Add an additional server host key
On the AWS Transfer Family console, you can add additional server host keys. Adding additional host keys of differing formats can be useful for identifying a server when clients connect to it, as well as improving your security profile. For example, if your original key is an RSA key, you could add an additional ECDSA key.
Note
The SFTP client connects using the first public key it has that can match one of the active server keys.
To add an additional server host key
-
Open the AWS Transfer Family console at https://console.aws.amazon.com/transfer/
. -
In the left navigation pane, choose Servers, and then choose a server that uses the SFTP protocol.
-
On the server details page, scroll down to the Server host keys section.
-
Choose Add host key.
The Add server host key page displays.
-
In the Server Host Key section, enter an RSA, ECDSA, or ED25519 private key that is used to identify your server when clients connect to it over the SFTP-enabled server.
Note
When you create a server host key, make sure to specify
-N ""
(no passphrase). See Creating SSH keys on macOS, Linux, or Unix for details on how to generate key pairs. -
(Optional) Add a description to differentiate among multiple server host keys. You can also add tags for your key.
-
Choose Add key. You are returned to the Server details page.
To add a host key by using the AWS Command Line Interface (AWS CLI), use the ImportHostKey API operation and provide the new host key. If you create a new SFTP-enabled server, you provide your host key as a parameter in the CreateServer API operation. You can also use the AWS CLI to update the description for an existing host key.
The following example import-host-key
AWS CLI command imports a
host key for the specified SFTP-enabled server.
aws transfer import-host-key --description
key-description
--server-idyour-server-id
--host-key-bodyfile://my-host-key