Web Hosting - (LAMP) Key-based authentication

This document describes how customers can use public key authentication (aka: ssh key auth ) to send and receive files via their SFTP accounts on DoIT Shared Hosting's Linux/Apache platform. One of the main features of public key authentication is that the user does not need to remember a password to connect.

For Work Load Automation Services (Secure File Transfers, Scheduler, Document conversion, etc.) please see:

https://it.wisc.edu/services/workload-automation/

Set up a key-based connection from your computer to the web site

  1. Using your SFTP application or the Admin Control Panel's File manager (see Web Hosting - Publishing and Managing Your Web Account), locate the authorized_keys file in the .ssh directory located at the root of your webspace.
  2. Copy the contents of the public key (.pub) you just found or created in step #1 above and paste those contents into the authorized_keys file.
  3. The authorized_keys file can have many keys in it, but each key must be on its own line of the file.
  4. Consult the documentation for your SFTP application for how to integrate your private key into the client's SFTP connection.

Set up a key-based connection from the web site

This is a less common scenario, but it might come up if, for example, you have an automated process that offloads files from your web site to another machine. 

  1. To find the public key for your web site, use your SFTP application or the Admin Control Panel's File manager (see Web Hosting - Publishing and Managing Your Web Account) to locate the id_rsa.pub file in the .ssh directory located at the root of your webspace. 
  2. Paste the contents of this file into the authorized_keys file on the destination machine.
  3. Obtain three pieces of information about the destination machine: A) its public key, B) its domain name and C) its IP address.
  4. Copy the public key from the destination machine and paste it into the known_hosts file in your web site's .ssh directory, making sure the whole key is on a single line.
  5. Edit the beginning of the line to include the domain name of the destination machine followed by a comma, then the IP address of the destination machine and a single space.  The beginning of the line should look like this:
    destination.domain.wisc.edu,144.92.9.70 ssh-rsa AAAAB3Nz...
  6. Contact Web Hosting if you're interested in creating a scheduled task (Web Hosting - Scheduled Tasks and Crontab) that automates the transfer of files from your web site to another machine.

Note for Git users: Follow steps 1 and 2 of GitHub's instructions to find or generate an SSH keypair using the steps for your computer's operating system.  (NOTE: If you want to be able to use key-based authentication with no password required, do not enter a passphrase during the keypair generation process.)