Authentication Using SSH/SFTP Keys

Edit online

Authentication for SSH/SFTP connections is performed by the exchange of session keys for the server and the client. This exchange assures that both parties know who they are exchanging data with.

The system uses passive key exchange. That is, whenever there is an action from the client side, the system checks to see if key exchange is needed. This works securely with a firewall configured to abort idle connections at a specified length of time.

There are two options for authentication: user ID and password or user ID and user key.

Sequence of events:

  1. Client issues a request for connection.
  2. Server responds with host signature. This must match the host key provided separately when establishing the trading partner relationship.
  3. Client sends user ID and password and/or user ID and user signature, depending on the server requirements. If a user signature is required, it must match a key provided separately when establishing the trading partner relationship. Server grants connection rights and a session key is generated.

Session keys are recreated after every one gigabyte of transfer or every one hour, whichever comes first. This protects the security of SSH/SFTP transfers for large file transfers or long-lived sessions.

The following keys are used to allow an SFTP Client adapter to connect with a remote SFTP server.

  • User Identity Key – Private/Public key pair used to identify Sterling B2B Integrator as a user on a remote server. Generate this key within Sterling B2B Integrator and provide the public part of the key to your trading partner.
  • Known Host Key – Public key used to authenticate remote SFTP servers to Sterling B2B Integrator's SFTP Client adapter. Request this key from your trading partner.

The following keys are used by the SFTP Server adapter to allow connections from remote clients:

  • Authorized User Key – A public key used to authenticate remote users to Sterling B2B Integrator SFTP Server adapters. One one or more Authorized User keys can be associated with a user account. Request the key(s) from your trading partner and include the key(s) in their Sterling B2B Integrator user account.
  • Host Identity Key – Private/Public key pair used to identify the Sterling B2B Integrator SFTP Server adapter to remote clients. Generate this key within Sterling B2B Integrator.