Posted On: Jul 20, 2022

Amazon Transfer Family customers can now use ED25519 and ECDSA keys to authenticate users connecting to an Amazon Transfer Family server. Previously, Amazon Transfer Family only supported RSA keys for user authentication.

ED25519 and ECDSA are both elliptic-curve based public-key systems commonly used for SSH authentication. They offer improved security and performance over the traditional RSA key type. You can now add any combination of ED25519, ECDSA, and RSA keys – up to 10 per user.

Amazon Transfer Family supports ED22519 and ECDSA keys in all Amazon Web Services Regions where it is available, including the Amazon Web Services China (Beijing) Region, operated by Sinnet, and the Amazon Web Services China (Ningxia) Region, operated by NWCD. You can configure a user's SSH public keys using the Amazon Transfer Family API, Amazon Web Services Management Console, Amazon Command Line Interface (CLI), or Amazon CloudFormation. To learn more about how to generate ED25519 and ECDSA user keys or how to add them to user profiles within Amazon Transfer Family, visit our documentation.