By using AWS re:Post, you agree to the AWS re:Post Terms of Use

AWS Transfer Family - SSH Key Pair

0

Hi all:

We are using the AWS Transfer Family service as our SFTP service.
Currently, we are generating a ssh key pairs for our vendors and add the public keys to the vendor account while creating the vendor accounts.
We are transferring the private keys to the vendors and with this they are able to log onto the account.
Let me know if this is the right approach or not.

One of the vendor says that transferring private key is not safe and asking us for the public key.
If I provide him the public key and have the public key attached to the account within AWS Transfer family, he is getting authentication error.

Should we send them the public key or private key? Is it safe to send them the private key?
Also, if he has key pair generated, is it okay if I have his public key attached to the account?
Can someone who is an expert in this area clear my confusion.
Appreciate any help in this.

Regards!
Venkata

asked 3 years ago3K views
2 Answers
0

Hello Venkata,

In terms of security best practices, sharing a Private Key is not recommended. As the name suggests, the Private Key should be kept private to the user who generated them and not shared with anyone.

Concerning SSH Key authentication, the server holds the Public Key whereas the client holds the Private Key. Authentication succeeds when the client uses the Private key which is compared against its corresponding Public Key on the server. This is why in the first case, authentication succeeded when you shared the Private Key with your vendor. When you share the Public Key with your vendor, the authentication process will fail as you cannot use a Public Key against a Public Key. Therefore the behavior that you observed when you shared the Public Key is expected.

To your questions specifically:
Q: Should we send them the public key or private key?
A: If your vendor is going to connect to your server, the vendor should have the Private Key while you/server should have the Public Key.

Q: Is it safe to send them the private key?
A: It depends on how you share the Private Key, however it is not recommended and not a best practice approach as there is always a chance of security breach during sharing confidential keys.

Q: Also, if he has key pair generated, is it okay if I have his public key attached to the account?
A: Yes, there are no issues in having a corresponding Public Key. As the name implies, they are public information.

With that said, the best approach would be to have your vendor create the SSH Keys and share the Public Key with you. You can then add the Public Key to your server and the authentication should succeed when they use the corresponding Private Key.

Let me know if you have questions.

Regards,
Sagar

AWS
EXPERT
answered 3 years ago
0

Thanks Sagar for sharing the information.

answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions