Generating SSH keys

This procedure describes how to generate an SSH private and public keys in the Control-M Configuration Manager, which enables the SFTP client to authenticate itself to the SFTP server instead of using a password. After the keys are generated, you need to send the public key to the SFTP server administrator to activate public key authentication.

NOTE: If you upgraded to Control-M for AFT 8.2 or Control-M MFT, your previous SSH keys were migrated during the installation. The new keys retain their original name and location, but they no longer have a .ppk extension. If your SSH keys were not migrated, an error message might appear in the installation log. If that occurs, you need to generate new keys from the CCM.

To generate SSH keys:

1. From the Control-M Configuration Manager, select the Control-M Managed File Transfer on the host that you want to manage, right-click, and select Generate SSH key.

   The Control-M for MFT- Generate SSH Key dialog box appears.

2. In the Key Name field, type the name for the private and public keys.
3. In the Key Passphrase area, do the following:
   1. In the Passphrase field, type the password of the private key file.
   2. In the Confirm Passphrase field, re-type the password of the private key file.
4. In the Key generation parameters area, select the required parameters and click Save.

   The public and private keys are generated and saved in the Control-M/Agent computer in the following location:

   <Control-M/Agent_Home_Dir>\cm\AFT\data\keys

   NOTE: Generated keys defined with larger bits provides more security. However, you might receive a timeout message if generated on a slower computer. Verify that the keys were generated by checking the above location.

5. To extend the timeout period, see:
   • Extending the timeout period in Control-M/EM
   • Extending the timeout period in Control-M/Server
6. To save the public key locally, click Yes.
7. Select the filename and location for the public key, which can be later distributed to the SSH server.

   The key is saved on the Control-M/EM client local computer.

8. Add the private key path and file name and passphrase to a connection profile, as described in Creating a connection profile.