Creating SSH Keys (Command Line)

Public key authentication (SSH Key) is a more secure alternative to password authentication that allows users to avoid entering or storing a password, or sending it over the network. Public key authentication uses the client computer to generate the key-pair (a public key and a private key). The public key is then provided to the remote computer's administrator to be installed on that machine.

To log in into other Aspera servers with public key authentication, you can create key-pairs from the command line, as follows:

  1. Create a .ssh directory in your home directory if it does not already exist:
    > md user_home_dir\.ssh

    Go to the .ssh folder:

    > cd user_home_dir\.ssh
  2. Run ssh-keygen to generate an SSH key-pair.
    Run the following command in the .ssh folder to create a key pair. For key_type, specify either RSA (rsa) or ED25519 (ed25519). At the prompt for the key-pair's filename, press ENTER to use the default name id_rsa or id_ed25519, or enter a different name, such as your username. For a passphrase, you can either enter a password, or press return twice to leave it blank:
    > ssh-keygen -t key_type
    Note: When you run ascp in FIPS mode (<fips_enabled> is set to true in aspera.conf), and you use passphrase-protected SSH keys, you must either (1) use keys generated by running ssh-keygen in a FIPS-enabled system, or (2) convert existing keys to a FIPS-compatible format using a command such as the following:
    > openssl pkcs8 -topk8 -v2 aes128 -in id_rsa -out new-id_rsa
  3. Retrieve the public key file.
    The key-pair is generated to your home directory's .ssh folder. For example, assuming you generated the key with the default name id_rsa:

    user_home_dir\.ssh\id_rsa.pub

    Provide the public key file (for example, id_rsa.pub) to your server administrator so that it can be set up for your server connection.

  4. Start a transfer using public key authentication with the ascp command.
    To transfer files using public key authentication on the command line, use the option -i private_key_file. For example:
    > ascp -T -l 10M -m 1M -i "user_home_dir\.ssh\id_rsa" myfile.txt jane@10.0.0.2:\space

    In this example, you are connecting to the server (10.0.0.2, directory /space) with the user account jane and the private key user_home_dir\.ssh\id_rsa.