For an SFTP connection to the RedShelf FTP server, RedShelf employs a Public / Private Key pair system.
RedShelf is able to list any number of Public Keys on it's server, so please do not share your Private Key when a new computer needs to connect, instead reach out to your RedShelf point of contact and they can work with you to set up a new or additional Public Key on the server.
- A Public / Private Key pair is a set of secret keys generated by your computer. You would use the Private Key instead of a plain text password to log into a system or application. Ideally, your Private Key would have a password associated with it; this is highly recommended, however it is not required.
- The Public Key can be sent out to the world and used by any number of systems or applications. When your specific computer attempts to connect to the system or application the Public Key checks against the Private Key on your machine. If everything matches you are able to connect using this highly secure connection.
- The Private Key sits in a specific location on your computer and ideally, is not shared with anyone. It is then used in place of a password when prompted.
- Every computer that connects to the RedShelf FTP server will need a Public / Private Key pair
Generating a Key Pair
Generating a key pair in Apple or Linux
To keep this simple and available for use by anyone RedShelf uses the RSA OpenSSH key generation tool. This is available on both Apple and Linux operating systems.
Simply open a terminal window and run:
ssh-keygen -t rsa
This will provide you with several prompts, including a location request, a passphrase request, and a passphrase confirmation
Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:z6zTVQ/PJYt2o96DrVYClmfcqBG8Pdb8nzqY2m2HjeY root@geeklab The key's randomart image is: +---[RSA 2048]----+ | . | | o | | * = | | * O B .| | S. B + O.| | +. = = =| | .+ooB+.o| | ..oo=Bo+.| | .o.+*E=. | +----[SHA256]-----+
Once the key generation is complete, you will receive a prompt regarding the location of the saved information.
$ ls ~/.ssh id_rsa id_rsa.pub
The id_rsa.pub file can be sent to your RedShelf point of contact in a plain text email.
Generating a key pair in Windows
To keep this simple and available for use by anyone, RedShelf uses the RSA OpenSSH key format. This makes things complicated in Windows. It can be done, it simply requires a couple of extra hops.
Make sure PuTTY is installed on your computer
PuTTY is an external tool that can be downloaded onto a Windows machine that will simulate the terminal experience on a Windows machine.
- Terminal is a command windows that utilizes the OpenSSH protocol to access a computers inner workings.
- Windows uses the Command and PowerShell command windows to a similar effect.
PuTTY is an open source, widely utilized, and highly trusted tool that can be downloaded HERE
- The above link will take you to the direct download page. Scroll down until you see the download information. Assuming you are using a computer from after 2016, you will want to use the 64-bit download
- Once downloaded onto your computer, you will need to install the application. Scrolling further down the page will provide you directions if needed.
However, in order to create a Public / Private Key pair you will need to run the PuTTYgen Tool, which is part of the download and will be installed on your computer once the install is completed.
Create a Public / Private Key pair with PuTTY.
With PuTTY installed on your machine, a Public / Private Key pair can be created.
- To run PuTTYgen, Go to Windows -> Start Menu -> All Programs -> PuTTY -> PuTTYgen. You will see a window for the PuTTY Key Generator on your screen.
Simply click the GENERATE button, and start moving the mouse within the Window. Putty uses mouse movements to collect randomness.
It is strongly recommended using a passphrase be for Private Key files intended for interactive use.
Make sure to save both the Public and Private Keys upon completion.
Convert public key to OpenSSH
Now that you have a Public / Private Key pair you will need to convert the public key to the OpenSSH format before it can be sent over to RedShelf and loaded onto the server.
This CANNOT be done by RedShelf. This NEEDS to be done on your end, because it uses the Private Key to generate a Public Key in the OpenSSH format.
The Private Key on your computer should NEVER be shared with anyone, no matter what. This can and will cause security issues on your machine.
- Open WinSCP (directions can be found HERE)
- Open a New Session in WinSCP
- You can fill in all the necessary information, however the only point of concern is the ADAVANCED button
- Click on this button to load the Advanced options screen.
- Here, you will need to click on the AUTHENTICATION option on the left side of the screen
- Then click on the 3 dots to the right so you can select your Private Key, and press the OPEN button
- From here, click on the DISPLAY PUBLIC KEY link in the middle of the screen
- Which will then show you the Public Key associated with that private key, only now it is formatted in the OpenSSH format, which can be then loaded onto the RedShelf FTP server.
- Simply click the COPY KEY button, and then this information into Notepad or simply send it plain text to your RedShelf point of contact.
- Because it is a Public Key, security is not a concern. That is the beauty of the Public / Private key system. The Public Key is intended to be shared with anyone. Only the Private Key needs to remain secret.
WHY in the world did you just jump through all those hoops?
In the screen shot below the image on the left is the public key in OpenSSH format. On the right is the Public Key in PuTTY format.
Take note of the difference.
RedShelf is unable to use the format on the right, so you need to convert it over to a universal format that can now be utilized by the RedShelf FTP server.