Managing SSH and PGP keys in Transfer Family

In this section, you can find information about SSH keys, including how to generate them and how to rotate them. For details about using Transfer Family with AWS Lambda to manage keys, see the blog post Enabling user self-service key management with AAWS Transfer Family and AWS Lambda.

AWS Transfer Family accepts RSA, ECDSA, and ED25519 keys.

This section also covers how to generate and manage Pretty Good Privacy (PGP) keys.

Supported algorithms for user and server keys

The following key algorithms are supported for user and server key-pairs within AWS Transfer Family.

For algorithms to use with PGP decryption in workflows, see Algorithms supported for PGP key-pairs.

For ED25519: ssh-ed25519
For RSA:
- rsa-sha2-256
- rsa-sha2-512
For ECDSA:
- ecdsa-sha2-nistp256
- ecdsa-sha2-nistp384
- ecdsa-sha2-nistp521

We support ssh-rsa with SHA1 for our older security policies. For details, see Cryptographic algorithms.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Data protection

Generate SSH keys