SFTP Server Setup and Login Instructions Job Aid

How to Generate a Public/Private Key Pair on Windows

1. Begin by launching WinSCP, selecting ‘Tools’ > Run PuttyGen to start the PuTTYgen program 

2. Identify that the SSH-2-RSA key is selected in the “Key” tab. 

• Input 4096 in the ‘Number of bits in a generated key’ as highlighted in the orange box.

• NOTE: Older versions of PuttyGen provide a radio button in the Parameters box. 

3. Click ‘Generate’ button to begin the key pair generation process 

4. Delete text displayed in the Key Comment field and enter your business email address.

• NOTE: Without a business email address, your public key will not be added to the SFTP site. 

• To save public key, click ‘Save public key’ button 

5. Create a WinSCP folder in your User folder and save your public and private key to your user folder on your C:drive.  C:Drive>Users>Your Username Folder>WinSCP.

• Note: Please use the following naming convention is <first name>.<last name>.pub (e.g. logan.mcneil.pub) 

6. Once saved, you are able to open the public key using a text editor, such as Notepad in Windows, and confirm the key uses SSH2, as shown below.  

• NOTE: Sample provided is just a “sample” and your key will look very different. 

7. For the private key, create a passphrase that is longer than the standard 6- character password.  Please use Keypass to create this passphrase with at least 24+ characters.  

• Enter the passphrase in the ‘Key passphrase’ field

• Type the same passphrase in ‘Confirm passphrase’ field to confirm they are identical.

8. Once you have entered in your passphrase twice, click the ‘Save private key’ button to save it to your WinSCP folder in your user folder.

• NOTE: A good naming convention is <first name>. <last name>.ppk (e.g. logan.mcneil.ppk) 

9. Attach your public key to an email and send it to Sarah Rhett at sarahrhett@adams.edu

• NOTE: Sarah Rhett will arrange to have your public key installed on the SFTP server and inform you when you can begin to access your SFTP site.  Sarah Rhett will send you the server host name, as well as your username you will use to login to the server.

• Follow the login instructions on the next page.

• Keys can be used on multiple devices.

Setup PuTTY Gen to Login Automatically 

Onetime setup

1. Start PuTTY Gen and select New Site. Enter in the host name of the server and username provided by Sarah Rhett.  Then select Advanced. 

2. Then Select Authentication 

3. Then select Related Actions 

4. Locate your private key file in your WinSCP folder in your username folder: C:Drive>Users>Your Username>WinSCP>.ppk file. Then select OK and select OK again on the Advanced Site Settings Window.  

5. Select the Login button to Login to the Server:

6. Enter your Passphrase you created, then click ‘OK’ 

How to Generate a Public/Private Key Pair on Mac OS X 

1. SSH keys are generated using the Terminal Application

• Located in Applications > Utilities 

• The command you input into Terminal looks like this:

2. Generate the key pair with your information inserted into the above command. 

3. Use your password manager (e.g., KeePass) to generate a secure passphrase of 24+ or more random characters and save it to your password manager.

• Security Link: Protect your private key with a random passphrase generated and stored by a password manager, make it at least 24 characters, (e.g., mybolognahasafirstnameitsoscar9!)

• Copy the passphrase and paste it into Terminal and hit return, then repeat to confirm passphrase.

• NOTE: Nothing will be displayed after pasting your passphrase; it may look empty, but it is not, if your paste was successful 

4. If successful, look for a message confirming your ID was created. 

• You do not need to save the fingerprint or art image.

5. By default, the files are stored at the root level of your home directory.

• If you do not see your private key, it may be located in ~/.ssh/

• NOTE: The .pub file is your public key that can be shared with you EM/PM. The file without an extension is your private key file. 

• Doing so means they could impersonate you, access sensitive data and endanger the profound level of trust bestowed upon Workday. If unauthorized access to your private key(s) is suspected, immediately contact your EM/PM or security@workday.com 

How to Add to your Keychain and Secure the File 

One-Time Setup You can add your private key passphrase to your Keychain to simplify the login. Also, some servers will reject your key if the permissions are too “loose.” 

