Generating SSH Keys
This procedure describes how to generate an SSH private and public keys in the Configuration domain, which enables the SFTP client to authenticate itself to the SFTP server instead of using a password. After the keys are generated, you need to send the public key to the SFTP server administrator to activate public key authentication.
If you upgraded Control-M MFT, your previous SSH keys were migrated during the installation. The new keys retain their original name and location, but they no longer have a .ppk extension. If your SSH keys were not migrated, an error message might appear in the installation log. If that occurs, you need to generate new keys.
Begin
-
From the icon, select Configuration.
-
From the drop-down list, select Plug-ins.
-
In the Plug-ins area, click the three dots on the File Transfer plug-in and then select File Transfer Plugins.
-
From the Configuration drop-down list, select Generate SSH Key.
The Generate SSH Key pane appears.
-
In the Key Name field, type the name for the private and public keys.
-
In the Key Passphrase area, type the password of the private key file.
-
In the Key Algorithm drop-down list, select one of the following key algorithm options:
-
RSA
-
ECDSA
-
-
In the Key Length drop-down list, select one of the following key length options:
-
RSA:
-
1024
-
2048 (default)
-
4096
-
8192
-
-
ECDSA
-
128 (default)
-
256
-
521
-
-
-
Click Save.
The public and private keys are generated and saved in the Control-M/Agent computer in the following location:
<Control-M/Agent_Home_Dir>\cm\AFT\data\Keys
NOTE: Generated keys defined with larger bits provides more security. However, you might receive a timeout message if generated on a slower computer. Verify that the keys were generated by checking the above location.
-
To save the public key locally, click Yes.
The key is saved on your computer.
-
Add the public key value to the remote SFTP server authorized_keys file, as described in Connecting to the SFTP Server with Public Key Authentication.
-
To use key authentication in a File Transfer Job, use the private key name and define the passphrase in a connection profile.