Setting up SSH Keys and changes needed for SFTP with proftpd
Every time I need to set up SSH keys I’m never sure I’ve remembered correctly, and for proftpd SFTP logins an additional step is needed. So here’s how I do it!
1. Generate a 4096 key, with -o ensuring the passphrase is stored more securely.
I also specify a file for the keys to avoid overwriting any existing keys and for future reference.
Login into client and change to .ssh directory
john@myclient:~/.ssh$ ssh-keygen -b 4096 -o -f myserver-john-id-rsa
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in myserver-john-id-rsa.
Your public key has been saved in myserver-john-id-rsa.pub.
The key fingerprint is:
SHA256:N45V5Z/abNVC87SqO+X4f53C5l081abcd7efgZl0HUI john@myclient
The key's randomart image is:
+---[RSA 4096]----+
| E.. |
| oo= .|
| .+.= |
| .o ++B|
| S +. oo=@|
| = ..o++O|
| . ..= X=|
| o.=..O|
| .=oo+.|
+----[SHA256]-----+
Listing the directory:-
john@myclient:~/.ssh$ ls -al
total 48
drwx------ 2 john john 290 Sep 16 20:37 .
drwxr-xr-x 98 john john 4096 Sep 16 15:59 ..
-rw-rw-r-- 1 john john 738 May 11 23:03 authorized_keys
-rw-r--r-- 1 john john 2996 Sep 16 16:18 known_hosts
-rw------- 1 john john 3381 Sep 16 20:37 myserver-john-id-rsa
-rw-r--r-- 1 john john 740 Sep 16 20:37 myserver-john-id-rsa.pub
2. Now I need to copy the public key to the server. In my case I have root access to the server, so I can conveniently change the entry PasswordAuthentication yes in /etc/ssh/sshd_config, restart sshd, and then issue the following command on the client:-
john@myclient:~/.ssh$ ssh-copy-id -i myserver-john-id-rsa.pub john@123.123.123.123
3. Now I need to change the public key into the format needed for proftpd, with the following command:-
john@myclient:~/.ssh$ ssh-keygen -e -f ./myserver-john-id-rsa.pub | sudo tee ./myserver-john-proftpd-id-rsa.pub
4. Similarly, copy the modified public key to the server using the following command:-
john@myclient:~/.ssh$ scp -i ./myserver-john-id-rsa ./myserver-john-proftpd-id-rsa.pub john@123.123.123.123:/home/john/.ssh
5. Change the server’s SSHD configuration back to PasswordAuthentication no
6. Also on the server and by using the new ssh login method, append the proftpd public key to the file where I’ve stored the keys for proftpd. In my case I have them stored here:-
john@server:~/.ssh$ ls
authorized_keys known_hosts proftpd_authorized_keys
//END