1. Setup You can add From Terminal, type: ssh-add -K [location of your private key file]

• In the above example where the file was called first.last and it was in our home folder, you would type: ssh-add -K ~first.last

• Ssh-add is the command to add a new identity to the authentication agent service.

• -K stores the identity passphrase in the Keychain.

• ~/first.last is the file path to the private key to add (~/ is a shortcut for “home directory of the logged in user”)

• You can also drag a file from the Finder onto the Terminal window, and it will add the exact path.

2. Copy the private key’s passphrase from your password manager into the Terminal window. 

3. You will then receive a confirmation message that the passphrase was added. 

4.Private key file Type: chmod 600 [private key file path]

• private key file In the above example you would type: chmod 600 ~/first.last

• This sets the permissions so that only you and applications you run can read the file.

Troubleshooting

• Permissions so that the file permission chmod 700 may also workd if chmod 600 does not.

• Also, ssh-agent should be running by default; if not, (i.e., your company has turned it off), launch it propr to using ssh-add.

Login Instructions 

1. Start WinSCP then on the left menu, select ‘New Site’. 

2. Complete the connection information as follows:

• File protocol: SFTP (defaulted)

• Host name

• wd2-impl-mft-atl.workday.com

• wd5-impl-mft-pdx.workday.com (if in Portland, OR)

• wd3-impl-mft-dub.workday.com

• Port #22 (defaulted)

• Username: enter the use name assigned to you by your Engagement Manager.

• Users with Workday email address; username will be: sitename.firstname.lastname (e.g., workdaysftp.logan.mcneil)

• Users with Non Workday email address; username will be: sitename.emailaddress_emaildomain (e.g, workdaysftp.logan.mcneil_gms.com) 

3. Click ‘Advanced’ and select ‘Authentication’ on the left menu. 

4. Click the ‘…’ button in the ‘Private key file’ field. 

5. Find your private key on your hard disk and select it. Once you have located and selected your private key, click ‘OK’.

• Click ‘Save’ to save this login setup

• If you have any questions or are unable to connect to the SFTP server, please contact your Engagement Manager.

To Login 

1. key on your hard disk and Start WinSCP, ‘select saved session’ on the left menu. Click ‘login’. Provide your Passphrase and then click ‘OK’. 

2. Once the login process has completed, you will then see two panels on your screen. 

• The left panel displays your local machine directory.

• The right panel displays the SFTP site.

• The ‘/incoming’ directory will be the primary directory where files will be located.

Tips

Save every new version of any file with a date stamp (ddmmyy)

• of any to edit a file, drag the file to a secured location, such as a secure USB thumb drive or an encrypted hard disk. 

• Next, open the file with the appropriate program. 

• Once your editing is complete, do a Save-As and rename the file and the copy the file back to the SFTP server.

Login Instructions Using Cyberduck

• The steps and settings should be similar across all applications because they must conform to the standard. Nuances of each application will be highlighted wherepossible. Refer to the documentation links above for additional detail. 

• Cyberduck has a similar interface across Mac OS and Windows, so only one set of images has been generated.

Setup a New Connection

• Most SFTP applications have a quick connect feature and a bookmark feature.

• The bookmark feature is best because you will be connecting to the SFTP regularly for several months.

Enter Login Settings and Credentials 

Specify a Private Key

In most cases, it’s as simple as pointing to your private key file. There are a few things that can get in the way (again, most are related to enforcing a high degree of security/integrity in the process and are worthwhile as you only must deal with them once):

Otherwise, it should be as simple as finding the file in whatever directory to which the save was saved -e.g., Keys.

1. Click ‘Use Public Key Authentication’

2. Select the private key.

• If you didn’t add the .ppk extension, select All file (*.*) from the file type menu.

Connect to SFTP Server 

Now that you’ve added a bookmark with your server settings and configured the private key authentication, connecting is only a few clicks away.

1. Double click on the bookmark you created previously.

Not Seeing What You Need?  To Request a Job Aid, Click Here.

Need Help?  Visit our Getting Help Page 

Functional Office Contact for this Page

Computing Services

719-587-7741

computingservices@adams.edu