(510) 843-6389   1700 Martin Luther King Jr. Way Berkeley, CA 94709 support@lmi.net

Using a Public/Private Key Pair with SSH/SFTP

How Public/Private Keys Work (a brief, approximate overview)

When you authenticate with a public/private key pair, you have a private key on your computer, a key that only you have access to (this is crucial).  The server to which you are connecting has a copy of your public key.  This key is safe for anyone to have.  When you log in using your key pair, the server sends a challenge, encrypted with your public key (to which it has access to, since you uploaded it to the appropriate place in your home directory).  The only key that will unencrypt the challenge is your private key.  Your SSH/SCP/SFTP program does this, and the server then knows you are who you claim to be.

For a more in-depth explanation, see the Wikipedia Page.

How to Use a Public/Private Key Pair with an LMi.net server

First, create the public/private key pair.  Depending on what OS you use, and what SSH/SCP/SFTP program you use, the method for doing this will be different.  Please see the documentation for your specific software and OS or see this post

Next, create (if it doesn’t exist) a directory at the root level of your home directory on our server called “.ssh” (sans quotes).  Note the “.” in .ssh.  That is important.  That directory should be read/write/executable only by the user (permissions 700).  In that directory, create a file called authorized_keys (note the “_”, not a “-“).  Paste the contents of your public key into that file.  There should be no line breaks (it should all be one long line, wrapped or not).

Make sure the authorized_keys file is read/write by user only (permissions 600)

Configure your SSH/SFTP/SCP client to connect using your new private key, and you should be ready to go.

The WinSCP documentation has more information about setting up public/private key access.