Hilfe Center

SFTP Passwordless authentication (Admin)

The netfiles SFTP interface allows a login without a password, the so-called Public Key Authentication.

The function: The public part of the user’s key is stored on the server in a special file. When logging in, the user then identifies himself with his private key, which is opened in a special program for key management (e.g. ssh-agent) and is available for use. The password only needs to be entered once, so to speak, when the private key is opened in the client’s key management program.

Instructions for MacOS or Unix

  1. The user logs in and stores the public part of his SSH key (public key) in a special file.
    1. The user who wants to log in must first have a key pair consisting of a public and private key in OpenSSH format.
    2. If this has not yet been done, ssh-keygen must be called first. The default values are usually appropriate. Enter a secure passphrase or password so that a stolen private key (~/.ssh/id_rsa) cannot be used unhindered by third parties. The private key must still be secured and should only be readable by your user.
    3. Now copy the content of the public key ~/.ssh/id_rsa.pub into a new file authorized_keys
      cp ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys
    4. Connect with netfiles SFTP interface. Change to the /.ssh folder on the SFTP server. If this does not yet exist, create it now.
    5. Copy your public key, i.e. the file ~/.ssh/authorized_keys, into this folder.
  2. You can now log in to the interface using your public key. Your client may first have to be persuaded to do this. For many Unix tools such as scp, lftp etc. it is sufficient to call ssh-add once. You will be asked once for the password of your private key. This is then immediately available, provided that ssh-agent is running in the background.
  3. Other programs may have their own key management. Please find out how this works specifically for your SFTP solution.

Instructions for Windows

Under Windows, the process works in a similar way, with the difference that the key is usually imported into the SFTP client in a different format. There is a popular format that can be created using the well-known Putty tool. The Putty installer contains the corresponding tool PuttyGen. This can also be used to open existing OpenSSH keys and save them as Putty keys.

A Putty key is first generated with Puttygen. The program presents you with the content that must be inserted into the authorized_keys file right at the top. You must save this manually in a text file and transfer it to your directory at sftp://hans_mueller@netfiles.de/.ssh/authorized_keys.

Finally, you must integrate the PuttyKey into your SFTP application and log in using your private key saved as a PuttyKey in future.

One of the most popular SFTP clients for Windows is WinSCP, below are instructions for WinSCP 1.4.

If you have any questions regarding the setup and operation of the SFTP connection, please contact our support.

If the SFTP interface is activated in the data room and you would also like to work with 2-factor authentication, please enter the IP address in the data room settings under “Login” in the “Exclude IP range” field.