SSH Keys for SFTP in SFMC

If you want to use your own SSH keys for use in SFTP transfers to and from SFMC, then here’s what you need to know.

SFMC pushing files to third-party SFTP via SSH

SFMC Third-party

Private SSH Key

Specifications

  • RSA
  • 2048-bit
  • OpenSSH format
  • Can be created with or without passphrase using with ssh-keygen or puttygen

Installation

  • SSH option must be enabled by SF Support
  • Upload key file as SSH type in Setup > Admin > Data Management > Key Management

Public SSH Key

Specifications

  • See Private SSH Key specifications

Installation

  • Specific to third-party key management system

Third-party pushing files to SFMC SFTP via SSH

SFMC Third-party

Public SSH Key

Specifications

  • See Private SSH Key specifications

Installation

  • Create a new SFTP Account for connection in Setup > Admin > Data Management > FTP Accounts
  • SSH option must be enabled by SF Support
  • Upload key file as SSH type in Setup > Admin > Data Management > Key Management

Private SSH Key

Specifications

  • RSA
  • 4096-bit
  • PEM format only
  • With or without passphrase
  • Can be created with ssh-keygen or puttygen

Installation

  • Specific to third-party key management system

 

For the first scenario (pushing files from SFMC to a third-party server), here’s how you can generate an SFMC-friendly SSH key pair with ssh-keygen.
Just simply open a command prompt and issue these commands (this is specific to Windows, but it’s very similar on a Mac):

> ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (C:\DEFAULTUSERPATH/.ssh/id_rsa): c:\YOURDESTINATIONPATH\testkey
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in c:\YOURDESTINATIONPATH\testkey.
Your public key has been saved in c:\YOURDESTINATIONPATH\testkey.pub.
The key fingerprint is:
(redacted)
> dir /b testkey*
testkey
testkey.pub
> ren testkey testkey.ppk

 

For the second scenario, (pushing files from a third-party server to SFMC), here’s how to get it in the correct format for SFMC with ssh-keygen:

> ssh-keygen -t rsa -b 4096 -m PEM
Generating public/private rsa key pair.
Enter file in which to save the key (C:\DEFAULTUSERPATH/.ssh/id_rsa): c:\YOURDESTINATIONPATH\testkey
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in c:\YOURDESTINATIONPATH\testkey.
Your public key has been saved in c:\YOURDESTINATIONPATH\testkey.pub.
The key fingerprint is:
(redacted)
> dir /b testkey*
testkey
testkey.pub
> ssh-keygen -e -f testkey.pub > testkey-ssh2.pub
> ren testkey testkey.ppk
(Visited 2,685 times, 1 visits today)
guest
0 Comments
Oldest
Newest
Inline Feedbacks
View all comments