docs.aws.amazon.com Open in urlscan Pro
13.35.58.2  Public Scan

Form analysis
0 forms found in the DOM

Text Content

SELECT YOUR COOKIE PREFERENCES

We use essential cookies and similar tools that are necessary to provide our
site and services. We use performance cookies to collect anonymous statistics,
so we can understand how customers use our site and make improvements. Essential
cookies cannot be deactivated, but you can choose “Customize” or “Decline” to
decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide
useful site features, remember your preferences, and display relevant content,
including relevant advertising. To accept or decline all non-essential cookies,
choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

AcceptDeclineCustomize


CUSTOMIZE COOKIE PREFERENCES

We use cookies and similar tools (collectively, "cookies") for the following
purposes.


ESSENTIAL

Essential cookies are necessary to provide our site and services and cannot be
deactivated. They are usually set in response to your actions on the site, such
as setting your privacy preferences, signing in, or filling in forms.




PERFORMANCE

Performance cookies provide anonymous statistics about how customers navigate
our site so we can improve site experience and performance. Approved third
parties may perform analytics on our behalf, but they cannot use the data for
their own purposes.

Allow performance category
Allowed


FUNCTIONAL

Functional cookies help us provide useful site features, remember your
preferences, and display relevant content. Approved third parties may set these
cookies to provide certain site features. If you do not allow these cookies,
then some or all of these services may not function properly.

Allow functional category
Allowed


ADVERTISING

Advertising cookies may be set through our site by us or our advertising
partners and help us deliver relevant marketing content. If you do not allow
these cookies, you will experience less relevant advertising.

Allow advertising category
Allowed

Blocking some types of cookies may impact your experience of our sites. You may
review and change your choices at any time by selecting Cookie preferences in
the footer of this site. We and selected third-parties use cookies or similar
technologies as specified in the AWS Cookie Notice.

CancelSave preferences




UNABLE TO SAVE COOKIE PREFERENCES

We will only store essential cookies at this time, because we were unable to
save your cookie preferences.

If you want to change your cookie preferences, try again later using the link in
the AWS console footer, or contact support if the problem persists.

Dismiss


Contact Us
English



Create an AWS Account
Feedback
Preferences


AWS TRANSFER FAMILY


USER GUIDE

 * What is AWS Transfer Family?
 * Prerequisites
    * Sign up for AWS
    * Configure storage
    * Create an IAM role and policy

 * Transfer Family tutorials
    * Get started with server endpoints
    * Create a decryption Workflow
    * Create and use SFTP connectors
    * Use a custom identity provider
    * Set up an AS2 configuration

 * Transfer Family for SFTP, FTPS, FTP
    * Configure a Transfer Family server endpoint
       * Create an SFTP-enabled server
       * Create an FTPS-enabled server
       * Create an FTP-enabled server
       * Create a server in a VPC
          * Updating the server endpoint type to VPC
      
       * Working with custom hostnames
   
    * Transfer files over server endpoint
    * Manage users
       * Service-managed users
       * Directory service for MS AD
       * Directory service for Azure AD
       * Custom IdP solution
       * Multiple auth for custom IdP
       * Alternative custom IdP options
          * Lambda as an identity provider
          * Using Amazon API Gateway to integrate your identity provider
   
    * Use logical directories

 * Transfer Family web apps
    * Configure your identity provider
    * Configure IAM roles
    * Configure a Transfer Family web app
    * Set up Cross-origin resource sharing (CORS) for your bucket
    * Configure Amazon S3 Access Grants
    * Use a custom URL
    * Logging for Transfer Family web apps
    * Troubleshooting your web apps
    * End user instructions

 * SFTP connectors
    * Configure SFTP connectors
       * Store a secret for use with an SFTP connector
       * Generate and format the SFTP connector private key
       * Test an SFTP connector
   
    * Transfer files with SFTP connectors
    * List contents of remote directory
    * Manage SFTP connectors
    * Reference architectures

 * Transfer Family for AS2
    * Configure AS2
       * Create an AS2 server using the Transfer Family console
       * Create an AS2 server using a template
       * AS2 configurations
       * AS2 quotas
       * AS2 features and capabilities
   
    * Configure AS2 connectors
    * Manage AS2 partners
    * Transfer AS2 messages
    * Monitor AS2

