFTP data transfers. They enable secure password-less logins for your SFTP account. If you would like to learn more about SSH keys, visit our SSH Guide blog post.

For most users, SSH keys are optional. If you or your client will be connecting through the web browser or do not specifically need an SSH key, you can make sure your data is still transferred in a secure way by enabling Secure Only Mode in your My Account settings.

Using an SSH key with a user in your account will allow for connection without the need to enter a username and password combination. SSH keys can only be used with SFTP connections.

You must have admin privileges to view the USER page and create SSH keys. If you are not an admin, contact your account administrator to generate SSH keys on your behalf or to provide your user the appropriate permissions.

Generating your SSH Keys

How to generate an SSH key.

1. On the left navigation bar, click Users.

2. Click SSH KEYS from the top navigation bar.

3. Click the ADD NEW SSH KEY button.

4. In the Create A New SSH Key window, type to search for a username or use the dropdown arrow to select a user from the list.

5. Select how you will generate the key pair for the username selected:

  • Automatically generate a key pair (Recommended): This is the easiest option. When selected, ExaVault will generate the SSH key pair.
  • Import a public key from a file: If selecting this option, you have received a file for the public key for the username you selected in step 4. Use the SELECT FILE button to browse your local machine and upload the public key file.
  • Paste in your public key: If you have a public key in the format of a string of text that can be copied, you can use this option to paste the key text directly without the need to create and upload a file.

6. Select the CREATE KEY button.

If you selected Automatically generate a key pair…

  • Your browser will automatically download the private key as a file named key.txt to the default location on your local machine - typically the Downloads folder.
  • The private key that was downloaded will need to be stored on the computer of the client selected in step 3. If you have generated the SSH key pair on behalf of one of your client(s), you can securely send the private key file to your client using the file sharing feature in your ExaVault account.

If you imported a public key file or pasted in your public key, you will see a green message that your SSH key was generated.

7. A record of the newly created key pair for the user will be listed in the Active Keys table.

Alternatively, if you are on the USERS page reviewing a specific user, you can:

Generating SSH key from user.

  • Right click on the user’s row or use the blue dropdown arrow to select Generate SSH Keys.
  • When the pop-up appears, follow the instructions above to complete the key creation.

Managing your SSH Keys

Managing existing SSH keys.

Your current SSH key pairs will be listed in the Active Keys table. From this page, you will have the following options:

  • Search by username to review or delete associated SSH key(s).
  • Export the full list of current usernames assigned SSH key(s).
  • Add a new SSH Key to generate a new key pair.
  • Review data related to key (username, creation date, and last used).
  • Review the Key Fingerprint for a specific SSH key. A single username can have multiple SSH Keys; the Fingerprint will act as a unique identifier for future auditing.
  • Delete the public key for a specific user.
    - While the user may still have their private key, once the public key is deleted, the user will not be able to connect using SSH keys until a new key pair is created.
    - Users will still be able to connect with a username and password combination. If you need to completely prevent a user from accessing your account, you may need to use the lock user feature.
  • Select the number of rows to show on this page.

Connecting with your SSH Keys

Once a user has a public key stored on ExaVault and the private key on their local machine, they will be able to make an SFTP connection with ExaVault by comparing files instead of sending a username/password combination.

The private key location will need to be identified in the setup of your connection. Here are common ways an SFTP connection is made using an SSH key pair:

  • Through an FTP Client application: Review our list of popular FTP Clients for more information and specific instructions on connecting with ExaVault. Most FTP clients will have a connection setup option that will allow you to specify the private key file to use in the connection.
  • Through the Command Line: More advanced users may create an SFTP connection directly from the command line using Terminal (Linux / MacOS) or Command Prompt (Windows). This will allow for creating custom scripts to interact with your ExaVault server.

- In Terminal: sftp -i [key location] [username]@[serverlocation; URLor IP] . For example:

sftp -i ~/.ssh/key myuser@mycompany.exavault.com

- In Command Prompt (with OpenSSH enabled): sftp -o Port=[port number] -o IdentityFile=[key location] [username]@[serverlocation;URLor IP] . For example

sftp -o Port=22 -o IdentityFile=C:\Users\key myuser@mycompany.exavault.com

Manual Key Creation (Experts Only)

You should not need to manually create an SSH key pair. For advanced users with this requirement, we have included steps below to manually generate and format an SSH Key pair from your local machine.

