How do I generate the SSH keys needed to access a HSI Blue Ocean Brain SFTP server?

If you are manually uploading a file from your device to a SFTP set up by HSI Blue Ocean Brain, you will need to provide the HSI Blue Ocean Brain Support Team with your public key for authorization.

HSI Blue Ocean Brain may have set up a SFTP (Secure File Transfer Protocol) server for securely sending employee data to create and manage your organization's Blue Ocean Brain accounts. As key-based authentication is required by HSI Blue Ocean Brain, you may need to generate a key pair, and share your public key with the HSI Blue Ocean Brain Support Team for authorization. A public key will also need to be authorized for any automations accessing the SFTP.

Below are the steps to generate a public and private key pair, as well as how to provide the public key to the HSI Blue Ocean Brain team.

How do I generate a SSH key pair?

How do I share my public key with HSI Blue Ocean Brain for authorization?

How do I upload my private key to connect to the SFTP?

How do I update an existing key in FileZilla?

If your organization uses Workday to send over employee listings, you can find instructions to generate keys for Workday here.


How do I generate a SSH key pair?

To generate a SSH key pair (that includes both a private and public key), you'll need to open the Command Prompt on your device.

  • In Windows, select the the magnifying glass in the taskbar and search for "Command Prompt", or find it by selecting the Start button, selecting Windows System, then Command Prompt.
  • In macOS, open Finder, select Applications, then Utilities, then Terminal.

Once the Command Prompt is open, type in the command, ssh-keygen

The system will then generate the key pair (e.g. "Generating public/private rsa key pair"). The next line will request that you create a file path to save the key (e.g. "Enter file in which to save the key (C:\Users\YourName/.ssh/id_rsa)"). Press enter (without typing any additional information) to save the file path.

Note: If you already have a key, the next line will inform you that the key already exists and ask you if you want to overwrite it. You do not need to generate another key; select "n" to avoid overwriting your key.

Instead, follow the file path (e.g. C:\Users\YourName/.ssh/id_rsa) to find your existing key and move to the next step.

You'll then be prompted to enter a password (e.g. "Enter passphrase (empty for no passphrase"). We recommend that you press Enter and don't select a passphrase. The system will prompt you to confirm your password (e.g. "Enter same passphrase again:"). If you chose not to select a password, press Enter. If you chose to select a password, type the password again.

You'll receive a message with confirmation that your identification and public key have been generated. Close the Command Prompt and proceed to the next step.


How do I share my public key with HSI Blue Ocean Brain for authorization?

Note: DO NOT provide your private key to anyone. If someone asks for your key, they are requesting your public key only, never your private key.

Locate your key by following the file path established previously (e.g. C:\Users\YourName/.ssh/id_rsa). Within the folder, you will find 2 keys:
    • The one called "id_rsa" with the file type "File" is your private key and should never be shared with anyone.
    • The one called "id_rsa" with the file type "Microsoft Publisher Document" (it may end in .pub) is your public key. This key can be shared!

Compose an encrypted email to send the public key to the HSI Blue Ocean Brain Support Team, who will upload it to the SFTP server on their end for authorization. The HSI Blue Ocean Brain team will also need to authorize your organization's IP addresses to access the SFTP, so if you have not already shared these with our team, please include them in your email for authorization!

Note: IP addresses beginning with a "10" are considered personal IP addresses and cannot be authorized by the HSI Blue Ocean Brain team.


How do I upload my private key to connect to the SFTP?

Note: DO NOT provide your private key to anyone. If someone asks for your key, they are requesting your public key only, never your private key.

Locate your private key by following the file path established previously (e.g. C:\Users\YourName/.ssh/id_rsa). In the folder, you will find 2 keys:
    • The one called "id_rsa" with the file type "File" is your private key.
    • The one called "id_rsa" with the file type "Microsoft Publisher Document" (it may end in .pub) is your public key.

Open your FTP application (we recommend using FileZilla).

In FileZilla, if you're setting up the SFTP connection on your device for the first time, follow the below steps:
  • Select File, then Site Manager. Select the option New Site on the bottom left.
  • On the General tab to the right, change the Protocol to read "SFTP - SSH File Transfer Protocol".
    • Add the Host: sftp.blueoceanbrain.com (If needed, the BOB IP address can be used as an alternative Host: 34.195.228.250)
    • Add the Port: 22
    • Change Logon Type to Key file.
    • Add the User: The HSI Blue Ocean Brain Support Team will provide this information to you.
    • Next to Key file, select Browse. Find your private key ( NOT the .pub file) on your device (e.g. C:\Users\YourName/.ssh/). Select OK to save for these settings for future connections.

To connect to the SFTP, select File, then Site Manager. Select the connection saved above, then select Connect.

Note: You won't be able to connect to the SFTP site until you provide the HSI Blue Ocean Brain Support Team with your public key and they have authorized your public key.



How do I update an existing key in FileZilla?

In FileZilla, if you already have a established SFTP connection to HSI Blue Ocean Brain, you can edit your current SFTP connection to support a new key.

Note: You won't be able to connect to the SFTP site until you provide the HSI Blue Ocean Brain Support Team with your public key and they have authorized your public key.

To connect with a different key,

  • Share the new public key (.pub file) with the HSI Blue Ocean Brain Support Team for authorization.
  • Once you have received confirmation the new public key is authorized, log into Filezilla, select File, then Site Manager.
  • Find the SFTP server that you set up to access the SFTP and click on it. Change Logon Type to Key file. Next to Key file, select Browse. Find your private key (NOT the .pub file) on your device (e.g. C:\Users\YourName/.ssh/). Click OK to save for the future, and Connect to connect to the SFTP.