Secure File Transfer using PuTTY

This page is about setting up the program sftp for secure file transfer using the ssh protocol. More specifically, it's about installing and using the version of sftp that's part of the open source, freely available PuTTY package for Windows PC's. MAC or Linux PC's usually have a version of sftp already built in, so setup is simpler: see the companion page ssh_mac_linux for that.

The ssh protocol allows use of a public/private key pair instead of a login password , and it encrypts file transfers, so an eavesdropper cannot intercept them. When the user requests a file transfer, the server can verify that the user has the private key without needing to know the actual contents of the key. A Google search on "Public Key Cryptography" will provide details about how this mathematical magic works. For purposes of this writeup it's sufficient that it's generally considered reliable as long as the private key really remains private.

Security is a complex problem; these notes are not intended for critical situations or when there are specific legal or financial requirements for privacy.

Setup and use of PuTTY includes the following steps (each is described in more detail below):

• Get and install the software.
• Generate a key pair, which consists of a private key and its associated public key, and send the public key to the remote server.
• Activate the private key on the user's PC. As the name implies, this key is never shared with anyone.
• Connect to the remote server and transfer files.

Each step is explained in the following sections.

Get and install PuTTY.

After the install is complete, programs are available in the PuTTY folder:
Windows Start button → All Programs → PuTTY folder

Generate key pair

Next we need to generate the keypair: Click the windows Start button, type "puttygen" in the search box, and click on it to start it.

Click the "Generate" button and follow the instructions. The program will generate and display the new public key as shown in the screenshot above. We need to do two things with the new key pair

• Copy and paste the displayed key into the .ssh/authorized_keys on the server. You want all the text in the box, from "ssh-rsa" through "20130222" in the example shown.
• Click the "Save Private Key" button to save the private key on the user's PC. I will use the name key1priv.ppk for this example. As an extra level of security you can add a password to the private key; this is useful if you think there's a chance that someone else might get access to your PC. I left the password blank for this example.

These steps only need to be performed once.

Pageant: activating the private key.

First select the private key: From the Windows Start button, search for and execute "pageant.exe". The program will quietly insert an icon in the system tray (the lower right-hand corner of the screen). It's the PC-with-a-hat icon circled in red in this screenshot.

Double-click the icon to bring up the Pageant menu, select "load key" and select the desired private key - key1priv.ppk in this example. You can then click "close" to get rid of this window. Pageant only needs to be run once and remains active until the PC is shut down.

psftp: Transferring files to and from the remote system.

To transfer files, first start the program sftp.exe. It should bring up a window with a command prompt:

The main commands are

• open - Connect to a remote server.
• bye - Disconnect and exit.
• get - Transfer file from remote server to PC.
• put - Transfer file from PC to remote server.
• help - Print help information.

Note: if psftp asks for a password after the open command, then something is wrong with the key file setup. Probably either pageant isn't running or the remote server doesn't have the public key properly installed.

Supplemental Info: Setup Screenshots

Here's an example of running putty-0.62-installer.exe on Windows Vista.