Authentication Using SSH Keys
Authentication for SSH/SCP connections is performed by the exchange of session keys for the server and the client. This exchange assures that both parties know who they are exchanging data with.
Sterling B2B Integrator uses passive key exchange. That is, whenever there is an action from the client side, the system checks to see if key exchange is needed. This works securely with a firewall configured to abort idle connections at a specified length of time.
There are two options for authentication, user ID and password or user ID and user key.
Sequence of events:
- Client issues a request for connection.
- Server responds with host signature. This must match the host key provided separately when establishing the trading partner relationship.
- Client sends user ID and password or user ID and user signature, depending on the server requirements. If a user signature is required, it must match the key provided separately when establishing the trading partner relationship.
- Server grants connection rights and a session key is generated.
Session keys are recreated after every one Gigabyte of transfer or every one hour, whichever comes first. This protects the security of SSH/SCP transfers for large file transfers or long-lived sessions.
The following keys are used for the SFTP Server adapter to allow connections from remote clients:
- Authorized User Key – Public key used to authenticate remote users to Sterling B2B Integrator SFTP Server adapters. Optionally, request this key from your trading partner and include it in their user account in Sterling B2B Integrator.
- Host Identity Key – Private/Public key pair used to identify the Sterling B2B Integrator SFTP Server adapter to remote clients. Generate this key within Sterling B2B Integrator.