Managing SSH and PGP keys in Transfer Family - AWS Transfer Family

Managing SSH and PGP keys in Transfer Family

In this section, you can find information about SSH keys, including how to generate them and how to rotate them. For details about using Transfer Family with AWS Lambda to manage keys, see the blog post Enabling user self-service key management with AAWS Transfer Family and AWS Lambda.

Note

AWS Transfer Family accepts RSA, ECDSA, and ED25519 keys.

This section also covers how to generate and manage Pretty Good Privacy (PGP) keys.

Supported algorithms for user and server keys

The following key algorithms are supported for user and server key-pairs within AWS Transfer Family.

Note

For algorithms to use with PGP decryption in workflows, see Algorithms supported for PGP key-pairs.

  • For ED25519: ssh-ed25519

  • For RSA:

    • rsa-sha2-256

    • rsa-sha2-512

  • For ECDSA:

    • ecdsa-sha2-nistp256

    • ecdsa-sha2-nistp384

    • ecdsa-sha2-nistp521

Note

We support ssh-rsa with SHA1 for our older security policies. For details, see Cryptographic algorithms.