AWS Transfer for SFTP
User Guide

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

Generating SSH Keys

You can set up your SFTP server to authenticate users using the service-managed authentication method, where user names and SSH keys are stored within the service. The user’s public SSH key is uploaded to the SFTP server as a user’s property. This key is used by the SFTP server as part of a standard key based authentication process. Each user can have multiple public SSH keys on file with an individual server. For limits on number of keys that can be stored per user, see the AWS Transfer for SFTP Limits in the AWS General Reference.

An SFTP server can only authenticate users using a single method, and that method cannot be changed once the server is created. As an alternative to using SSH keys you can authenticate users using a custom identity provider, which allows you to plug in an existing identity provider using an API Gateway endpoint. Refer to Authenticating Using Custom Identity Providers for more information on this topic.

There are many ways to create an SSH key pair. On the macOS, Linux, or UNIX operating systems, you can use the ssh-keygen command at the command line interface for that purpose. The following is an example of the ssh-keygen output for the command listed below.

ssh-keygen -P "" -f key_name

When you run the ssh-keygen command as shown preceding, it creates the public and private keys as files in the current directory.

Creating SSH Keys on Windows

Windows uses a slightly different SSH key pair format. The public key must be in the PUB format, and the private key must be in the PPK format. On Windows, you can use PuTTYgen to create an SSH key pair in the appropriate formats. You can also use PuTTYgen to convert a private key generated using ssh-keygen to a PPK file. If you present WinSCP with a private key file not in PPK format, that SFTP client will offer to convert the key into PPK format for you.

To view a tutorial on creating SSH keys using PuTTYgen on Windows, see the website.