cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SFTP key based authentication

itabhishek9
Participant

on ‎06-22-2016 2:18 AM

0 Kudos

Hi SDNites,

I have to establish SFTP connectivity with 3rd party using key authentication.

Based on my understanding,

1.  SFTP communication is done over SSH so we need to exchange keys.

2. Here we do not need to generate the Public and Private key and get it certified by CA.

3. Private key which is being stored in NWA for SFTP communication - My understanding on this is that in case of inbound communication it is used to decrypt the data encrypted via corresponding Public key. While in case of outbound communication, it is used to client authentication.

Can you please let me know if above points are true from SFTP standpoint.

Regards,

Abhi

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎06-22-2016 6:34 AM
0 Kudos

Hi Abhishek,

Please find the answers below.

1.  SFTP communication is done over SSH so we need to exchange keys.

     --> You need to generate a private key in your PI system (NWA) and generate a public key out of it. You can share the public key to the SFTP owner and ask them to map with the user with which you log in to the SFTP server.

2. Here we do not need to generate the Public and Private key and get it certified by CA.

  --> You need to generate the public and private key but getting certified is optional . Upto client needs.

3. Private key which is being stored in NWA for SFTP communication - My understanding on this is that in case of inbound communication it is used to decrypt the data encrypted via corresponding Public key. While in case of outbound communication, it is used to client authentication.

   -> Please understand that in both outbound and inbound communication , PI has to log in to the SFTP server to pull data or push data. So the private key, public key generated out of PI in NWA is used purely for authentication. For encryption purposes we need to use a PGP key. There is a difference between PGP key and a PCKS key. The ones that are generated out of PI are PCKS keys.

Thanks & Regards,
Nagarajan

Show replies
Show replies
Harish
Active Contributor
‎06-22-2016 2:46 AM
0 Kudos

Hi Abhishek,

1.  SFTP communication is done over SSH so we need to exchange keys.

-->> Yes the key needs to exchange and user needs to associated with the key to authenticate.

2. Here we do not need to generate the Public and Private key and get it certified by CA.

-->> If you only having receiver SFTP scenario then you encrypt the message using partners public pgp key.

3. Private key which is being stored in NWA for SFTP communication - My understanding on this is that in case of inbound communication it is used to decrypt the data encrypted via corresponding Public key. While in case of outbound communication, it is used to client authentication.

--->> in case of inbound communication you need to genrate the PGP key pair and share the public pgp key with partner. Partner will encrypt the message with your public pgp key. The PGP key is stored in file/Unix directory and not in NWA.

regards,

Harish

Show replies
Show replies
Ask a Question