Advanced SSH Key Authentication for Secure SFTP Access
Published {$created} by Carsten Blum
SSH key authentication is one of the most reliable and secure ways to access servers and cloud storage endpoints — and it’s the preferred method when working with SFTP, SCP, or managed cloud storage like ftpGrid.
In this tutorial, we’ll go beyond the basics of generating SSH keys and dive into advanced topics such as key management, rotation, multiple identity setups, and automation.
Prefer hands-on over reading tutorials? ftpGrid is built to be intuitive — create a free account and get started instantly.
Why SSH Keys Matter
SSH keys eliminate the need for passwords in secure file transfer scenarios. Instead of typing your password every time, your client authenticates using a cryptographic key pair — a private key (which stays on your machine) and a public key (which you upload to the server).
Using keys instead of passwords provides:
Stronger protection against brute-force attacks
Easier automation of backups, scripts, and uploads
Integration with CI/CD pipelines and IoT devices
Compatibility with SFTP, SCP, rsync, and cloud systems like ftpGrid
1. Choosing the Right Key Type
There are several SSH key algorithms available. The most common are:
Type | Description | Recommended |
|---|---|---|
RSA | Traditional and widely supported | Still good for compatibility |
ED25519 | Modern, faster, smaller, and more secure | Recommended |
ECDSA | Efficient but less portable | Use with caution |
Generate a new ED25519 key:
ssh-keygen -t ed25519 -C "your_email@example.com" -f ~/.ssh/id_ed25519Or generate an RSA key (for legacy systems):
ssh-keygen -t rsa -b 4096 -C "your_email@example.com" -f ~/.ssh/id_rsa2. Securing Your Private Key
Your private key should never be shared. Keep it locked down with the correct permissions:
chmod 600 ~/.ssh/id_ed25519You can also encrypt it with a passphrase for extra protection during login.To avoid typing it every time, use an SSH agent:
eval "$(ssh-agent -s)" ssh-add ~/.ssh/id_ed25519Tip: The SSH agent keeps your key decrypted in memory, so scripts and SFTP sessions can use it securely without prompting for a password.
3. Managing Multiple Keys with ~/.ssh/config
If you use different keys for different services, you can configure them in your SSH config file for easy access.
Edit or create ~/.ssh/config:
Host ftpgrid HostName edgeN.ftpgrid.com User PREFIX.demo IdentityFile ~/.ssh/id_ed25519_ftpgrid IdentitiesOnly yesNow you can simply connect with:
sftp ftpgridThis setup keeps things clean and avoids conflicts between personal, corporate, or test keys.
4. Using SSH Keys for Automated Transfers
SSH keys are perfect for automated uploads, nightly backups, or CI/CD deployment pipelines.Here’s a simple example using SFTP batch mode:
Create a batch file:
echo "put backup.sql /backups/" > batch.txtRun automated upload:
sftp -b batch.txt ftpgridOr use SCP:
scp -i ~/.ssh/id_ed25519 ./backup.sql ftpgrid:/backups/You can schedule it with cron for periodic uploads:
crontab -eExample entry (daily at 03:00):
0 3 * * * scp -i ~/.ssh/id_ed25519 /data/backup.sql ftpgrid:/backups/5. Rotating SSH Keys Safely
Security best practices suggest rotating SSH keys periodically — especially for production or shared environments.
Steps to rotate keys:
Generate a new key pair
Upload the new public key to ftpGrid (via web dashboard or API)
Test connection using the new key
Remove the old key from the authorized list
Always test before removing the old key to avoid losing access.
6. Using SSH Key Authentication with ftpGrid
ftpGrid supports full SSH key authentication for both SFTP and SCP.Once you have your public key, simply upload it in your ftpGrid dashboard under:
Storage accounts -> Create account
Then connect using your configured alias:
sftp ftpgridYou’ll have instant access without typing a password, using secure encrypted authentication.
7. Key Takeaways
Use ED25519 keys for best performance and security
Protect your private keys with proper file permissions and passphrases
Automate secure transfers using batch scripts or cron jobs
Rotate SSH keys periodically
Use
~/.ssh/configfor clean multi-key managementTry it directly with ftpGrid’s free tier — you get 512 MB of secure managed storage instantly