AWS Transfer for SFTP
User Guide

Generating SSH Keys

The service-managed authentication method uses Secure Shell (SSH) keys to authenticate users. The user's public SSH key is uploaded to the SFTP server as a user's property. When a user requests a file transfer operation, the user's name and private key are transmitted by the SFTP client to be validated by the SFTP server. After validation, the operation is performed. Each user can have multiple public SSH keys on file with an individual server.

There are many ways to create an SSH key pair. On the macOS, Linux, UNIX, or Microsoft Windows operating systems, you can use the ssh-keygen command at the command line interface for that purpose. The following is an example of the ssh-keygen output.

When you run the ssh-keygen command as shown preceding, it creates the public and private keys as files in the current directory.

Windows uses a slightly different SSH key pair format. The public key must be in the PUB format, and the private key must be in the PPK format.

On Windows, you can use PuTTYgen to create an SSH key pair in the appropriate formats. You can also use PuTTYgen to convert a private key generated using ssh-keygen to a PPK file. If you present WinSCP with a private key file not in PPK format, that SFTP client will offer to convert the key into PPK format for you.