How To Set Up SFTP for File Transfer to Your Web Site

MOREnet provides SFTP (Secure-shell File Transfer Protocol) access for your web site (we do not provide FTP access). SFTP access will also include the ability to (optionally) access your web site content by Secure Shell (SSh) command line. Members with web sites hosted by MOREnet will need to generate an SSH public/private key pair if they want SFTP access to their web site. Then they will need to update their file transfer software config to connect via SFTP.

Getting Started...

To get started on a Windows™ computer, download PuTTY...

https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

Follow the installation instructions for the computer you use. With today's Windows computers, you will most likely need the putty-64bit-0.81-installer.msi file. This will install several files under a PuTTY folder. In particular are the PuTTY SSH client and the PuTTYgen utility which will be used next.
Note: "0.81" was the current version at the time this doc was last updated. Download the most recent version.)

The instructions will take you through the installation and starting up of PuTTYgen, to a point where you can create an SFTP public/private key pair.

Once you've gotten to this point, do the following:

First, create a directory folder on your hard drive. Name this folder 'SSH'. This folder is where you will save your public/private key pair for SFTP. You can create it anywhere on your hard drive you want. For ease of use, you can create it at the root of the 'C' drive ( 'C:\ssh' ).

Once you've created this directory folder, keep it open, since you'll be coming back to it later.

Next, click on the Windows 'Start' button. Then scroll down to the PuTTY folder and click on the dropdown arrow. Usually at the bottom of the list, you will find PuTTYgen. Click on it.

In the PuTTYgen window that opens, look toward the bottom. The default settings under 'Parameters' will have the "Type of key to generate" marked as "RSA". Underneath that, the "Number of bits in generated key" text box will say "2048". These default settings are what you need.

Click on the 'Generate' button. You'll see the larger top area has text prompting you to move the mouse around. You can move it any random way you want. As you do, PuTTYgen will use the movement to generate random values it uses to generate your key pair. Keep moving the mouse until the displayed green bar fills up. Once it does, your key pair will be generated.

PuTTYgen will then display several bits of information. Note the "Key Comment" text field. You can replace this value with something useful, such as "Key for MOREnet hosted web site", or your name, or any information you might find useful in reminding yourself what you use this key pair for.

Next, click the 'Save public key' button. A file save window will open up. Navigate to the c:\ssh\ directory folder you created. You can save the public key with any filename you want. It is recommended you include "-public.ppk" or "-pub.ppk" at the end of the filename so that you can quickly tell this is your public key. Click on the 'Save' button.

Next, click the 'Save private key' button.

A small window will open up asking if you are sure you want to save this (private) key without a passphrase. You can answer "yes" to this question if you are the only one who uses your computer. The private key file which you are about to save is the file you want to keep secure. You never give it to any one else.

If you prefer to use a passphrase and answer 'No', you will need to fill in the 'Key passphrase' and 'Confirm passphrase' fields with matching values. Thereafter, each time you initially open an SFTP connection, you will be prompted to enter this passphrase to "unlock" the private key.

After you have answered either "Yes" or "No", a file save window will open up. Navigate to the c:\ssh\ directory folder you created. You can save the private key with any filename you want. It is recommended you include "-private.ppk" or "-priv.ppk" at the end of the filename so you can quickly tell this is your private key. Click on the 'Save' button.

What you have saved so far are the public and private key files in "PuTTY PK format" (designated by the '.ppk' file extension).

To connect to the web server, you will need your public key in a slightly different format. Back in the PuTTYgen window, you will see the text box for "Public key for pasting into OpenSSH authorized_keys file". Beneath this is a box of text that starts with "ssh-rsa" and has a lot of random letters and numbers.

You will need to highlight ~all~ of this text, starting with the "ssh-rsa" and ending with the key comment you added. After highlighting ~all~ of it, you can either right-click and select 'Copy', or you can press CTRL+C on your keyboard.

Next, in the c:\ssh\ directory folder, create a new text file. Again, you can name it anything you want. It is recommended you include "-ssh-pub-key.txt" at the end of the filename, so you can quickly tell this is your SSH public key for the SFTP server to which you'll be connecting.

Once you've created this text file, open it and paste the SFTP server formatted public key into the text file. Then save the file.

You can now close PuTTYgen.

Attach the SSH public key file (name-you-created-ssh-pub-key.txt) for the SFTP server to an email. In the email, include your name and contact information, and the domain name of the web site to which you need SFTP access. Send the email to the MOREnet email address you were provided. DO NOT include your private key file.

Once your public key file has been placed on MOREnet's SFTP server, you will receive back a confirmation email which also lists your access name.

Using the access name, and your name-you-created-priv-key.ppk file, you can now configure your SFTP-enabled client to connect to your web site via SFTP.

