MOREnet logo
Home | Manager Application |
emphasis graphic What's New?  
  SFTP and SSH
The old FTP is going away. Updating web sites will move to using SFTP or SSH.


MOREnet will be replacing the FTP (File Transfer Protocol) service with SFTP (Secure-shell File Transfer Protocol). This will also include adding the ability to (optionally) access your web site content by Secure Shell (SSh).

Members with web sites hosted by MOREnet will need to generate an SSH public/private key pair. Then they will need to update their file transfer software config to connect via SFTP. The below instructions will assist in making this transition.

How To Set Up SFTP for File Transfer to Your Web Site

First, some definitions to get us started:

File Transfer Protocol. A familiar and older method of transferring files to/from a server. Usernames, passwords, and data were not encrypted. Examples include older versions of WsFTP and DOS ftp.exe.

File Transfer Protocol over SSL. Increased security of FTP by adding SSL encryption to the data transferred.

Secure Socket Layer. By using an SSL certificate and key file an encrypted connection can be established between the client (such as a browser or FTP client) and a server (such as a web server or file server). Since the connection is encrypted, the information transmitted back and forth cannot be "read" by outside parties.

File Transfer Protocol Extended over SSL. Increased security of FTPS by adding SSL encryption to the username and password during login, as well as the data transferred.

Secure shell File Transfer Protocol. Uses a stronger and more secure encryption method based on public/private key pairs. All traffic, including login, between the client and server is encrypted using SSH public/private keys.

Secure Shell. Connects a client computer to a server computer using public/private keys. All communication between the two computers is encrypted. In its basic form, it is much like a DOS command prompt, allowing the user to enter commands on the command line, yet do so on a remote server. It also facilitates encrypted file transfers between the two computers.

SFTP Client
An application like FileZilla, PuTTYscp, WinSCP, or latest versions of DreamWeaver. You use it to connect via the SSh encrypted protocol to a server. For ease of use it typically mimics the behavior of the older and familiar FTP clients.

Pulic Key
The unique key you can give out to others so they can put it on their server to allow you to connect.

Private Key
The unique key you keep and never give to anyone else. It is also the key you will configure your SFTP client to use.

Getting Started

To get started, download PuTTYgen... Follow the installation instructions for the computer you use. (With today's Windows computers, you will most likely need the putty-64bit-0.74-installer.msi file.)

The instructions will take you through the installation and starting up of PuTTYgen, to a point where you can create an SFTP public/private key pair.

Once you've gotten to this point, do the following:

First, create a directory folder on your hard drive. Name this folder 'SSH'. This folder is where you will save your public/private key pair for SFTP. You can create it anywhere on your hard drive you want. For ease of use, you can create it at the root of the 'C' drive ( 'C:\ssh' ).

Once you've created this directory folder, keep it open, since you'll be coming back to it later.

Next, click on the Windows 'Start' button. Then scroll down to the PuTTY folder and click on the dropdown arrow. Usually at the bottom of the list, you will find PuTTYgen. Click on it.

In the PuTTYgen window that opens, look toward the bottom. The default settings under 'Parameters' will have the "Type of key to generate" marked as "RSA". Underneath that, the "Number of bits in generated key" text box will say "2048". These default settings are what you need.

Click on the 'Generate' button. You'll see the larger top area has text prompting you to move the mouse around. You can move it any random way you want. As you do, PuTTYgen will use the movement to generate random values it uses to generate your key pair. Keep moving the mouse until the displayed green bar fills up. Once it does, your key pair will be generated.

PuTTYgen will then display several bits of information. Note the "Key Comment" text field. You can replace this value with something useful, such as "Key for MOREnet hosted web site", or your name, or any information you might find useful in reminding yourself what you use this key pair for.

Next, click the 'Save public key' button. A file save window will open up. Navigate to the c:\ssh\ directory folder you created. You can save the public key with any filename you want. It is recommended you include "-public.ppk" or "-pub.ppk" at the end of the filename so that you can quickly tell this is your public key. Click on the 'Save' button.

Next, click the 'Save private key' button.

A small window will open up asking if you are sure you want to save this (private) key without a passphrase. You can answer "yes" to this question if you are the only one who uses your computer. The private key file which you are about to save is the file you want to keep secure. You never give it to any one else.

If you prefer to use a passphrase and answer 'No', you will need to fill in the 'Key passphrase' and 'Confirm passphrase' fields with matching values. Thereafter, each time you initially open an SFTP connection, you will be prompted to enter this passphrase to "unlock" the private key.

After you have answered either "Yes" or "No", a file save window will open up. Navigate to the c:\ssh\ directory folder you created. You can save the private key with any filename you want. It is recommended you include "-private.ppk" or "-priv.ppk" at the end of the filename so you can quickly tell this is your private key. Click on the 'Save' button.

