Navigation:  FileCOPA Manual > Users >

Previous pageReturn to chapter overviewNext page


This method of authentication can be used only with SFTP connections.

Passwords can be subject to educated guesses or dictionary or brute-force attacks, or may even be erroneously released, so are not the most secure method of authentication. And if the same password has been used for several different purposes, this makes it even more of a problem. Use of PKI (Public Key Infrastructure) is a much more secure method of authentication.

It is first necessary to generate a public/private key pair - the former may be distributed freely, the latter must be kept secure, ideally protected by a passphrase. A simple means under Windows is to use PuTTY. The user's public key must be in OpenSSH format

The ftp client will need to be configured with the key pair, and the public key must be pasted into the box here.

NOTE that this key pair is not used to encrypt the connection between the FTP client and FileCOPA, it only allows secure authentication of the connection. Encryption is carried out by the SFTP protocol.

Multiple keys may be used for a user - add second or subsequent keys to the user's record separated by a carriage return. Different keys could be used from different places, rather than copying the same private key to several machines.

NOTE that you should set a random, un-guessable password for the user - if the key pair doesn't match, then FileCOPA (in line with usual practice for SFTP servers) will fall back to asking for a password. If no password has been set then it would allow anyone to log in as this user. In this scenario, the password will never be used, so make it as long and random as possible.