Most web editing software nowadays supports SFTP. Your particular SFTP client will vary, but all will basically follow the steps outlined next. We will use FileZilla for our continueing example.

An Example Using FileZilla...

Start FileZilla.

In the top left (just under the word 'File') is the button to open the Site Manager. Click on it (but not on the drop-down arrow). The Site Manager sub-window will open.

In the Site Manager sub-window, click on the New button. A new, blank profile will open for you to fill in.

You'll notice in the left display area that a blue-highlighted "New site" entry has been created. Click on "New site" and give this profile a name of your choosing, preferably something that will remind you what this connection is for.

Next, under the 'General' tab on the right, change the 'Protocol:' dropdown to "SFTP - SSH File Transfer Protocol".

For the 'Host:' field, type in "sftp.kinetic.more.net" (without the quotes).

For the 'Logon Type:' dropdown, set it to "Key file".

For the 'User:' field, type in the username that MOREnet sent you.

For the 'Key file:' selection, click on the 'Browse...' button. Another sub-window will open up. Use it to navigate to the 'C:\ssh\' directory folder you created earlier. Select the name-you-created-priv-key.ppk file.

In the 'Comments:' text box, you can enter anything you'd like that will help you remember what this profile is for. This field has no effect on the connection this profile will make. It is just for your convenience.

You have now entered all the basic information you'll need for the SFTP profile. Click on the 'OK' button. Your new profile should look similar to the below example.

Connecting to Your Web Site with SFTP...

To connect to your web site to transfer files, in FileZilla click on the drop-down arrow for the Site Manager. You will see the profile you created listed. Click on the name of the profile.

FileZilla will now connect to MOREnet's SFTP server. Once it has connected, you will see the right-hand panes update with a listing of the web server file contents.

You'll notice you are in a directory called "webmaster". The full path on the web server is "/shared/web/data/webmaster". This is your SFTP account's home directory. You will always start here when you first connect.

It is recommended that you not alter or delete any of the files you initially see in this directory. You can add additional files or directories to this directory folder, but none of them will be visible to your web site.

In the upper right-hand pane, click on the "web" directory folder.

When the pane updates, you'll see several directory folders listed. The "etc" directory contains the configuration files for the web server. You will not be able to edit these files. The "www" directory is the one that contains all the files that make up your web site.

It is recommended that you not alter or delete any of the directories you initially see here. You can add additional files or directories to this directory folder, but it is recommended that you not do so. None of these directories are visible to your web site.

In the upper right-hand pane, click on the "www" directory folder.

When the pane updates, you will see all the files for your web site. These are the actual content files. The full path on the web server is "/shared/web/www". These are the only files and directories which the web server can actually "see" and use.

Note that the web server is case-sensitive. A (capital 'I') Index.php file is a different file than a (lower-case 'i') index.php file.

Note that the web server uses "/" (forward-slashes) for the directory path, whereas Windows uses "\" (back-slashes). Also, it is recommended that you not use spaces, quote, or double-quote marks in file or directory names.

You can now use the left-hand panes in FileZilla to navigate on your computer's hard-drive to the file(s) you want to upload or download.

Addendum: You Have More Than One Web Editor

If you have more than one web editor needing to update files on your web site, each of them should have their own separate key pair. You can either install PuTTY on their computers and generate their keys, or you can use your existing installation of PuTTY (from above) to generate additional key pairs for these other web editors. (Remember to use a thumbdrive or other secure medium to transfer the private key to their computer.)

The SSH public key for each of these additional editors will need to be emailed to MOREnet with a request to add them for SFTP access. They will use the same accessname, but will use their own private key.

Addendum: MAC or Linux Desktops

This How-To is oriented toward Windows computers. MAC and Linux computers have other utilities for creating SSH public/private key pairs. The SSH public/private keys they generate are just like the ones created by PuTTY and can be sent to MOREnet to enable SFTP access to your web site.

Open a Terminal (Applications->Utilities->Terminal).

Make a directory to store the SFTP key in...

mkdir keyForMOREnetSFTP
cd keyForMOREnetSFTP

Then generate the key...

ssh-keygen -t rsa

You will be prompted for a directory and filename to save the key files as. Us the keyForMOREnetSFTP directory you created and name the file something like your-website-name-ssh-key.

You will be prompted to enter a password. Using a password for the key file is up to you. If you prefer to use a password/passphrase, you will need to enter it twice with matching values. Thereafter, each time you initially open an SFTP connection, you will be prompted to enter this password/passphrase to "unlock" the private key.

Of the two files that are generated, attach the public key your-website-name-ssh-key.pub file to an email. In the email, include your name and contact information, plus the domain name of the web site to which you need SFTP access. Send the email to the MOREnet email address you were provided. DO NOT include your private key file.