Authenticating Outgoing Key or Certificate to Target SFTP Server

Outgoing SFTP key or certificate authentication is performed when MFT acts as a client and connects to a target SFTP server. It is the responsibility of the target SFTP server to request a key or certificate from MFT Internet Server. It is the responsibility of the Internet Server to provide the key or certificate to the SFTP server.

There are a few things that must be considered when MFT connects to a target server using the key or certificate authentication. These considerations can be configured on the Update Server page.

Procedure

Go to Partners > Servers > Manage Servers.
Select the server that you want to configure.
Ensure the SSH Options parameters are configured correctly:
Parameter Description
Key or Certificate Set to Key unless the target SFTP server requires certificate authentication.
SSH System Key Set to the desired key.
Click Retrieve SSH public key to associate the public key of the target server with this server and add it to the database.
Click Update to save the server definition.

Parameter	Description
Key or Certificate	Set to `Key` unless the target SFTP server requires certificate authentication.
SSH System Key	Set to the desired key.

Note: Alternatively, the transfer definition can override the SSH system key.

Converting SSH2 Key to an OpenSSH Key

Now, you must configure the target SSH server to associate an SSH public key with a user. This is done through the authorized_keys file in the ".ssh" directory for the target user.

The following is an example of an SSH2 key:

---- BEGIN SSH2 PUBLIC KEY ---- 
 Comment: "email@acme.com" 
 . . . . . . . . . . . . . . . . . . . 
 ---- END SSH2 PUBLIC KEY ----

The following is an example of an OpenSSH key:

ssh-rsa . . . . . . . . . 
. . . . . . . . . . . . . 
. . . . . . .==

To configure the target SSH server to associate an SSH public key with a user, complete the following steps in a Linux machine.

Procedure

Go to Management > Protocol Keys > System Keys > Manage Keys.
Select the system key that is used for key authentication. MFT supports both SSH2 and OpenSSH keys but generates the keys in the SSH2 key format.
Copy the key displayed in the Public Key tab.
Use the SSH command to communicate to the Linux machine.
Save the copied key to a file, namely, ssh2key.txt.
Convert the SSH2 key to an openssh key using the following command:
```
ssh-keygen -i -f ./sshkey.txt
```
The ssh-keygen command will display the key in the openssh format.
Save the openssh output of the previous command and update the authorized_keys file. Use the following command to perform the task:
```
cd /home/targetuser/.ssh
```
Use a vi text editor and add the OpenSSH key to the end of the authorized_keys file.

When any client logs in and selects a transfer definition that points to this server definition, MFT connects to the target SSH or SFTP server. If the server requests an SSH key, MFT authenticates using the configured SSH private key.

Did you find this helpful?

Yes No