User Creation Clarification - Using SSH Keys for Login

Question

We create a user for SFTP Access and set the user to use a password for login. We want to switch this user to use a key instead.

I want to clarify that this is the correct method.

1. Create the user
2. Configure the user for SFTP login and select SSH Key Option.
3. Generate key for the user: ssh-keygen -t ed25519 -C username
4. Attach the .pub file generated to the user profile
5. Send the .pub file to the user for authentication

This is the first time we are dealing with SFTP and keys and want to make sure this is set up correctly.

Answer 1

Hi,

I assume you are using Buru SFTP Server. In that case, the procedure is sound (although I am bit unsure about step 5 as this is generally handled by the SSH/SFTP client which also needs access to the private key - or at least to the operations done using the private key, when the key is stored elsewhere, such as on hardware token, for example).

Please be aware of a bug in Buru SFTP Server introduced recently which sometimes requires the user to specify the password even though public key authentication is set up and 2FA is turned off. This will be fixed in a release this week. There are several workarounds:

• manually set password auth to 'enabled' using burusftp user update <user> --password-auth enabled
• using Web Admin, turn off and on password authentication, then save the "changes".

Comments

One more thing to add: the private + public key pair MUST be generated by the client as they need to ensure the private key's safety (the private key must NEVER be shared). The client provides the server with their public key.