After the Transport Layer is established, the Server will attempt to authenticate the Client. The Client can be authenticated using one of two options -- Public Key or Password.
Option 1: Public Key authentication
Before using Public Key authentication, a User on the Client system will need to generate a SSH Key pair (a private key and public key). The private key should be stored on the machine where the Client (such as
Managed File Transfer
) is located. The public key should be sent to the organization that hosts the Server.
The following steps are performed during the authentication layer of a SFTP connection:
The Server will encrypt a random number with the Client’s public key and will send it to the Client.
The Client will use its private key to decrypt the random number. This decrypted number will then be sent back to the Server.
The Server will permit the connection with the Client if the random number is correct.
Option 2: Password authentication
The organization that hosts the Server will provide a password to the User at the Client system. This password will need to be specified when the Client makes a connection to the Server. The following steps will be performed during the authentication layer of the SFTP connection:
The Client will pass the password to the Server. This password is encrypted through the Transport Layer.
The Server will permit the connection with the Client if the password is correct.