Extract as tutorial.

protocols/sftp/index.md

@@ -88,12 +88,14 @@ ssh.authentication.publickey.default.enable=true
 
 ### Public Key Authentication
 
-Public-key authentication allows you to connect to a remote server without a password. Instead, public-key authentication uses two keys:
-- a private key that only you have that should be kept in a secure place and protected with a password.
-- the public key, which is placed on the server you wish to gain access to, usually by the system administrator when your account is set up. 
-
 Private keys to authenticate with can be selected in the [Bookmark](../../cyberduck/bookmarks.md) or [Connection](../../cyberduck/connection.md) panel.
 
+:::{admonition} Tutorial
+:class: tip
+
+Follow the [step-by-step instructions](../../tutorials/sftp_publickeyauth.md) to configure public key authentication with an OpenSSH server.
+:::
+
 #### PuTTY Key Format Interoperability
 
 PuTTY private keys (`.ppk`) are supported for `rsa` key types. `ed25519` is not supported.
@@ -102,10 +104,6 @@ PuTTY private keys (`.ppk`) are supported for `rsa` key types. `ed25519` is not
 
 OpenSSH private keys of type `rsa`, `dsa`, `ecdsa` and `ed25519` (in OpenSSL `PEM` format) are supported. The new OpenSSH format (`openssh-key-v1`) is only supported for `ecdsa` and `ed25519`.
 
-#### Configure Public Key Authentication
-
-See the tutorial [Configure Public Key Authentication for SFTP](../../tutorials/sftp_publickeyauth.md) to create a public/private key pair and configure public key authentication with an OpenSSH server. 
-
 ##### OpenSSH User Certificate Authentication
 
 :::{important}

tutorials/index.md

@@ -8,6 +8,7 @@ hidden_properties
 custom_oauth_client_id
 iam
 vault_localdisk
+sftp_publickeyauth
 :::
 
 Find detailed step-by-step instructions for setup, connecting and most common use-cases as well as tutorials for more complicated workarounds.
@@ -22,4 +23,7 @@ Configure hidden preferences.
 IAM allows you to create credentials for third parties accessing your S3 account with permission constraints.
 
 ## [Access Vaults on Local Disk](vault_localdisk.md)
-Both [Cyberduck](../cyberduck/index.md) and [Mountain Duck](../mountainduck/index.md) support accessing vaults on your local disk.
+Both [Cyberduck](../cyberduck/index.md) and [Mountain Duck](../mountainduck/index.md) support accessing vaults on your local disk.
+
+## [Configure Public Key Authentication for SFTP](sftp_publickeyauth.md)
+Configure Public Key Authentication for SFTP using OpenSSH tools.

tutorials/sftp_publickeyauth.md

@@ -0,0 +1,27 @@
+Configure Public Key Authentication for SFTP using OpenSSH
+====
+
+Public-key authentication allows you to connect to a remote server without a password. Instead, public-key authentication uses two keys:
+- Private key that only you have kept in a secure place and protected with a password.
+- Public key placed on the server usually by the system administrator.
+
+1. Run the command `ssh-keygen` from the _Terminal.app_ (macOS) or _Console_ (Windows) to generate a public/private pair
+   of keys. They will be put in your directory `~/.ssh`, though you will probably be asked to approve or change this
+   location. When you generate the keys you will be asked for a passphrase. If you use a *passphrase*, then you will
+   have to enter it when connecting. Use the key format (`-m PEM`) to create the keys in OpenSSL `PEM` format. Specify the type of key with the parameter `-t` as either `ecdsa`, `ed25519` or `rsa`.
+
+   ```
+   ssh-keygen -m PEM -t rsa
+   ```
+
+2. Copy the public key to the server you wish to access and add it to the file `authorized_keys` in your `~/.ssh`
+   directory.
+   :::{tip}
+   You may need to create the file if it does not exist.
+   :::
+
+   This will cause the server to allow authenticating with your corresponding private key.
+   ```
+   ssh hostname < ~/.ssh/id_rsa.pub 'cat >> .ssh/authorized_keys'
+   ```
+3. In the [Bookmark](../../cyberduck/bookmarks.md) or [Connection](../../cyberduck/connection.md) panel, select *Use Public Key Authentication* and select the private key in your `~/.ssh` directory.