on 01-15-2014 4:40 PM
Hi,
We have SFTP communication via PI 7.1 for all third parties. Some of them uses the Private key (Netwaver key storage) where the SFTP keys are installed in SFTP server and validation are done thought public/private key stored in Netwaver key storage in PI.
All is working fine till we moved the PI server from one IP address to other. This is due to fact that our Hosting partner changed.
Now when we try to connect to these third party ( using the keys). PI is not able to connect them. So i have few questions
(1) Does the private/public keys changes with change in IP address?
(2) If answer is yes, shall we need to generate the new kyes and provide to third party system..How?
(3) When we use the pubic/private key, does these new IP address & ports needs to be opened on third party as i believe keys for authentication but IP/Port is for starting the communication
Anyone having experience in this area please advice.
Thanks!
(1) Does the private/public keys changes with change in IP address?
AFAIK - Yes.
(2) If answer is yes, shall we need to generate the new kyes and provide to third party system..How?
Yes - please refer to below blogs
http://wiki.scn.sap.com/wiki/display/XI/Generating+SSH+Keys+for+SFTP+Adapters+-+Type+1
http://wiki.scn.sap.com/wiki/display/XI/Generating+SSH+Keys+for+SFTP+Adapters+-+Type+2
(3) When we use the pubic/private key, does these new IP address & ports needs to be opened on third party as i believe keys for authentication but IP/Port is for starting the communication
Yes. The port 22 has to be opened in order to make SFTP connection.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks for the reply.
For the Q-1, can you give some instances? What i read from forum & Goggling is, Keys are dependent on host name & not the IP address. In our case host name is kept same with masking etc.. and keys are dependent on host name.. Can you give me some instance or e.g. where the Private keys are bases on IP not the host name.
Thanks!
Hi - I came across the below lines but let'z wait for other's comments. Seems like there is a workaround as you can find below.
CheckHostIP
If this flag is set to ''yes'', ssh(1) will additionally check the host IP address in the known_hosts file. This allows ssh to detect if a host key changed due to DNS spoofing. If the option is set to ''no'', the check will not be executed. The default is ''yes''.
So by default it'll also check for the IP address.
User | Count |
---|---|
85 | |
10 | |
10 | |
9 | |
6 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.