Filezilla Sftp Pem File

admin 11/22/2021

With FileZilla is open click the site manager button to create a new site connection. With the Site Manager window open click the 'New Site' button. Type a name for the connection. You will need to fill out the following information to connect via SFTP. Host: This is the hostname. There are three mechanisms for use of the FileZilla client with SSH-2 keys. In the profile settings in the Site Manager of the FileZilla client. If the SFTP Protocol is specified, it is possible to specify the Logon Type as 'Key File' and specify the location of the private key file (in PuTTY's.ppk or OpenSSH's.pem format). The user is prompted for the key file's password if necessary, which may optionally be cached by FileZilla until it is next shut down.

The SFTP Gateway is a secure, pre-configured SFTP server that saves uploaded files to an Amazon S3 bucket.

The SFTP Gateway uses a different approach than other S3-based file system products, making it more reliable forproduction systems. Rather than using a permanent mount or virtual file system, it monitors file descriptors as newfiles are written to SFTP directories. Once the file is finished writing and the file descriptor is closed, it pushesthe entire file to an S3 Bucket. The SFTP Gateway is simple, lightweight, and reliable.

When coupled with S3 Events and AWS Lambda, it is the ideal entry point for automated integration between your AWSapplication and external or third-party systems. It also complies with corporate security policies that requirekey-based SFTP file transfers.


  • SFTP server that stores uploaded documents to an S3 Bucket. Pre-configured with standard security settings. Easilymanage SFTP users independent of IAM using built-in command line scripts.
  • Automated S3 bucket creation and setup. Use the CloudFormation template or setup script from the single AMI toauto-configure the server. S3 events can be used to automate file processing with AWS Lambda.
  • MD5 Hash Validation support to ensure data integrity of uploaded files

Installation and Usage

The first step is to subscribe to the SFTP Gateway product on Marketplace page. This will launch the SFTP Gateway EC2instance.

This article assumes you are connecting using Windows. If you are trying to connect using Linux / OSX,click here.

CloudFormation Setup

Setup with AWS CloudFormation is recommended. See the Links section below to download the CloudFormation template.

To set up the SFTP Gateway server using CloudFormation, navigate to the CloudFormation console and click 'Create Stack'.Upload the SFTP Gateway CloudFormation template and specify the details of your instance.

SSH with PuTTY (Without CloudFormation)

If you are not using the CloudFormation template, then certain AWS resources must be configured after first launchingthe instance. Before continuing, make sure your EC2 instance has an IAM Role with the AmazonS3FullAccess policy.This is necessary for proper setup of the S3 bucket.

PuTTY does not natively support the PEM format that AWS uses, so you need to first convert your .PEM file to a .PPKfile (PPK = PuTTY Private Key). To do this, you use the PuTTYgen utility packaged with PuTTY.

  1. Open PuTTYgen and click Load to browse for your .PEM key. When browsing for the key, be sure to selectAll Files in the dropdown menu. Click Open when you have selected your key.
  2. PuTTYgen will now convert your key to the proper filetype.
  3. To save your new PPK key, click Save private key.

You are now ready to SSH in to the server with PuTTY using the new .PPK key.

  1. Open PuTTY and select SSH as the connection type.
  2. In the Host Name field, enter [email protected]<public ip>
  3. Expand the SSH section on the left, and click on Auth.
  4. Click on Browse to browse for the .PPK key, and click Open when you have selected it.
  5. To launch the SSH session, click Open.

You are now ready to begin the manual setup.

Manual Setup

If you did not use the AWS CloudFormation template, SSH in and run the following command to setup the S3 bucket andother necessary properties: sudo sftpgatewaysetup.

Adding and Removing Users

The AMI comes preloaded with administration commands to add and delete users.

From the primary ec2-user user account, run the following command to add a new user: sudo addsftpuser <username>.Running this command will do the following things:

  • Create the new Linux user
  • Disable the users login shell so they can only SFTP and not SSH to the server
  • Setup the appropriate home directory for SFTP
  • Create user's new SSH key and email the key to a chosen address

Uploads will only occur within the user's upload directory.

Users can be deleted by running the following command from the primary ec2-user accountsudo deletesftpuser <username>. The user's account, their SSH key, and their home directory along with everything init, will be deleted. Be sure to backup the home directory before running this command if you want to keep the files.

Connecting as a User

When creating a new user, the user's SSH key is emailed to a chosen address. In order to SFTP into the server as thatuser, you need to convert the emailed plaintext key into a usable .PEM key.

  1. Open a text editor (such as Wordpad) and paste the contents of the email, including the start and end tags.
  2. save the file as userPrivateKey.pem
  3. You can now SFTP into the server as the new user using this key.

SFTP with FileZilla


To log into the SFTP Gateway server using FileZilla, follow the GIF below. Be sure to enter the username for the user,the instance's public IP for the host, 'key file' for the logon type, and select the userPrivateKey.pem you createdin the last step.

SFTP with WinSCP

To log into the SFTP Gateway server using WinSCP, enter the username for the user name, the instance's public IP forthe host name, and 'SFTP' for the file protocol.

Note: 'Transfer resume' must be disabled to properly transfer files when using WinSCP. Click Preferences, andopen the Endurance section. Click Disable as shown.

Click Advanced, then click Authentication. Select the userPrivateKey.pem you created in the last step. Adialog will appear asking if you want to convert the .PEM file to a .PPK file, click Ok and save the file. Selectthe newly converted key and click Ok.

To connect to the SFTP Gateway server, click Login.


  • CloudFormation Template - No setup is necessary if you use this CloudFormation template. This templateuses the proper AMI based on your region.


Email support is available to Amazon Web Services Marketplace Customers at [email protected] Wedo not offer refunds, but you may terminate your AMI or CloudFormation Stack at any time.

Install Filezilla Server For Sftp


Filezilla Sftp Pem File Opener

For troublshooting and frequently asked questions, refer to our Troubleshooting Article