Body

Public key authentication is an alternative means of identifying yourself to a login server, instead of typing a password. This blog demonstrates how to configure SBI SFTP Server Adapter for key based authentication. In this example, I have used WinSCP client and puttygen tool.

PuTTYgen is a key generator. It generates pairs of public and private keys to be used with WinSCP for key based authentication. Basically the tool that is used to generate keys really shouldn't matter. It is the key that is important. Thus the user can choose other clients and other ways to create keys for authentication.

PuttyGen can be downloaded from - http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

Step 1. Create a Host Identity key in SBI

Log on to the SBI dashboard application and navigate to Deployment > SSH Host Identity Key and create New SSH Host Identity Key and save the key.

Step 2. Create a SFTP Server Adapter.

You can create new SFTP Server Adapter from Dashboard > Deployment > Services page. When creating the SFTP Server Adapter choose the Host Identity Key created in step 1 and also choose the Required Authentication as "Password or Public Key". Then save the configuration and note down the SFTP Server Adapter port number.

Step 3. Use PuttyGen to generate public and private key pair for authentication and save the private key and public key to local machine.

Once you create the public and private key save the keys separately into the local machine. In this case I have exported the public key as Public_key.pub and private key as Private_key.ppk

Step 4. Check in the public part in SBI as Authorized User Key.

To check in the public key navigate to dashboard > Trading Partner > SSH > Authorized User Key page and check-in the public key created in step 4. Here I have imported the public key with Key Name as "Public_Key".

Step 5: Create a new user in SBI and associate the imported public key to the new user.

To create a new user navigate to dashboard > Accounts > User accounts Page. When creating the user choose the public key from left side to right side as shown below.

Then choose the required permission and groups for the user and save the user.

Step 6: Open WinSCP client.

Click on new site and enter the server credentials like hostname,port and username. Since this is key based authentication it does not require password.

Once you enter the above credentials click on the Advanced button and choose the private key.

Once you choose the private key then save the configuration and connect to the server. Now the authentication will happen using public key without password.

We are now done with public key authentication. The client now connected to the server without password but key based.