edtFTPnet/PRO - Secure FTP component for .NET | Free Trial | Pricing

How to use SFTP (with client validation - public key authentication)

The topic How to use SFTP (with client validation - password authentication) discusses the simplest form of client authentication, via password.

In public key authentication, SSH clients and servers authenticate each other via public/private key pairs. Each must have access to their own private key, and they must have access to each other's public key.

The client's public key must be registered with the SSH server, typically by copying it into the server's authorized_keys file.

The client's private key is loaded via SecureFTPConnection's ClientPrivateKeyFile property as shown below:

ftpConnection.ClientPrivateKeyFile = "C:\\myhome\\.ssh\\id_rsa";

Both DSA and RSA keypairs can be used. SecureFTPConnection's UserName and ClientPrivateKeyPassphrase properties must be set, along with the ServerAddress. Note that the ClientPrivateKeyPassphrase property (which holds the private key file's passphrase) may be different to the Password (which is the user's password).

The AuthenticationMethod property must also be set to AuthenticationType.PublicKey (or AuthenticationType.PublicKeyAndPassword):

ftpConnection.AuthenticationMethod = AuthenticationType.PublicKey;

If AuthenticationType.PublicKeyAndPassword is set, public key authentication is followed by password authentication. It is in this instance that separate passphrases and passwords may be required.

There are no formal standards for SSH private key files, however three main formats are in common use. All are supported by edtFTPnet/PRO (PuTTY since version 5.0.4).

Private Key Type
Start of key
  OpenSSH
-----BEGIN DSA PRIVATE KEY-----
  SSH.com
---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----
  PuTTY
PuTTY-User-Key-File-2:

The format is automatically detected when the file is loaded.

Note that earlier versions of edtFTPnetPRO (prior to 5.0.4) do not support PuTTY keys, but they can be easily converted into SSH.COM or OpenSSH formats via PuTTYgen. The PuTTYgen.exe utility can be freely downloaded from here. It is a simple GUI application that can generate keypairs, and import and export keys in various formats.

On the File menu item, select Load Private Key and load your PuTTY private key file. You can optionally enter your key's passphrase (which is advisable – otherwise the converted key will be saved without a passphrase, which is insecure). Then via Conversions -> Export OpenSSH key you can export your private key to another file in OpenSSH format (similarly for ssh.com format).

The other authentication method, keyboard-interactive authentication, is discussed in How to use SFTP (with client validation - keyboard-interactive authentication).