SFTP Key Authentication for UNIX

This topic describes the steps to define SFTP key authentication on a UNIX operating system. On Windows, there are several software products that set up key authentication, each is different. For more information, see your vendor's documentation.

Note:

The FTP Agent only supports kext for SFTP that are compatible to OpenSSH. Putty keys must be converted to the OpenSSH format using PuTTYGen. The following steps are required for this purpose (with Windows Putty):

  • Start the PuTTY Key Generator (PuttyGen).
  • Select the menu item Conversions.
  • Load the existing Putty key via Import Key.
  • Now convert the OpenSSH key by using the Export command.

Certain settings in the JVM may lead to an authentication error and a subsequent abnormal SFTP Job ending. To avoid such a problem, Broadcom recommends downloading the Java Cryptography Extension (JCE) from the JVM producer and importing it according to the description.

To Define the Key-Pair for SFTP on UNIX

  1. Do one of the following

    • ssh version 8.2 and higher

      Create the key par using one of the algorithms supported by ssh, for example:

      ssh-keygen -t ed25519

      For information about all supported algorithms , please refer to the official ssh documentation at https://www.openssh.com/txt/release-8.2.

    • ssh versions smaller that 8.2

      On the host where the FTP Agent is running, enter the ssh-keygen -t dsa command.

      The ssh-keygen command should be executed on the host where the Agent is running. The username and hostname under which the command is executed are stored in the public key file. Below is a sample listing of a public key file.

      ssh-dssAAAAB3NzaC1kc3MAAACBAKzRW/a7WQdedMupC/avmFFuAib001aGcrrNwe

      93iZBbIy8miAXgrzBYMTc17rTb4pZiw/tl

      gWlmPDZETu1A1Wn6Rg4WXiRe0o7YfHMaYkQnObLojKfAYwBW1P7RnlKgvxtp5pTEA+

      +xbb7OkNmLjq2Xg4blf41ibBVSlE8HBAAAAFQDAZJ47Sz76Eb5wCcAMhiViJe3wUwA

      AIB2CCOH0tcToyXu6npMmCL0CpS+X5UAHAwp0pdMNfDNzSM4Opuht0ti5nf69+c1rA

      ORHQSrMocHM0yu0wR1Wiiz5RalvpT55YG2+46SXlS5d2RwdeE7TnsTH8u5r8Ra2L0i

      BFF11mDvxEkiO4w8OTqmM1TQImzZxszM5S7BNiEwAAAIAk4is1gOrjeNHuM9hMsGj7

      HlhFTUhHG+5fLP5lNHEPt3ggnN7EGRKk7h0fLJimzYv5XL690

      GpcBDnXFUAHXzwMuHBnYCgJxPz56WHlk

      kZjKKTTdHjBI9vQjoCdpygHKc3vBYnIENjUg3Y5BlL4bZDUWU4k4MQ8AgEh81TKOaA

      = qa4@xpert64.example.com

      The highlighted text above qa4@xpert64.example.com is the signature for this key file. This means that the ssh-keygen command was executed on xpert64.example.com and under username qa4. This also means that the Agent must connect to host xpert64.example.com with the username qa4 and must have the private key file.

  2. Respond to all the questions the above command prompts you to. Press enter to use the defaults.

  3. When this command finishes the following two files will be created: id_dsa and id_dsa.pub. The id_dsa.pub file is the public key, the id_dsa file is the private key.

  4. Take the public key file and place it on the server (where the FTP server is running) in the $home/.ssh directory, then rename it to authorized_keys. If this file already exists on the server then append your public key file to the existing one. To do this you may execute the following command:

    5. cat id_dsa.pub >> authorized_keys

  5. You need the private key on the host where the FTP Agent is running. The private key is used to authenticate the connection with the public key contained in the authorized_keys file on the server.

  6. On the FTP Connection object (SFTP protocol) respond to the following fields:

    • Check SFTP key authentication.

    • Key File

      • The absolute path where the private key file is located. The private key has to be located on the host where the FTP Agent is running.

    • Pass Phrase

      • If you entered a pass phrase when creating the key-pair files with the ssh-keygen command, enter the same pass phrase here.

Below is an example of the Job output when using SFTP key based authentication. The two bold lines in the Job output show the private key file being used.

host name = xpert64.example.com

remote user identification  = qa4

Using SFTP private key file: /u01/users/qa4/.ssh/id_dsa

Not using pass phrase

session created

known hosts file = C:\Documents and Settings\sport/.ssh/known_hosts FtpAgent_FTPFileTransferJob_connection completed_s

sftp channel opened

See also:

Installing the FTP Agent