cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SFTP-Receiver Adapter - Keys

silentbull
Participant

on ‎09-20-2016 5:18 PM

0 Kudos

Hello

We have an external party where we need to securely transfer the files to their system. They have recommended using SFTP and asked us to send the Public key with RSA 2048 key.

My questions are as follows.

1. Since we are transferring the files to them, does the SFTP server resides at their end.

2. Who needs to generate the keys , is it them or us and if so generating simple public/private key in NWA is enough?

3. They mentioned that as soon as they receive our public key, they will create an account and send us user credentials.this raises question as why we are generating the keys if the SFTP server is at their side.

Regards

Sam

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

silentbull
Participant
‎09-20-2016 7:49 PM
0 Kudos

Thanks for the replies, the question more now is about keys.

1. Why don't we simply generate a public/private key in NWA? Why does it need to be associated with winscp or any other SSH tools, does NWA itself is not enough?

2. Do i need to download and install these winscp or similar tools in my company landscape or can i just use my own personal laptop and generate the keys and load it into NWA.

Reason being is that i don't want to create more work for infrastructure on this.

Show replies
Show replies
manoj_khavatkopp
Active Contributor
‎09-20-2016 7:57 PM
0 Kudos

1. No its not possible to create SSH keys alone with NWA.

2.There is no restriction , you can do it your petsonal laptop

former_member186851
Active Contributor
‎09-21-2016 4:26 AM
0 Kudos

Hello Sam,

Its all simple steps as Manoj suggested.

manoj_khavatkopp
Active Contributor
‎09-20-2016 6:02 PM
0 Kudos

Sam,

1.Yes, SFTP server resides at their end.


2. There is no restriction either you can generate it or they can generate and provide you the private key.

here you have 2 options to generate keys :

i.) using some external tool you can generate the Private and Public key , and then import the private key and then convert it into PKS12/PKS8 format and import into nwa.

  ii.)Create a private key in NWA the export it and extract public key from that and share with third party.


3.They link the public key with the USER ID on there side,  again as i told there is no restriction either you can provide them public key or they can share you the private key.


For more details on generating keys :



Br,

Manoj

 




Show replies
Show replies
silentbull
Participant
‎09-21-2016 9:58 AM
0 Kudos

Manoj,

With the option 2 you said, it seems like simply creating a public/private key in NWA is sufficient enough to share with external party. Please confirm as I still don't realize the difference between generating keys in NWA and external tools like winscp or putty

manoj_khavatkopp
Active Contributor
‎09-21-2016 10:14 AM
0 Kudos

Hi Sam,

In option 2 you can create a private key in nwa  but to extract public key you need to go for some external tool like Open SSL ...so using the private key created from NWA and using the tool you can extract public key which need to be shared to the third party.

for option 1 i.e generating both Private key/Public key using tool use below link:

Generating SSH Keys for SFTP Adapters - Type 1 - Process Integration - SCN Wiki

for option2 generating private key in nwa and extracting public key from that use below link :

Generating SSH Keys for SFTP Adapters - Type 2 - Process Integration - SCN Wiki

Br,

Manoj

silentbull
Participant
‎09-21-2016 10:20 AM
0 Kudos

when we create a key pair in NWA, it does create both private key and a certificate. I was assuming that this certificate is called public key which we share to the third party. Are you saying whatever NWA generates as certificate is not public key?

manoj_khavatkopp
Active Contributor
‎09-21-2016 10:42 AM
0 Kudos

The Certificate which is created while you create a private key like below using"store certificate" is a x509 certificate and not a public ssh key:

And this is how the content of x509 certificate looks :

Where as the public key of SSH should have -ssh at the beginning  .

Br,

Manoj

silentbull
Participant
‎09-21-2016 10:48 AM
0 Kudos

Thanks manoj

I am almost clear now. Only confusion is that the blogs you gave all relate to sender SFTP adapter.

I need to generate public/private key and send the public key to my external party who will then associate with their SFTP server and provide me the user credential.

So, literally i am using SFTP receiver adapter. Till which step would i need to follow for this .

manoj_khavatkopp
Active Contributor
‎09-21-2016 10:56 AM
0 Kudos

The blog is irrespective of the Sender/Reciever adapter.

because in both the case PI needs to have private key (chekc sender and recivere sftp channel you have option to configure Private key and not public key) and Server needs to have public ssh key , so you can follow the same blogs.

former_member186851
Active Contributor
‎09-21-2016 11:03 AM
0 Kudos

Hello Sam,

As Mentioned earlier keys are used for handshake and authentication.

you can use it irrespective of sender/receiver and for 2 approaches already Manoj shared links

silentbull
Participant
‎09-21-2016 11:33 AM
0 Kudos

Finally, from licensing part, am I ok to use winscp/putty/Cygwin/openssh as part of freeware or will that create any licensing issue since I am generating the keys from that.

former_member186851
Active Contributor
‎09-21-2016 11:34 AM
0 Kudos

Hello Sam,

They all are freeware are per my knowledge,doesn't require any license.

former_member186851
Active Contributor
‎09-21-2016 11:35 AM
0 Kudos

You can close the thread if your queries are addressed.

former_member186851
Active Contributor
‎09-20-2016 5:58 PM
0 Kudos

Hello Sam,

Basically the keys are used for handshake and authentication.

So once the deploy the public key and from PI you will deploy private key, communication will happen through key authentication.

SFTP will reside in there side only make sure no network issue/port/firewall will not be a barrier for connection.

For Key generation you can check the below link

https://wiki.scn.sap.com/wiki/display/XI/Generating+SSH+Keys+for+SFTP+Adapters+-+Type+1

Link for SFTP adapter

Some discussion on the same

SFTP Sender adapter with Private key | SCN

Show replies
Show replies
Ask a Question