Linux / Mac OS X

1. Open a terminal and use OpenSSH to generate a public/private key pair. You should not enter a password when prompted (e.g. just press return):

ssh-keygen -t rsa -f mykey

2. For best results, convert the public key toRFC-4716 format to guarantee ourSFTPserver accepts the public key:

ssh-keygen  -e  -f  mykey.pub  >  mykey.rfc4716.pub

Prior to OpenSSH v5.4, there was a bug that allowed comments longer than 72 characters. This is in violation of the RFC-4716 spec. Our FTP server will reject such keys as invalid. If you're using a version of OpenSSH prior to v5.4, you should open the key file and delete any comment longer than 72 characters.

3. Log into your ExaVault account as an admin user through a web browser.

4. Navigate to the USERS page and select SSH KEYS.

5. Follows the steps above in Generating your SSH Keys and select Import a public key from a file.

6. When prompted, select the public key generated in step 2 above.

7. Import the private key into your SFTP software on your local machine.

You should now be able to connect without a password using the key pair generated and stored above.

Windows

Due to the multiple applications necessary to create an SSH key in Windows, we strongly recommend using an ExaVault-generated SSH key for Windows machines. However, ExaVault does support the use of SSH keys manually created in Windows as long as they are converted properly.

Manually generating an SSH key.

1. Download and install the PuTTy application from http://www.putty.org/. Version 0.74 is the latest version. Install the 32-bit version of the application. When installing, use the default settings for installation.

2. Start the PuTTyGen application. This application is installed as part of the PuTTy installation. Under the Key menu, verify that the key is set to SSH-2 RSA key. Under the Parameters section, confirm that the type of key is set to RSA. Confirm that the number of bits is set to 2048.Show Me

3. Click the Generate button. When prompted move the mouse over the blank area in the application.

4. Click the Save Public Key button. Take note of the name and location of this file.

5. When prompted, click the Yes button if you do not want to include a passphrase on the key.

6. Log into your ExaVault account as an admin user through a web browser.

7. Navigate to the USERS page and select SSH KEYS.

8. Follows the steps above in Generating your SSH Keys and select Import a public key from a file.

9. When prompted, select the public key generated in step 2 above.

10. Import the private key into your SFTP software on your local machine. There are many ways to do this, depending on the software.

You should now be able to connect without a password using the key pair generated and stored above.

SSH Keys FAQ

Can I use multiple SSH keys with SFTP?

Yes! From the SSH Keys page, you can follow the steps in the Generating your SSH Keys section above and the table will update to show the new key with its unique fingerprint assigned to the username selected.

The system will automatically match the private key sent by the username to the appropriate public key - even if there are multiple public keys stored.

Can I use a key that was provided to me?

You may have a customer or client who already has an SSH key pair that you need to import. Follows the steps above in Generating your SSH Keys and select Import a public key from a file.

The ExaVault SSH Key system can accept OpenSSH and RFC-4716 formats.

  • If you need to convert your key to the correct format and you are using macOS / Linux, we have some instructions above in the key creation, step 2 section of this page.
  • If the key was created on a Windows machine, you may need to edit the public key so that it does not contain Windows line endings using a text editor that can convert Windows line endings to UNIX line endings.

If you run into problems using your key, email us at support@exavault.com.

Do I still need the authorized_keys file(s) or the .sftp folder location(s)?

No. Anyone who was using our legacy SSH Key system can safely remove the autogenerated files (authorized_key) and folders (.sftp) from their ExaVault storage. Existing keys have been captured and will now appear on the SSH keys table.

ExaVault will now check any private keys connecting with your account to the keys found in the SSH table. As long as existing SSH keys are not deleted from the SSH table, previous connections will not be impacted.

If your account has any automations or processes around the legacy workflow (for example: uploading new authorized_key files into a .sftp folder), you will need to update your process to use the new workflow.

© 2022 ExaVault LLC. All Rights Reserved. ExaVault is a registered trademark of ExaVault LLC.