Public key authentication

One of the main benefits of SFTP is that it is secure as your data is carried over an encrypted SSH connection. The most secure, and often most convenient, way to log into the server is using public key authentication. The remarkable thing about this kind of authentication is that your private key (basically a really long password) is never actually sent to the server. This adds that little extra bit of security in case the server has been attacked: the attackers don't have your key so can't pretend to be you when logging in anywhere else.

How is the server still able to know it is really you? In short, using very clever maths. You can  read more about it if you're interested.

Using keys

Swish will use any keys you add to Putty's key agent, Pageant, to authenticate you with servers you connect to. If Pageant is not already running, you can launch it from the Swish SFTP Connections folder using Launch key agent from the toolbar or menu. Swish includes a copy of Pageant so don't worry if you didn't install it.

Launch agent button

When Pageant is running, its icon will be in your taskbar notification area (usually botton-left corner).

Pageant tray icon

Pageant doesn't do anything without keys so now you need to add one.

Creating new keys

If you don't already have a key to use, you will need to create one. Swish doesn't do this bit for you yet so you will need to  download PuTTYgen and use it to create a new one in Putty (PPK) format.

PuTTYgen Generate and Save buttons

PuTTYgen will show you the 'public' half of your new key. You will probably need it later so leave the window open after you have saved the private key somewhere.

Adding your key to Pageant

PuTTYgen public key box

Once you have a key, right-click on the Pageant notification icon to bring up the menu. Choose Add Key and open your key file.

Pageant menu

Tell your SFTP server about the key

This still won't do anything useful unless you have told your SFTP server about this new key. As we said earlier, this doesn't mean you give it a copy of the whole key, just the 'public' part. How you do this varies wildly from server to server. Web hosting companies often ask you to paste the public key from the PuTTYgen window into a form on your admin pages. Or if your SFTP server is a Linux running OpenSSH, you need to add this text to the end of your authorized_keys file (usually in ~/.ssh/ - create it if it isn't there).

You need to find out which way is right for your SFTP setup.


If you launch your own copy of Pageant (i.e. not using the button in Swish) and find that your keys don't work when logging in to your SFTP server, it's very likely that your copy of Pageant is v0.61 which  is incompatible with the way Swish uses it. If you notice this problem with any other version, please file a bug report.