Configure Public Key Authentication for SFTP using OpenSSH

Public-key authentication allows you to connect to a remote server without a password. Instead, public-key authentication uses two keys:

  • Private key kept in a file and protected with a password.

  • Public key placed on the server usually by the system administrator.

  1. Run the command ssh-keygen from the Terminal.app (macOS) or Console (Windows) to generate a public/private pair of keys. They will be put in your directory ~/.ssh, though you will probably be asked to approve or change this location. When you generate the keys you will be asked for a passphrase. If you use a passphrase, then you will have to enter it when connecting. Use the key format (-m PEM) to create the keys in OpenSSL PEM format. Specify the type of key with the parameter -t as either ecdsa, ed25519 or rsa.

    ssh-keygen -m PEM -t rsa
    
  2. Copy the public key to the server you wish to access and add it to the file authorized_keys in your ~/.ssh directory.

    Tip

    You may need to create the file if it does not exist.

    This will cause the server to allow authenticating with your corresponding private key.

    ssh hostname < ~/.ssh/id_rsa.pub 'cat >> .ssh/authorized_keys'
    
  3. In the Bookmark or Connection window, select Use Public Key Authentication and select the private key in your ~/.ssh directory. When connecting, you will be prompted to enter the password for the private key. Choose Save Password to save the password.