Knowledge Base

How to set up SFTP access for multiple users

This article describes how to set up SFTP access for multiple users on a single A2 Hosting shared account.

Setting up SFTP access for multiple users

For transferring files, SFTP is much more secure than FTP. However, a shared hosting account only has one SSH login. Because SFTP relies on SSH, this is a problem. You don't want to share your account password with other users just so they can use SFTP to transfer some files.

The solution is to create and deploy a separate SSH key pair for each user who wants to use SFTP. Because SSH key pairs do not require passwords, users can then access your account and transfer files securely using SFTP.

The main steps for setting up multiple-user SFTP access are:

  • Create an SSH key pair for each SFTP user, and deploy the public key to the A2 Hosting server.
  • Install an FTP client for each user, and configure it to use the private key.
Create an SSH key pair and deploy the public key

The first step is to create an SSH key pair for each user who requires SFTP access. After you have created the key pair, you must deploy the public key (not the private key!) to the A2 Hosting server account. (You use the private key later when you set up an FTP client.)

The exact steps to create SSH key pairs depend on the operating system that your computer uses. For step-by-step instructions about how to create an SSH key pair and deploy the public key to an A2 Hosting server, please follow the procedures in this article for your operating system.

Configure an FTP client to use the private key

After you have created the SSH key pair (or pairs) and deployed the public key (or keys) to the A2 Hosting server, you are ready to configure the client computers. To do this, you install and configure an FTP client to use the appropriate private key for the key pair.

There are numerous FTP clients available, and many of them support SFTP. A2 Hosting recommends FileZilla, a free program that you can download here. FileZilla runs on Microsoft Windows, Apple Mac OS X, and Linux.

The following procedure shows how to configure FileZilla to connect to an account using a private key and SFTP. If you want to use a different FTP client, make sure that it supports SFTP and public key authentication.

To configure FileZilla to use a private key for SFTP access, follow these steps:

  1. Transfer the private key file to the client computer.
  2. Download FileZilla and install it on the client computer.
  3. Start FileZilla.
  4. On the Edit menu, click Settings. The Settings dialog appears.
  5. Under Select Page, click Connection, and then click SFTP. A list of currently installed private keys appears.
  6. Click Add keyfile.
  7. Browse to the location where you stored the private key file in step 1, and then click Open. FileZilla adds the private key.
    If you used Linux or Mac OS X to generate the key pair, FileZilla may display a message that it needs to convert the key file. If this occurs, click Yes to have FileZilla convert the key file into a supported format.
  8. Under Select Page, click Interface.
  9. Under Behaviour, clear the Do not save passwords check box.
  10. Click OK.
  11. On the File menu, click Site Manager. The Site Manager dialog appears.
  12. Click New Site, type a name for the site, and then press ENTER.
  13. In the Host text box, type your site's domain name.
  14. In the Port text box, type 7822.
    The default port for SFTP is 22. However, A2 Hosting uses a different port for security reasons.
  15. In the Protocol list box, select SFTP - SSH File Transfer Protocol.
  16. In the Logon Type list box, select Normal.
  17. In the User text box, type your A2 Hosting account (cPanel) username.
    Make sure you type only your username. Do not include your domain name. For example, type username, do not type [email protected].
  18. Leave the Password text box blank.
  19. Click Connect. After a few seconds, FileZilla establishes a connection to the server.
    FileZilla may display a message that the server's host key is unknown. To trust the server permanently, select the Always trust this host, add this key to the cache check box, and then click OK.