Using PuTTY Key Generator for

generating SFTP keys

Prepared by EMEA STS 15 May 2015

Updated on 15 May 2018

© 2014 Concur, all rights reserved. Concur is a registered trademark of Concur Technologies, Inc. All other company and product names are the property of their respective
manufacturers. Specifications and other details listed are accurate as of printing, but may change without notice.
FAQ - General
What is SFTP?
In addition to plain FTP the Concur FTP server also supports secure connections.
SFTP sessions are secured by encrypting all information via an SSH session on port 22. Note that this does
not alleviate the need for PGP encryption of the files as they still reside on a publicly exposed server. The
connection type is transparent to Concur and only requires that the client utilize an FTP client that is SFTP
capable – and WS_FTP is capable of this.
To allow for file transfers via automation, public keys can be used to remove the dependency of manual
password entry. Keys may be DSS (1024 bit) or RSA (1024-4096 bit, 2048 recommended) format. After
making an initial manual connection to the Concur FTP server using any of the supported protocols, the
client can upload one (or more) SSH public key files to the / (root) directory. This file can include multiple
keys or a single key. The filename is not important.
Following uploading of the keys, Concur must be notified that these keys need to be loaded into Concur
system.
Future SFTP connections will then be authenticated using the keys, but will fall back to password
authentication if the provided keys do not match those of the client server and user initiating the SFTP
connection.

What is Putty – PuttyGen and how can I get it?

PuTTY is a free implementation of Telnet and SSH for Windows and Unix platforms.
One of its functions/tools – PuTTYgen (PuTTY Key Generator) - is an RSA and DSA key generation utility.

· Homepage of the project: http://www.chiark.greenend.org.uk/~sgtatham/putty/

· Download page: https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

· You can also get PuTTY/PuTTYgen with WinSCP installation package – WinSCP is ‘Free SFTP,

SCP and FTP client for Windows’: http://winscp.net/eng/download.php

Do I have to use PuttyGen only?

No, any other tool can be used (as long as it follows Concur requirements) – PuTTY is just one tool that has
been used by Concur clients successfully.

© 2014 Concur, all rights reserved. Concur is a registered trademark of Concur Technologies, Inc. All other company and product names are the property of their respective
manufacturers. Specifications and other details listed are accurate as of printing, but may change without notice.
SFTP Key Creation
Generation
To create a SFTP key for a successful (and secure) connection to the Concur FTP server, a key pair needs
to be generated first.
After loading PuTTY Key Generator it is crucial to select the correct Key from the menu: SSH-2 RSA key
and select RSA from the ‘Type of key to generate’ radio buttons.

After clicking on ‘Generate’ the user is asked to move the mouse cursor for a short time – and the key
should be successfully generated shortly afterwards.

© 2014 Concur, all rights reserved. Concur is a registered trademark of Concur Technologies, Inc. All other company and product names are the property of their respective
manufacturers. Specifications and other details listed are accurate as of printing, but may change without notice.
Export

The public key will need to be saved in ‘.pub’ file format and uploaded to Concur.
The private key will be used by or imported to the FTP-client that will establish the connection.

© 2014 Concur, all rights reserved. Concur is a registered trademark of Concur Technologies, Inc. All other company and product names are the property of their respective
manufacturers. Specifications and other details listed are accurate as of printing, but may change without notice.
Transfer of the key to Concur
After the key was generated / exported it needs to be moved to Concur. Clients should already have
received credentials for the FTP connection by this time (these are communicated by Concur via a secure
email).

After being connected to the FTP successfully the SFTP key would be moved (unencrypted) into the root
folder. Please notify the Concur Technical Consultant about that – and the process of importing the key can
be finalized on Concur side.
In this screenshot example WS_FTP is used, but it can of course be uploaded with any other FTP client.

When the key is processed successfully Concur would notify client about that – and then SFTP connection
can be tested.

SFTP connection test

Depending on what FTP software is used the client would test the SFTP connection – using the key pair that
was created with PuttyGen earlier.
You would would need to import the private SFTP key into your FTP software – and afterwards the first
connection test can be carried out. Credentials (username and password) shouldn’t be necessary anymore
– the connection would be successful based on the SFTP key only.

© 2014 Concur, all rights reserved. Concur is a registered trademark of Concur Technologies, Inc. All other company and product names are the property of their respective
manufacturers. Specifications and other details listed are accurate as of printing, but may change without notice.