How to set up public key authentication

Users connecting to CompleteFTP via SFTP or SCP (supported in Professional and Enterprise MFT) can authenticate themselves in two different ways (if the server permits it).

Enabling public key authentication

There are two places public key authentication is enabled. The Site's authentication methods is the primary place, in the SFTP/SCP/SSH settings. Public key authentication is enabled by default.

Site - Authen methods

Public key authentication uses either the RSA or DSA algorithm, and this can also be set via SFTP->Advanced SFTP Settings->Algorithms. Normally the default of All is used.

Public Key Algorithms

The other place is in each user's properties (Enterprise MFT only). In the Authentication section, the SSH methods can be specified. They are combined with the Site authentication methods. A method has to be set for both the user and site to be available for that user.

User - Authentication Methods

Setting up the user's keys

For a user to use public key authentication, a keypair (consisting of a private key and a public key) must be generated, and the public key registered with CompleteFTP. Both RSA and DSA can be used.

Select the user in the Users window, and then select the ellipsis (...) on the right of "Public keys" in the user details window.

Public keys

This brings up the "Manage Public Keys" dialog, which displays the currently loaded public keys for this user.

Manage Public Keys

Use "Generate a new keypair for this user and add it to the list" to create a new keypair. Make sure the private key you are prompted to save is kept securely - it is required by clients to authenticate as this user.

You can also use "Import a public key and add it to the list" to import existing RSA or DSA public keys for this user. Public keys can also be deleted and exported. Note that Professional and Enterprise MFT permit multiple RSA and multiple DSA keys for each user.

For step by step instructions on setting up public key authentication, please refer to Step-by-step guide: Set up public-key authentication for a user.