How can I upload my public key for WinSCP?

These instructions are for users who are using WinSCP and do not have a key.

About this task

If you use an SFTP client other than OpenSSH in Linux or WinSCP on Windows, please contact your company's IT support department/team for help generating and uploading SSH keys. Acoustic Campaign strongly recommends that you contact your company's IT support department/team prior to making any changes to any software or application settings.

To access Acoustic Campaign SFTP without providing a login password each time, you need to use private/public key authentication, preferably of the type SSH-2 RSA.

The following instructions describe how to use the puttygen utility in order to generate your private/public key pair for use with WinSCP. Your private key is used only by your SFTP application and shouldn't be shared with anyone; your public key should be shared with Acoustic Campaign to facilitate the secure handshake when you connect to SFTP.

Procedure

  1. Run puttygen.exe to generate a public/private key pair.

    You can download puttygen.exe at winscp.net/eng/docs/public_key.

    1. In the Parameters section, the Type of key to generate option should be SSH-2 RSA and Number of bits in a generated key should be 1024.
    2. Under Actions, click Generate.
    3. To generate the key, you are asked to move your mouse around to generate some random seed data.
    4. You can modify options as follows.
      1. The Key comment value automatically is something like, 'sa-key-20110623. You can change that to something more meaningful if you prefer, for example rsa-key-engager@company.com.
      2. For Key passphrase you can secure your private key with a passphrase that is required to use the key. You can also opt to not use a passphrase, depending on your security preferences.

      If you apply a passphrase, then the default behavior is that WinSCP prompta you for the passphrase whenever you use that private key, somewhat defeating the main purpose of using the keys. You have two basic options.

      • Do not use a passphrase, and rely on your private key being stored on a secure system
      • Use a solution such as pageant that allows you to unlock your private key with your passphrase just once, and then you are not challenged for your passphrase again while pageant runs in the background on the machine you use to make your SFTP connections.

        The pageant download and documentation can be found at winscp.net. The pageant documentation describes how to load your keys automatically at startup.

  2. Click Save public key and note where the file was saved.

    You will copy this file to the Acoustic Campaign SFTP server.

    The public key file that you save looks like this:

    ---- BEGIN SSH2 PUBLIC KEY ----
Comment: 'rsa-key-engager@company.com'
AAAAB3NzaC1yc2EAAAABJQAAAIBYPHDqQY3u04y2uDy5Ao
YTNqNOfvYYZM1+f6GMQ74ZvjvoJ/vumSW06cP3y3BRWh660
aiN7sHH5utyTYuu5yTeAkWzdy2kwaSizT0g+8ilFB56HbXg0/eJz
UTLzHrjekOD0Kkb451spDuMlIdB+SJO+sfERatobP8u76jn
pGbOjQ==
---- END SSH2 PUBLIC KEY ----
  3. Click Save private key and give the file a name, for example. private-key-company-com.

    Your private key is saved as private-key-company-com.ppk.

    At this point you are done generating keys and you can close puttygen.

  4. Use your existing SCP connection to upload the PUBLIC key you saved above to your Acoustic Campaign account in the directory and make sure it is named 'authorized_keys' on the server

    For example, /.ssh/authorized_keys

    .

Results

Now that you have a private and public key pair, you can use them in WinSCP for password-less logins. You may be challenged for your private key's passphrase if you applied one.

  1. The File protocol option should be SFTP and the Allow SCP fallback option should not be checked as Acoustic Campaign does not support SCP.
  2. In WinSCP, assume that you have a stored session already set up for accessing your SFTP account, with the correct user name and host name. Select that session, and then click Edit.
  3. Click the button beside the Private key file field, and then open the private key file that you saved previously.
  4. Click Save.
  5. You should now be able to select your stored session and click Login. If you did not apply a passphrase to your private key, you are logged in to your account without a challenge (except perhaps for a one-time known-hosts prompt which you can permanently accept). Note that this also assumes that you have shared your public key with Acoustic Campaign and that it has been installed.

At this point, you are done. However, you may choose to create a passphrase using pageant for added security.