What you have saved so far are the public and private key files in "PuTTY PK format" (designated by the '.ppk' file extension).

To connect to the web server, you will need your public key in a slightly different format. Back in the PuTTYgen window, you will see the text box for "Public key for pasting into OpenSSH authorized_keys file". Beneath this is a box of text that starts with "ssh-rsa" and has a lot of random letters and numbers.

You will need to highlight ~all~ of this text, starting with the "ssh-rsa" and ending with the key comment you added. After highlighting ~all~ of it, you can either right-click and select 'Copy', or you can press CTRL+C on your keyboard.

Next, in the c:\ssh\ directory folder, create a new text file. Again, you can name it anything you want. It is recommended you include "-ssh-pub-key.txt" at the end of the filename, so you can quickly tell this is your SSH public key for the SFTP server to which you'll be connecting.

Once you've created this text file, open it and paste the SFTP server formatted public key into the text file. Then save the file.

You can now close PuTTYgen.

Attach the SSH public key file (name-you-created-ssh-pub-key.txt) for the SFTP server to an email. In the email, include your name and contact information, and the domain name of the web site to which you need SFTP access. Send the email to the MOREnet email address you were provided. DO NOT include your private key file.

Once your public key file has been placed on MOREnet's SFTP server, you will receive back a confirmation email which also lists your access name.

Using the access name, and your name-you-created-priv-key.ppk file, you can now configure your SFTP-enabled client to connect to your web site via SFTP.

Most web editing software nowadays supports SFTP. Your particular SFTP client will vary, but all will basically follow the steps outlined next. We will use FileZilla for our continueing example.

An Example Using FileZilla

Start FileZilla.

In the top left (just under the word 'File') is the button to open the Site Manager. Click on it (but not on the drop-down arrow). The Site Manager sub-window will open.

In the Site Manager sub-window, click on the New button. A new, blank profile will open for you to fill in.

You'll notice in the left display area that a blue-highlighted "New site" entry has been created. Click on "New site" and give this profile a name of your choosing, preferably something that will remind you what this connection is for.

Next, under the 'General' tab on the right, change the 'Protocol:' dropdown to "SFTP - SSH File Transfer Protocol".

For the 'Host:' field, type in "" (without the quotes).

For the 'Logon Type:' dropdown, set it to "Key file".

For the 'User:' field, type in the username that MOREnet sent you.

For the 'Key file:' selection, click on the 'Browse...' button. Another sub-window will open up. Use it to navigate to the 'C:\ssh\' directory folder you created earlier. Select the name-you-created-priv-key.ppk file.

In the 'Comments:' text box, you can enter anything you'd like that will help you remember what this profile is for. This field has no effect on the connection this profile will make. It is just for your convenience.

You have now entered all the basic information you'll need for the SFTP profile. Click on the 'OK' button. Your new profile should look similar to the below example.

Connecting to Your Web Site with SFTP

To connect to your web site to transfer files, in FileZilla click on the drop-down arrow for the Site Manager. You will see the profile you created listed. Click on the name of the profile.

FileZilla will now connect to MOREnet's SFTP server. Once it has connected, you will see the right-hand panes update with a listing of the web server file contents.

You'll notice you are in a directory called "webmaster". The full path on the web server is "/shared/web/data/webmaster". This is your SFTP account's home directory. You will always start here when you first connect.

It is recommended that you not alter or delete any of the files you initially see in this directory. You can add additional files or directories to this directory folder, but none of them will be visible to your web site.

In the upper right-hand pane, click on the "web" directory folder.

When the pane updates, you'll see several directory folders listed. The "logs" directory contains the raw web server logs listing web visitor access and any errors that may have occured. The "reports" directory contains any web reports that may be active for your web site. The "www" directory is the one that contains all the files that make up your web site.

It is recommended that you not alter or delete any of the directories you initially see here. You can add additional files or directories to this directory folder, but it is recommended that you not do so. None of these directories are visible to your web site.

In the upper right-hand pane, click on the "www" directory folder.

When the pane updates, you will see all the files for your web site. These are the actual content files. The full path on the web server is "/shared/web/www". These are the only files and directories which the web server can actually "see" and use.

Note that the web server is case-sensitive. A (capital 'I') Index.php file is a different file than a (lower-case 'i') index.php file.

Note that the web server uses "/" (forward-slashes) for the directory path, whereas Windows uses "\" (back-slashes). Also, it is recommended that you not use spaces in file or directory names.

You can now use the left-hand panes in FileZilla to navigate on your computer's hard-drive to the file(s) you want to upload or download.

Missouri Research and Education Network