 * Managing file-processing workflows
    * Create a workflow
    * Use predefined steps
    * Use custom file-processing steps
    * IAM policies for workflows
    * Monitor workflow execution
    * Create workflow from template

 * Managing servers
    * View SFTP server details
    * View AS2 server details
    * Edit server details
    * Manage server host keys
       * Add an additional server host key
       * Delete a server host key
       * Rotate the server host keys
       * Additional server host key information
   
    * Monitor usage within console

 * Managing access controls
    * Creating an S3 bucket access policy
    * Creating a session policy
    * Preventing users from running mkdir in an S3 bucket

 * CloudTrail logging
 * CloudWatch logging
    * Creating logging for servers
    * Managing logging for workflows
    * Configuring a role for CloudWatch
    * Viewing Transfer Family log streams
    * Examples to limit confused deputy problem
    * CloudWatch log structure for Transfer Family
    * Example CloudWatch log entries
    * Using CloudWatch metrics
    * CloudWatch queries

 * Managing events using EventBridge
    * Events detail reference

 * Security
    * Security policies for servers
    * Security policies for SFTP connectors
    * Post-Quantum security policies
    * Data protection
    * Key management
       * Generate SSH keys
          * Creating SSH keys on macOS, Linux, or Unix
          * Creating SSH keys on Windows
          * Converting SSH2 keys to PEM
      
       * Rotate SSH keys
       * Generate PGP keys
       * Manage PGP keys
       * Supported PGP clients
   
    * Identity and access management
       * How AWS Transfer Family works with IAM
       * Identity-based policy examples
       * Tag-based policy examples
       * Troubleshooting identity and access
   
    * Compliance validation
    * Resilience
    * Infrastructure security
    * Web application firewall
    * Cross-service confused deputy prevention
    * AWS managed policies

 * Troubleshooting Transfer Family
 * API refererence
 * Document history

 1. AWS
 2. ...
    
    
 3. Documentation
 4. AWS Transfer Family
 5. User Guide

 1. AWS
 2. Documentation
 3. AWS Transfer Family
 4. User Guide

MANAGING SSH AND PGP KEYS IN TRANSFER FAMILY

PDF
Focus mode


RELATED RESOURCES

AWS Transfer Family API Reference
AWS CLI commands for AWS Transfer Family
SDKs & Tools 




DID THIS PAGE HELP YOU?

Yes
No
Provide feedback

Managing SSH and PGP keys in Transfer Family - AWS Transfer Family
AWSDocumentationAWS Transfer FamilyUser Guide

In this section, you can find information about SSH keys, including how to
generate them and how to rotate them. For details about using Transfer Family
with AWS Lambda to manage keys, see the blog post Enabling user self-service key
management with AAWS Transfer Family and AWS Lambda.

NOTE

AWS Transfer Family accepts RSA, ECDSA, and ED25519 keys.

This section also covers how to generate and manage Pretty Good Privacy (PGP)
keys.

TOPICS

 * Generate SSH keys for service-managed users
 * Rotate SSH keys
 * Generate PGP keys
 * Manage PGP keys
 * Supported PGP clients

Supported algorithms for user and server keys

The following key algorithms are supported for user and server key-pairs within
AWS Transfer Family.

NOTE

For algorithms to use with PGP decryption in workflows, see Algorithms supported
for PGP key-pairs.

 * For ED25519: ssh-ed25519

 * For RSA:
   
    * rsa-sha2-256
   
    * rsa-sha2-512

 * For ECDSA:
   
    * ecdsa-sha2-nistp256
   
    * ecdsa-sha2-nistp384
   
    * ecdsa-sha2-nistp521

NOTE

We support ssh-rsa with SHA1 for our older security policies. For details, see
Cryptographic algorithms.

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please
refer to your browser's Help pages for instructions.

Document Conventions
Data protection
Generate SSH keys
Did this page help you? - Yes

Thanks for letting us know we're doing a good job!

If you've got a moment, please tell us what we did right so we can do more of
it.



Did this page help you? - No

Thanks for letting us know this page needs work. We're sorry we let you down.

If you've got a moment, please tell us how we can make the documentation better.





NEXT TOPIC:

Generate SSH keys

PREVIOUS TOPIC:

Data protection

NEED HELP?

 * Try AWS re:Post 
 * Connect with an AWS IQ expert 

PrivacySite termsCookie preferences
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.