Every time I need to set up SSH keys I’m never sure I’ve remembered correctly, and for proftpd SFTP logins an additional step is needed. So here’s how I do it!
1. Generate a 4096 key, with -o ensuring the passphrase is stored more securely.
I also specify a file for the keys to avoid overwriting any existing keys and for future reference.
Login into client and change to .ssh directory
john@myclient:~/.ssh$ ssh-keygen -b 4096 -o -f myserver-john-id-rsa
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in myserver-john-id-rsa.
Your public key has been saved in myserver-john-id-rsa.pub.
The key fingerprint is:
The key's randomart image is:
| E.. |
| oo= .|
| .+.= |
| .o ++B|
| S +. oo=@|
| = ..o++O|
| . ..= X=|
Listing the directory:-
john@myclient:~/.ssh$ ls -al
drwx------ 2 john john 290 Sep 16 20:37 .
drwxr-xr-x 98 john john 4096 Sep 16 15:59 ..
-rw-rw-r-- 1 john john 738 May 11 23:03 authorized_keys
-rw-r--r-- 1 john john 2996 Sep 16 16:18 known_hosts
-rw------- 1 john john 3381 Sep 16 20:37 myserver-john-id-rsa
-rw-r--r-- 1 john john 740 Sep 16 20:37 myserver-john-id-rsa.pub
2. Now I need to copy the public key to the server. In my case I have root access to the server, so I can conveniently change the entry
PasswordAuthentication yes in
sshd, and then issue the following command on the client:-
john@myclient:~/.ssh$ ssh-copy-id -i myserver-john-id-rsa.pub email@example.com
3. Now I need to change the public key into the format needed for proftpd, with the following command:-
john@myclient:~/.ssh$ ssh-keygen -e -f ./myserver-john-id-rsa.pub | sudo tee ./myserver-john-proftpd-id-rsa.pub
4. Similarly, copy the modified public key to the server using the following command:-
john@myclient:~/.ssh$ scp -i ./myserver-john-id-rsa ./myserver-john-proftpd-id-rsa.pub firstname.lastname@example.org:/home/john/.ssh
5. Change the server’s SSHD configuration back to
6. Also on the server and by using the new ssh login method, append the proftpd public key to the file where I’ve stored the keys for proftpd. In my case I have them stored here:-
authorized_keys known_hosts proftpd_authorized_keys