Managing SSH and PGP keys in Transfer Family - Amazon Transfer Family
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Managing SSH and PGP keys in Transfer Family

In this section, you can find information about SSH keys, including how to generate them and how to rotate them. For details about using Transfer Family with Amazon Lambda to manage keys, see the blog post Enabling user self-service key management with AAmazon Transfer Family and Amazon Lambda.

Note

Amazon Transfer Family accepts RSA, ECDSA, and ED25519 keys.

This section also covers how to generate and manage Pretty Good Privacy (PGP) keys.

Topics

Supported algorithms for user and server keys

The following key algorithms are supported for user and server key-pairs within Amazon Transfer Family.

Note

For algorithms to use with PGP decryption in workflows, see Algorithms supported for PGP key-pairs.

  • For ED25519: ssh-ed25519

  • For RSA:

    • rsa-sha2-256

    • rsa-sha2-512

  • For ECDSA:

    • ecdsa-sha2-nistp256

    • ecdsa-sha2-nistp384

    • ecdsa-sha2-nistp521

Note

We support ssh-rsa with SHA1 for our older security policies. For details, see Cryptographic algorithms.