Creating SSH Keys (Command Line)

Public key authentication (SSH Key) is a more secure alternative to password authentication that allows users to avoid entering or storing a password, or sending it over the network. Public key authentication uses the client computer to generate the key-pair (a public key and a private key). The public key is then provided to the remote computer's administrator to be installed on that machine.

Note: You can use the application GUI to create SSH keys or import existing keys for use with a selected user account. For instructions, see Creating SSH Keys in the GUI.

To log in into other Aspera servers with public key authentication, you can create key-pairs from the command line, as follows:

  1. Create a .ssh directory in your home directory if it does not already exist:
    > md user_home_dir\.ssh

    Go to the .ssh folder:

    > cd user_home_dir\.ssh
  2. Run ssh-keygen to generate an SSH key-pair.
    Run the following command in the .ssh folder to create a key pair. For key_type, specify either RSA (rsa) or ED25519 (ed25519). At the prompt for the key-pair's filename, press ENTER to use the default name id_rsa or id_ed25519, or enter a different name, such as your username. For a passphrase, you can either enter a password, or press return twice to leave it blank:
    > ssh-keygen -t key_type
    Note: When you run ascp in FIPS mode (<fips_enabled> is set to true in aspera.conf), and you use passphrase-protected SSH keys, you must either (1) use keys generated by running ssh-keygen in a FIPS-enabled system, or (2) convert existing keys to a FIPS-compatible format using a command such as the following:
    > openssl pkcs8 -topk8 -v2 aes128 -in id_rsa -out new-id_rsa
  3. Retrieve the public key file.
    The key-pair is generated to your home directory's .ssh folder. For example, assuming you generated the key with the default name id_rsa:

    user_home_dir\.ssh\id_rsa.pub

    Provide the public key file (for example, id_rsa.pub) to your server administrator so that it can be set up for your server connection.

  4. Start a transfer using public key authentication with the ascp command.
    To transfer files using public key authentication on the command line, use the option -i private_key_file. For example:
    > ascp -T -l 10M -m 1M -i "user_home_dir\.ssh\id_rsa" myfile.txt jane@10.0.0.2:\space

    In this example, you are connecting to the server (10.0.0.2, directory /space) with the user account jane and the private key user_home_dir\.ssh\id_rsa.