Enabling Password Based Authentication on Existing Transfer Family 'Service managed' SFTP Server

Password-based authentication cannot be directly enabled on an existing server with the service managed identity provider. The service managed provider only supports public key authentication.

To enable password authentication, you will need to migrate your server to use a custom identity provider instead of the service managed provider. This can be done by creating a new server and migrating your users and data over to it.

When using a custom identity provider, you have full control over the authentication methods supported. You can configure it to support both password and public key authentication.

To set up Lambda functions or API Gateway as a custom identity provider consider the following:

• You will need to provision a new server and migrate users, data and host keys over.
• Use the aws transfer update-server CLI command to update the host key on the new server if you want to reuse the same host key.

Hi Adheeb, we do not currently support exporting host key from an existing SFTP server today. However, this and native password-based authentication (your original question) are both feature requests for our service. I'd like to know more about your use case, use of AWS Transfer Family and need for these capabilities. Please reach out to yoonmsuh@amazon.com if you'd be interested in discussing further. Thanks!