SSH authentication in SFTP

 

SSH key base authentication is an access credential authentication using SSH protocol. It’s similar to username/password based authentication but here the SSH key is used instead of password. Now it become a norm to use SSH authentication in SFTP.

The key-based authentication mechanism in SSH is called public key authentication. Essentially, some session-specific data is signed using the private identity key. The signature is then sent to the server that checks if the key used for signing is configured as an authorized key. The server then verifies the digital signature using the public key in the authorized key. The identity key is never sent to the server.

The essential thing in public key authentication is that it allows one server to access another server without having to type in a password. This powerful feature is why it is so widely used for file transfers (using the SFTP protocol) and configuration management.

Keys and Passphrase associated with SSH

  • Public Key – Authorized keys are public keys that grant access. They are analogous to locks that the corresponding private key can open.
  • Private Key – Identity keys are private keys that an SSH client uses to authenticate itself when logging into an SSH server.
  • Passphrase – A password generally refers to a secret used to protect an encryption key. Commonly, an actual encryption key is derived from the passphrase and used to encrypt the protected resource.

Creating SSH key – we can use online tool to generate the SSH key https://8gwifi.org/sshfunctions.jsp

Provide the Passphrase and choose the required algorithm and key size

SSH authentication in SFTP

 

Save the private and public key as

  • Private key – mulesy_ssh_rsa_2048.ppk
  • Public key – mulesy_ssh_rsa_2048.pub

We can have two scenarios in SFTP configuration

  • SFTP server owner will provide the username, private key and passphrase for authentication
  • We can generate the SSH key pair and provide the public key to SFTP server owner and use our private key for authentication along with passphrase (as we generated above). Server owner will add the public key for authentication. This is quite a practise now in companies who are providing shared SFTP server access to their client.

In both case we will have username, private key and passphrase.

Let’s see how we will configure this in MuleSoft

Add the private key in resources folder

 

Create a SFTP configuration and provide the username, private key and passphrase as below

 

This will authenticate the MuleSoft application to access the SFTP using SSH key

 

  
Thank you for taking out time to read the above post. Hope you found it useful. In case of any questions, feel free to comment below. Also, if you are keen on knowing about a specific topic, happy to explore your recommendations as well.
 
For any latest updates or posts on our website, you can follow us on LinkedIn. Look forward to connecting with you there.


Share this:
Subscribe
Notify of
guest
2 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
prakash
prakash
1 year ago

Hi
if we add ppk file in project then production sftp ppk file will be also available to every one
do we have some alternate option to achieve this. if i have only ppk file (no storage location available also)