Does Transfer Family support Password and SSH key authentication together in one single login ?


Hello Team, I am working on a AWS Transfer Family Solution (SFTP) and need a confirmation that whether this service can support both password and ssh key based authentication at same time (i.e in one login attempt when user passes both using any sftp client like filezilla or winscp). I used lambda based identity provider and identified that when I pass both password and ssh key in Filezilla, password is never passed to lambda and so code logic have to assume it is ssh key based authentication. Can someone please provide any advise !!

asked a year ago564 views
2 Answers
Accepted Answer

Hello Sumit@,

AWS Transfer service doesn't support both Password and SSH key based authentication for one login attempt. Users can authenticate either via SSH keys or Passwords but not both for the same login session. However, you could implement Multifactor authentication techniques when using Custom or Lambda IDP authentication type servers. An example implementation is mentioned in this blog post [1] where the User is authenticated against Okta with Password + MFA token.



Let me know if you have further questions.

-- Sagar

answered a year ago

Hi Sumit,

AWS Transfer Family now supports the ability to require multiple methods of authentication in a single login, including the ability to require BOTH password and public key. You can learn more about how to configure multiple methods of authentication using a customer identity provider in Step 3 of our Create an SFTP-enabled server documentation. Please let us know if you have any questions.

– AWS Transfer Family

answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions