SSH/SFTP
SSH/SFTP provides a more secure means than FTP to exchange information with trading partners. During an FTP session, the user name and password are transmitted in clear text. An eavesdropper can easily log this FTP user name and password. Using SSH/SFTP instead of FTP, the entire login session, including transmission of password, is encrypted, making it much more difficult for an outsider to observe and collect passwords. By encrypting all traffic, SSH/SFTP effectively eliminates eavesdropping, connection hijacking, and other network-level attacks.
You can configure SSP to require authentication with a password and public key for SSH/SFTP connections. Authentication for SSH/SFTP connections is performed by the exchange of session keys between the server and the client. This assures that both parties know whom they are exchanging data with.
- Inbound connections
- Local Host Key—Private key used by SSP to identify itself to the client
- Authorized User Key—Public key used by SSP to authenticate the user (optional)
-
Outbound connections
- Known Host Key—Public key used by SSP to authenticate the server
- Local User Key—Private key used by SSP to identify itself to the server during public key user authentication (optional)
Because public key server authentication is mandatory in SSH, you must configure both local host keys and known host keys. Client authentication is performed using a password or public key (or both) in SSH. As a result, authorized user keys and local user keys are required only if you plan to use public key authentication. You can choose different user authentication methods for the inbound and outbound connections.
In Configuration Manager, you must create at least one key within a key store to save the key store definition. You can add as many keys as needed to a key store, and they can be shared between multiple adapters. When you have configured SSH key stores, you can copy them (and the keys within them) to create new key stores.