SSH Key Authentication for SCP, SFTP, or Rsync
When using SCP, SFTP, or Rsync, you can enable access through SSH key pair authentication, avoiding the need to enter a password.
Supported formats and algorithms
- Port 22 → key format: RFC4716, supported algorithms: RSA, ECDSA, ED25519
- Port 23 → key format: OpenSSH standard, supported algorithms: RSA, ECDSA, ED25519, ED25519-sk, ECDSA-sk
If you need to use both ports, you must store the public key in both formats (RFC4716 and OpenSSH) in the file .ssh/authorized_keys. Make sure the file ends with a newline.
Note: each user requires their own authorized_keys file within their home directory.
Generating SSH key pairs
You can generate a new key pair using ssh-keygen:
server> ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
cb:3c:a0:39:69:39:ec:35:d5:66:f3:c5:92:99:2f:e1 root@server
Warning: with default settings, ssh-keygen will overwrite an existing SSH key. Use the -f parameter to specify a different file path.
Testing access
Depending on the SSH key format you uploaded, you should now be able to log in without a password on port 22 and/or 23.
