cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Private key in SFTP communication

Go to solution
Former Member

on ‎01-15-2014 4:40 PM

0 Kudos

Hi,

We have SFTP communication via PI 7.1 for all third parties. Some of them uses the Private key (Netwaver key storage) where the SFTP keys are installed in SFTP server and validation are done thought public/private key stored in Netwaver key storage in PI.

All is working fine till we moved the PI server from one IP address to other. This is due to fact that our Hosting partner changed.

Now when we try to connect to these third party ( using the keys). PI is not able to connect them. So i have few questions

(1) Does the private/public keys changes with change in IP address?

(2) If answer is yes, shall we need to generate the new kyes and provide to third party system..How?

(3) When we use the pubic/private key, does these new IP address & ports needs to be opened on third party as i believe keys for authentication but IP/Port is for starting the communication

Anyone having experience in this area please advice.

Thanks!

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member184720
Active Contributor
‎01-15-2014 4:45 PM
0 Kudos

(1) Does the private/public keys changes with change in IP address?

AFAIK - Yes.

(2) If answer is yes, shall we need to generate the new kyes and provide to third party system..How?

Yes - please refer to below blogs

http://wiki.scn.sap.com/wiki/display/XI/Generating+SSH+Keys+for+SFTP+Adapters+-+Type+1

http://wiki.scn.sap.com/wiki/display/XI/Generating+SSH+Keys+for+SFTP+Adapters+-+Type+2

(3) When we use the pubic/private key, does these new IP address & ports needs to be opened on third party as i believe keys for authentication but IP/Port is for starting the communication

Yes. The port 22 has to be opened in order to make SFTP connection.

Show replies
Show replies
Former Member
‎01-15-2014 5:24 PM
0 Kudos

Thanks for the reply.

For the Q-1, can you give some instances?  What i read from forum & Goggling is,  Keys are dependent on host name & not the IP address. In our case host name is kept same with masking etc.. and keys are dependent on host name.. Can you give me some instance or e.g. where the Private keys are bases on IP not the host name.

Thanks!

Harish
Active Contributor
‎01-15-2014 6:13 PM
0 Kudos

Hi,

Yes the keys are depend on Host name. what error you are getting when you try to connect?

I had this kind of issue's in past and they are mostly related to network (firewall or port).

Please provide more detail about the error.

regards,

Harish

former_member184720
Active Contributor
‎01-15-2014 6:15 PM
0 Kudos

Hi - I came across the below lines but let'z wait for other's comments. Seems like there is a workaround as you can find below.

http://superuser.com/questions/437963/preventing-ssh-rsa-host-key-warnings-for-change-of-key-vs-ip-a...

CheckHostIP

If this flag is set to ''yes'', ssh(1) will additionally check the host IP address in the known_hosts file. This allows ssh to detect if a host key changed due to DNS spoofing. If the option is set to ''no'', the check will not be executed. The default is ''yes''.

So by default it'll also check for the IP address.

some other -

http://forums.fedoraforum.org/showthread.php?t=266363

Former Member
‎01-30-2014 5:05 PM
0 Kudos

Thanks!  you were right ..IP address change did not impact the keys & it was turned out to be network issue where out PI  server does not have connection to external world. We have to explicitly open the IP's from PI network for 3 rd parties..

Answers (0)

Ask a Question