WinSCP SFTP into a server as a service user by key
05 Mar 2022
Table of Contents
From paper notes I’d like to throw away.
Server-side prerequisites
Someone who can already get into the server and edit the /home/service_username/.ssh/authorized_keys
file needs to put the contents of my public key into the file.
Appending it at the end is fine if it’s not already in there.
Making a key
If I don’t have a public-private keypair, I can make one on any Linux system (including the little mini-Linux-like environment of the “Git Bash” terminal that comes with Windows installations of Git) by running an ssh-keygen
command.
- Go ahead and accept its default filename pattern (it will make a file called
id_rsa
for the private key &id_rsa.pub
for the public key file) - There’s an option to add a passphrase. I like to do this, because even if someone sits down at my computer, they can’t just start logging into servers as me via key without also knowing the password I added to that key.
I’m also going to need to have a “PuTTy”-formatted copy of the private key, so I need to:
- Open WinSCP and find Tools > Run PuttyGen in the lower left of the Login popup.
- Click the Load button and choose an existing Linux-style private key file.
- Click Save private key and give it a
.ppk
extension.
Desktop-side
- Open WINSCP.
- Set up File protocol as
SFTP
. - Enter the server’s Host name and Port.
- Enter a User name of
service_username
. - Leave Password blank.
- Click the Advanced button under the password box.
- Click Authentication at left, under the SSH navigation grouping.
- In Private key file, choose the appropriate
.ppk
file ffrom my hard drive using the triple-dot button. - Click OK to return to the main Login popup in WinSCP.
Now I should be able to click Save if I plan to log into this server as service_username
a lot, and click Login to SFTP into it as service_username
.