1

new to this but trying to understand how it works and if it's possible.

I have a public ssh key provided by a third party. My company has provided the host, port and username details for an SFTP connection, and uploaded files.

Can I use a program like WinSCP to connect to the SFTP without having access to the Private Key or a password? If so, how?

If not, how was my company able to upload files?

Sorry if the above is very basic.

Improve this question
7
  • SFTP needs a certificate, private key or username/password combination Commented Oct 21, 2020 at 18:30
  • You always need a username, plus a password or a key (there are other options, but these two are the most common). Commented Oct 21, 2020 at 19:22
  • so stupid question, assuming the third party has the private key, and my company does not - how did my company access the SFTP to upload files? Is it that my company owns the server, and therefore uploads files, and gives access to the third party by registering its public key? is that how it works? So the third party is able to connect by adding their private key to WinSCP (or something similar) and is authenticated by the public key on my company's server? Again, apologies if this is super basic but I'm trying to learn! :) Commented Oct 21, 2020 at 20:46
  • If you are uploading files and you are using WinSCP, you are the client and you are connecting to thirdparty server. Your use of "provided" in the question is imo ambiguous. Please elaborate on the "My company has provided". How/to whom did you "provide" it? Commented Oct 22, 2020 at 7:28
  • Apologies, that's part of what I'm unclear about. I'm assuming in this case that my company owns the SFTP server to which the files are uploaded. My company has added the public key of the third party to this server so that the third party can connect using their private key. Commented Oct 22, 2020 at 17:56

1 Answer 1

Reset to default
2

There are some helpful guiding questions in the comments but I thought I would provide a bit of an overview which might answer your original question.

I have a public ssh key provided by a third party. My company has provided the host, port and username details for an SFTP connection, and uploaded files.

From this description, it sounds like your company has already made a connections and successfully transferred files - that's great news! From this description, it sounds like your company was authenticating with a username/password combination.

When connecting to an SFTP, you have 2 options:

  1. Connect with Username/Password - requires entering Username/Password (just like logging into a website) when authenticating with the SFTP server from a remote location.
  2. Connecting with SSH private/public key pair - does not require any manual authentication, the SFTP server will store the public key and a client that wishes to connect will be given a private key. When connecting, the systems confirm matching keys to automatically authenticate.

Can I use a program like WinSCP to connect to the SFTP without having access to the Private Key or a password? If so, how?

No. There may be a case where an FTP is not protected by some kind of user authentication. But in the case of SFTP, you will need to have one of the two options above. Typically, you will receive instructions from the group hosting the server with information connecting.

For instance, here is an example of a help doc for connecting WinSCP with a cloud-base SFTP server. The specifics may not directly apply to your set-up but the general workflow should be the same.

If not, how was my company able to upload files?

As mentioned above, it sounds like your company had a username/password combination.

Sorry if the above is very basic.

No worries, we all start somewhere! Best luck.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.