SSH Public Key Authentication in TurboFTP SFTP Server with Public Keys Deployed in AD

Overview

TurboFTP Server is a multi-protocol secure file transfer server. SFTP and SCP are two popular file transfer protocols that normally run on top of SSH secure layer. When it comes to user authentication in SSH, public key authentication is considered more secure in that no password is sent over the network. TurboFTP Server supports SSH public key authentication in two different configurations. The first one is quite simple and similar to that of OpenSSH server running on Linux: the server looks for the user's SSH public key in the ssh_key subfolder under the user's home folder. If a PEM format SSH public key exists it will be loaded to authenticate the user (the ssh_key folder is hidden from user's view then the user browses his/her home directory).

Alternatively, if Active Directory is the authentication method of a domain in TurboFTP Server, and you want to use SSH public key authentication for users to access SFTP/SCP service, the SSH public key needs to be stored as an Active Directory attribute. This guide assumes a valid AD user attribute sshPublicKey has been assigned for the purpose of storing user SSH public key, and shows how to configure TurboFTP Server and SFTP Client to make SSH public key authentication work.

Mapping SSH public key to AD users

To map SSH public key to AD user, we need to use ADSI Edit.

  1. Launch MMC and add ADSI Edit as a snap-in to MMC.

  2. Search for the user in the tree, right-click on it and select Properties. All attributes can be edited there.

  3. Select Attribute Editor, select sshPublicKey and double click on it. Copy and paste the user PEM format SSH public Key (only the Base64 key blob, excluding any delimiters or attributes) to here and click OK.

Configure TurboFTP Server to use AD as external authentication source

For this procedure please refer to article Set up Active Directory or LDAP Authentication in TurboFTP Server.

To enable SSH public key authentication, make sure to enter the name of AD attribute where the user public key is stored.

Configure SFTP Client for SSH public key authentication

We demonstrate SFTP client configuration with TurboFTP client.

  1. Launch TurboFTP client, and select the site to configure in Address Book.

  2. Go to Security tab and enable Use SSH public key authentication, provide the paths to public key and private key of the user.