Skip to main content

COVID-19 | Information and resources to help

OCLC Support

Set up passwordless file exchanges

  1. Last updated
  2. Save as PDF
Discover how to send and retrieve files using public/private key pair authentication for passwordless SFTP with Linux.

You can send and retrieve files using public/private key pair authentication for passwordless SFTP. This automates delivery of files to OCLC and eliminates the need to manually enter a password when using an OCLC file exchange account. It also allows your institution to change the key on a regular basis for added security.

For security reasons, OCLC does not support passing of the SFTP password via a script, but offers the public/private key pair solution instead to allow fully automated scripts to be written for uploading and downloading to our server.

Linux

This procedure is for Linux systems. Although similar methods would be used for other systems, OCLC has tested this method using Linux as the SCP and SFTP client machine. A password is requested while uploading the public key, but once replaced, future logins and file transfers do not require a password.

Generate and upload your public key

To generate and upload your public key to your OCLC file exchange account:

  1. Generate a private/public key pair on your client machine and put it in a file called /home/user1/.ssh/id_rsa.pub on your local machine.
     Note:  If you are unsure how to generate a private/public key pair, you can use the method described here: https://askleo.com/how_can_i_automate_an_sftp_transfer_between_two_servers/ (this method puts the private/public key file in the correct place on your local machine automatically).
  2. Upload your public key to .ssh/authorized_keys in your OCLC file exchange account.

 Note: Do not delete the existing .ssh/authorized_keys file before uploading the new one. The new file you upload automatically replaces the existing file while retaining its permissions and ownership properties. If you delete the existing file before uploading the new file, you will have insufficient rights on the system to set the necessary group ownership for .ssh/authorized_keys and therefore will continue to be asked for a password.

Example

 Note: The examples below indicate more than one space to illustrate where a space is needed. When entering your commands, please use only one space.

If using a Linux-based system, you can use either of these commands to upload the public key file to the correct location. Before using either of these commands, you must generate a private/public key.

Method Steps
SFTP
  1. Enter sftp [OCLC file exchange account username]@[data center].oclc.org
  2. Enter put /home/[username for local machine]/.ssh/id_rsa.pub .ssh/authorized_keys
  3. Enter exit
Secure Copy
  1. Enter scp /home/[username for local machine]/.ssh/id_rsa.pub [OCLC file exchange account username]@[data center]:.ssh/authorized_keys

If using an SFTP client such as FileZilla, take the following steps to upload the public key file to the correct location. Before using this command, you must generate a private/public key.

Method Steps
SFTP
  1. On your local machine, rename the id_rsa.pub file to authorized_keys.
  2. Login to your OCLC file exchange account. You will be in the home directory, which corresponds to your username.
  3. From your home directory, click /.ssh. You will see an existing authorized_keys file.
  4. Upload the authorized_keys file from your local machine to the /.ssh directory.  You will receive a message indicating that the target file already exists; choose the action to overwrite the target file.