Topics Map > Secure FTP
Web Hosting - (LAMP) Key-based authentication
This document describes how customers can use public key authentication (aka: ssh key auth ) to send and receive files via their SFTP accounts on DoIT Shared Hosting's Linux/Apache platform. One of the main features of public key authentication is that the user does not need to remember a password to connect.
Set up a key-based connection from your computer to the web site
- Using your SFTP application or the Admin Control Panel's File manager (see Web Hosting - Publishing and Managing Your Web Account), locate the authorized_keys file in the .ssh directory located at the root of your webspace.
- Copy the contents of the public key (.pub) you just found or created in step #1 above and paste those contents into the authorized_keys file.
- The authorized_keys file can have many keys in it, but each key must be on its own line of the file.
- Consult the documentation for your SFTP application for how to integrate your private key into the client's SFTP connection.
Set up a key-based connection from the web site
This is a less common scenario, but it might come up if, for example, you have an automated process that offloads files from your web site to another machine.- To find the public key for your web site, use your SFTP application or the Admin Control Panel's File manager (see Web Hosting - Publishing and Managing Your Web Account) to locate the id_rsa.pub file in the .ssh directory located at the root of your webspace.
- Paste the contents of this file into the authorized_keys file on the destination machine.
- Obtain three pieces of information about the destination machine: A) its public key, B) its domain name and C) its IP address.
- Copy the public key from the destination machine and paste it into the known_hosts file in your web site's .ssh directory, making sure the whole key is on a single line.
- Edit
the beginning of the line to include the domain name of the destination machine
followed by a comma, then the IP address of the destination machine and a single space. The beginning of the line should look like this:
destination.domain.wisc.edu,144.92.9.70ssh-rsa AAAAB3Nz... - Contact Web Hosting if you're interested in creating a scheduled task (Web Hosting - Scheduled Tasks and Crontab) that automates the transfer of files from your web site to another machine.
Note for Git users: Follow steps 1 and 2 of GitHub's instructions to find or generate an SSH keypair using the steps for your computer's operating system. (NOTE: If you want to be able to use key-based authentication with no password required, do not enter a passphrase during the keypair generation process.)