Authenticate an Inbound Node Using Key Information

This scenario builds on the Basic SFTP Configuration by adding inbound user authentication using a key. This authentication method requires that credentials for the remote server be defined in the netmap since only the password can be passed through to the remote server. You must add the key information to the user definition before you can test this scenario. Refer to Add SSH Keys to a User Account for instructions.

To add support for key authentication:
  1. From IBM Sterling Secure Proxy, select Configuration from the left hand-side navigation panel.
  2. Click Policies, then in the SFTP Forward Proxy Policy tile, click View Policies to display the list of created SFTP Forward Proxy Policies.
  3. Choose the policy you wish to edit, then click on the Edit icon.
  4. Click the Advanced tab.
  5. Select Key as the Required Authentication Method under SSH Authentication Method.
  6. Enable the User Authentication: Through Local User Store option.
  7. External Credentials Mapping configuration options:
    1. If From Netmap is selected under External Credentials then configure below.

      Click Netmap under Configuration and click View Netmaps of SFTP Forward Proxy tile > Edit Netmap that is configured Select Outbound Nodes > Edit Outbound node name > Select Advanced tab > Fill in the Userid and password of the remote server.

    2. If From User is selected under External Credentials then userid and password of the remote server should be provided from client.
  8. Click Save.