IBM Support

The difference between the 4 sftp (SSH) keys in IBM Sterling B2B Integrator

Technical Blog Post


Abstract

The difference between the 4 sftp (SSH) keys in IBM Sterling B2B Integrator

Body

The difference between the 4 sftp (SSH) keys in IBM Sterling B2B Integrator (SBI).

Known Host Key
User Identity Key
Authorized User Key
SSH Host Identity Key

The easiest way to understand the keys is that you have 2 keys that Identify your partner, and 2 that Identify you.

The 2 keys that identify your partner: Known Host Key & Authorized User Key, are given to you, or you reach out and grab them with a utility in SBI, however, in either case you normally do not create them.

The 2 keys that Identify you: User Identity Key & SSH Host Identity Key, you create/generate either in SBI or with an external application, like openSSH. 

Now let’s see these key locations in the application….

image

-The Known Host Key is the public portion of your partners remote SFTP Server adapter.

  • This key is either sent to you, or, you can use the ssh key grabber utility within SBI to retrieve it. 

Clicking on the Known Host Key link brings you to the following page:

image

Clicking [Go!] next to 'Check in' opens this page:

image

From here you can either check in the key from a file that your partner sent you, or, you can let the ssh key grabber utility reach out to the remote SFTP Server and retrieve the key for you. Just follow the prompts for your selection.

-The Authorized User Key may or may not be used. 

  • If used, you should be sent this key by your partner. 
  • Is the public portion of the key that identifies your partner.
  • It will get associated to the user account that you partner uses to log on to the SBI SFTP Server adapter.

Clicking on the Authorized User Key link brings you to the following page:

image

Clicking [Go!] in 'Check in' opens this page:

image

Simply give it a name, then use the [Choose File] button to find the key file that was sent to you.

After it's added, select 'List' ALL, you will see a list of all your Authorized User Keys (like below).

image

Now you will need to associate this Authorized User Key to the user account that your partner will use to log on to the SBI SFTP Server adapter with.

From User Accounts [Edit] the user account your partner will use.

image

Hit [Next] to go to the second screen to see the following:

image

Notice all the above keys are the same ones we saw when we did a list ALL on the SSH Authorized User Keys.

Just highlight the correct one for the partner you are working with then hit the single arrow pointing to the right to move it in place.

[Next] and [Save] your way out of the User Account.

-The User Identity Key may or may not be used. 

  • If used, you would create it, check out (the public portion) from the application, and give it to your partner.
  • This key will be used to verify who you are during logging on. 
  • It's usually specific to a user account on the remote SFTP Server location.

image

Clicking [Go!] in 'Create' opens this page:

imageSimply give it a name, fill out the fields according to your companies security directive (more than likely the Key Length will be 2048).

[Next], [Save] and [Finish] your way out of these screens.

When you List ALL you will see the one you created in the list. Like below

image

Click [check out] and follow the on screen prompts to save this file to your workstation.  This file will need to go to your trading partner.

For use in SBI this key will be referenced in the SSH Remote Profile or in bpml under a parameter called UserIdentityKeyId.

-The SSH Host Identity Key is the key that goes on the SBI SFTP Server adapter.  This key will always be used when you are hosting a SBI SFTP Server adapter.  Normally it will be created in our application. Your partner will always need the public portion of this key to connect to the SBI SFTP Server adapter.

image

Clicking [Go!] in 'Create' opens this page:

image

Simply give it a name, fill out the fields according to your companies security directive (more than likely the Key Length will be 2048).

[Next] and [Finish] your way out of these screens.

After it's added, select 'List' ALL, you will see a list of all your SSH Host Identity Keys (like below).

image

Click [check out] and follow the on screen prompts to save this file to your workstation.  This file will need to go to your trading partner.

Now you will need to associate this SSH Host Identity Key to the SBI SFTP Server adapter.

From Deployment>Services>Configuration find the SBI SFTP Server adapter your partner will use.

image

image

image

Highlight the SSH Host Identity Key that you created a few steps above.

image

[Save] and [Finish] your way out of these screens.

Hopefully, it will be easier to know what to do when you are dealing with the different ssh keys in SBI.

And as always, if additional assistance is needed regarding ssh keys please open a pmr to get it addressed.

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS3JSW","label":"IBM Sterling B2B Integrator"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]

UID

ibm11120707

Page Feedback