SSH authentication in SFTP
SSH key base authentication is an access credential authentication using SSH protocol. It’s similar to username/password based authentication but here the SSH key is used instead of password. Now it become a norm to use SSH authentication in SFTP.
The key-based authentication mechanism in SSH is called public key authentication. Essentially, some session-specific data is signed using the private identity key. The signature is then sent to the server that checks if the key used for signing is configured as an authorized key. The server then verifies the digital signature using the public key in the authorized key. The identity key is never sent to the server.
The essential thing in public key authentication is that it allows one server to access another server without having to type in a password. This powerful feature is why it is so widely used for file transfers (using the SFTP protocol) and configuration management.
Keys and Passphrase associated with SSH
- Public Key – Authorized keys are public keys that grant access. They are analogous to locks that the corresponding private key can open.
- Private Key – Identity keys are private keys that an SSH client uses to authenticate itself when logging into an SSH server.
- Passphrase – A password generally refers to a secret used to protect an encryption key. Commonly, an actual encryption key is derived from the passphrase and used to encrypt the protected resource.
Creating SSH key – we can use online tool to generate the SSH key https://8gwifi.org/sshfunctions.jsp
Provide the Passphrase and choose the required algorithm and key size
Save the private and public key as
- Private key – mulesy_ssh_rsa_2048.ppk
- Public key – mulesy_ssh_rsa_2048.pub
We can have two scenarios in SFTP configuration
- SFTP server owner will provide the username, private key and passphrase for authentication
- We can generate the SSH key pair and provide the public key to SFTP server owner and use our private key for authentication along with passphrase (as we generated above). Server owner will add the public key for authentication. This is quite a practise now in companies who are providing shared SFTP server access to their client.
In both case we will have username, private key and passphrase.
Let’s see how we will configure this in MuleSoft
Add the private key in resources folder
Create a SFTP configuration and provide the username, private key and passphrase as below
This will authenticate the MuleSoft application to access the SFTP using SSH key
Hi
if we add ppk file in project then production sftp ppk file will be also available to every one
do we have some alternate option to achieve this. if i have only ppk file (no storage location available also)
PPK file needs to be deployed along with the application and can’t be referred from outside.
Thanks
Mulesy Team