Collapse All Expand All Language Filter: All Language Filter: Multiple Language Filter: Visual Basic Language Filter: Visual Basic (Declaration) Language Filter: C# Language Filter: Managed Extensions for C++ Language Filter: C++/CLI

Public Key Authentication

Public Key Authentication uses a public and private key to authenticate a client. The client generates a signature using the private key. This signature is verified with the public key by signing a challenge sent by the server. It is important to note that a signature cannot be forged without the private key. Each signature is unique and cannot be reused. This policy of signature generation and non-reuse makes Public Key Authentication a more secure login system than the standard username/password login, which is easily defeated by a man-in-the-middle attack.

The method is called 'publickey' in the SSH-2 protocol specification, however it actually requires a private key to be provided by the client (the server will use the public key counterpart to verify the signature).

Public Key Authentication and PowerTCP SSH and SFTP for .NET

PowerTCP SSH and SFTP for .NET supports DSA and RSA private keys in OpenSSH, SSH2, and SSH.com formats (must contain a "-----BEGIN DSA PRIVATE KEY-----", "-----BEGIN RSA PRIVATE KEY-----" or "---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----" tag).

The private key string may be encrypted ("Proc-Type: 4,ENCRYPTED"). The library supports DES-CBC and DES-EDE3-CBC encryption, as well as the more exotic PEM encryptions AES-128-CBC, AES-192-CBC and AES-256-CBC.

NOTE PUTTY USERS: Even though your key file may start with "-----BEGIN..." it is not in the expected format. You must convert it to the OpenSSH key format with the "puttygen" tool (can be downloaded from the Putty website). Load your key and use the "Conversions/Export OpenSSH key" functionality to produce a compatible PEM file.

PuTTYgen Key Generation

There is a free utility called PuTTYgen that can be used to generate key pairs. This utility can be downloaded from the PuTTY Download Page.  Run PuTTYgen and follow these steps:

Generate the Key

1. Click on "Key" in the file menu and select either "SSH-2 RSA" or "SSH-2 DSA."
2. Click on "Key->Generate key pair" in the file menu and follow the on-screen instructions.
3. Optional: Once key generation is complete, enter a passphrase to protect the key. Enter a comment to help identify the key.

Export the Key for Use

1. Click on "Conversions->Export OpenSSH key." This will export the private portion of the key pair, to use with the PowerTCP component.
2. Click on the “Save public key” button to export the public key to a file which must be copied to the server.

Copy the Key to the Server

These instructions apply to a linux server, you will need to contact your IT department for specific instructions for other Operating Systems.

1. Log in to the server with an SFTP or SCP client.
2. Transfer the public key file to the user home directory on the server.
3. Log in to the server using an SSH Client.
4. Navigate to the directory the public key was uploaded to and enter the following command:
   cat publickey.pem >> ~/.ssh/authorized_keys

---

PowerTCP SSH and SFTP for .NET Documentation Version 7.0

© 2023 Dart Communications. All Rights Reserved.

Send comments on this topic