How does SFTP function without a manually generated public/private key pair

  • I am learning about SSH and how to use it to secure file transfers and commands between a windows machine and a Linux server. Everything that I have read so far indicates that I need to use an SFTP client (like WinSCP) to connect to my server and transfer files. Gettin gin a little deeper, the docs for WinSCP never tell me to set up a public or private key pair on my client and server. I thought that the public and private keys were a fundamental element of how SSH worked. How is SFTP (which I have read is based on SSH) able to function without a public and private key pair (or is it defaulting to an insecure mode like FTP in the situation?)

    Originally, I thought that I needed to create these pairs for each individual that wanted to connect to the server and manually copy the public key file to the clients machine.

    EDIT =============================

    I did not understand that there are two sets of public/private keys in use, one that is created by the server and one that could possibly be created by the client. Initially, I though that they were the same public/private key pair.

  • Tom Leek

    Tom Leek Correct answer

    7 years ago

    Short answer: there is necessarily a public/private key pair on the server. There may be a public/private key pair on the client, but the server may elect to authenticate clients with passwords instead,


    SSH is a generic tunnel mechanism, in which some "application data" is transferred. One such application is the "remote shell" which is used to obtain an open "terminal" on a server, in which terminal applications can be run. Another, distinct application is the file transfer protocol known as SFTP. From the SSH point of view, which application is used is irrelevant. This means that any authentication concept applies equally to SSH (the "remote shell" part) and SFTP.

    The server MUST have a public/private key pair. That key is used for the tunnel part, so a server will use the same key pair for all applicative protocols. Most Unix-like operating systems (e.g. Linux) create a SSH key pair when first installed, and will use it thereafter. This means that you don't have to "create a key" when you configure your SSH server to also be used as SFTP: the server already has a key.

    A client may have a public/private key pair if it wishes to be authenticated based on that key; this is all about client authentication, i.e. about how the server will make sure that it is talking to the right client. Password-based authentication and key-based authentication are the two most common methods (some servers are configured to require both). By definition, only the key-based authentication requires that the client stores and uses a key pair of its own.

    @MartinPrikryl _"There's always (automatically generated) client-side key pair, even with password authentication."_ - No there isn't. Asymmetric crypto keypairs are only used for authentication, not establishing a secure channel._"How else would then the server be able to encrypt the information sent to the client, ..."_ - By using a Key Exchange method (such as Diffie-Hellman) to established a shared key (not keypair!) that is used by a symmetric cipher (typically something like chacha or AES). No client-side keypair involved.

License under CC-BY-SA with attribution


Content dated before 7/24/2021 11:53 AM

Tags used