Using the “Pageant” Agent vs. Direct Configuration in WinSCP

WinSCP offers two options when incorporating the private key file for access.

You can incorporate the key while setting the Login Configuration, or you can incorporate the PuTTY “Pageant” agent to call out the private key.

  • Using Direct Configuration - During this one-time login configuration process, you simply navigate to the private key file on your local system and include it in the configuration. However, if you have incorporated a passphrase for added security, you will have to provide this value every time you attempt access, because WinSCP can not save this value within a Stored Session.
  • Using Pageant - You launch the agent separately, navigate to the private key file and, if applicable provide the associated passphrase. You can come and go from an individual Login Configuration, and leave Pageant running, with your Private Key(s) loaded (i.e., you won’t have to provide the passphrase each time you use the Login Configuration).

    Both options have their merits, and can be incorporated to best meet your needs -- If you have a single NetStorage upload account (or one that you use primarily), it might be best to just apply the Private Key via the Direct Configuration method, and mark it as a Saved Session. You would then only need to provide the Passphrase (if applicable) each time you login. However, if you use several upload accounts, and their Private Keys all exist on your local system, you would leave the Private Key out of the individual Login Configurations, and instead load all of them into a single instance of Pageant. As an end result, you could log in and out between the associated Login Configurations, and Pageant would sync with WinSCP -- no need to provide a Passphrase each time.

    Note: WinSCP does not support providing the Passphrase from the command line or by other means that utilize automation. Therefore, the Pageant Method (below) must be used in this case.

Direct configuration method

This method requires that you provide the applicable private SSH key.

Pagaent method

Pageant is included with WinSCP, and it can be accessed as follows to load private key files:

  1. Launch WinSCP.
  2. In the WinSCP Login window, click “Stored sessions” in the tree.
  3. Click Tools... to reveal a drop-down, and select Pageant from the drop-down.
  4. A “monitor with a hat” icon () will appear in the system tray. Double-click it.
  5. In the interface that appears, click Add Key.
  6. Navigate to the private key file on your local system, select it and click Open.
  7. If applicable, enter the appropriate passphrase, and click OK.
  8. Repeat Steps 5 - 7 to add additional private keys (if applicable).

WinSCP will now sync with Pageant to use the private key(s) when you login.