SFTP Authentication

We’ve made some significant improvements to SSH key management in the latest version of Transmit.

For a more consistent experience across all the Panic apps, Transmit 5 now natively supports generation, storage, and sync of SSH keys within the app, as well as using existing keys stored on your Mac.

For more information about key formats supported in Transmit 5, or how to use SSH keys, see our SSH Keys Guide.

How does SFTP Authentication work in Transmit 5?

TL;DR

Username Preference Order
1. Username defined in Transmit
2. Username defined in config
3. Shortname of current user on your Mac
Password & Key Preference Order
1. SSH Key defined in Transmit
2. Passwords defined in Transmit
3. SSH Key defined in config or id files on disk
4. Prompt for credentials during connection

Username Preference Order

When authenticating over SFTP Transmit will prefer usernames defined in the following order:

Defined in Transmit
A username saved with a Server or manually entered via Quick Connect
As defined in ~/.ssh/config
Leave the username field in Transmit empty for usernames defined in your config
The local user on your Mac
If no username is defined Transmit will send the short name of the current user on your Mac by default.

Password & Key Preference Order

Transmit 5 uses passwords and keys in a specific order depending on where they exist on your Mac.

SSH key from Transmit’s Server settings

The first authentication method attempted by Transmit are SSH keys specified in the Server settings.

To associate an SSH key with a Server, import the key from a file on disk, or generate it right in Transmit.

All key management is handled in the Keys tab of Transmit’s Preferences menu. If you import an encrypted key, you will be prompted for the passphrase and it will be securely stored alongside the key in your system keychain. SSH Keys in Transmit Settings. After your key is imported, edit your Server and select the key you’d like to use for authentication. If your key is encrypted and you chose not to store the passphrase, you will be prompted for it when you connect. SSH key associated with Transmit Server.

Server password from Transmit Server settings

The next authentication method that Transmit will try is a password specified in the Server settings.

Please note: Passwords included in the Server settings will be used before SSH keys in the .ssh folder or config file

To use keys in your .ssh config file, or id keys in your ~/.ssh directory, do not save a password for the Server.

SSH key from SSH config file or id keys on disk

If the Server does not have a key or password associated with it, Transmit will attempt to use any keys specified for the server in your ssh config file, as well as any id keys (id_rsa, id_dsa, and id_ecdsa) in your ~/.ssh directory.

If these keys are encrypted and the passphrase is not stored in the keychain, Transmit will prompt you for the key’s passphrase when you connect to the server.

SSH Key passphrase alert prompt.

To skip authenticating with an encrypted key, leave the passphrase field blank and click Connect.

If you have existing keys on disk but do not want Transmit to attempt to use them when connecting, we recommend you specify a key or password with the Server.

Prompt for credentials when connecting

If you do not want to use an SSH key to connect, and also do not want to store your password in Transmit, Transmit will prompt for the server’s password at the time of connection.

I have two factor authentication turned on for my server, is that supported?

Yes! We support two factor authentication in conjunction with either key or password authentication.

The above order of operations still applies; a two factor code will be automatically requested during the process.

I have an SFTP favorite that connected in Transmit 4, but it doesn’t connect in Transmit 5. What’s going on?

In order to support the same authentication experience across all our Mac and iOS apps, Transmit 5 uses a different SSH library than Transmit 4.

Unfortunately, this means we have to temporarily drop support for a few features, specifically SFTP forwarding.

If you’re still having issues and do not use a SFTP proxy please contact our support team to have them assist with troubleshooting.

Last updated March 16, 2017