Skip to Content

Changes for page SFTP Known Hosts

Last modified by Danniar Firdausy on 2024/09/18 20:35
From version 26.1
edited by Erik Bakker
on 2024/06/20 09:07
Change comment: There is no comment for this version
To version 24.1
edited by Erik Bakker
on 2023/01/23 10:10
Change comment: There is no comment for this version

Summary

Details

Page properties
Title
... ... @@ -1,1 +1,1 @@
1 -SFTP Known Hosts
1 +SFTP Security
Parent
... ... @@ -1,1 +1,1 @@
1 -Main.eMagiz Academy.Microlearnings.Intermediate Level.File based connectivity.WebHome
1 +WebHome
Content
... ... @@ -1,6 +1,6 @@
1 1  {{container}}{{container layoutStyle="columns"}}(((
2 2  
3 -In an earlier [[microlearning>>Main.eMagiz Academy.Microlearnings.Intermediate Level.File based connectivity.intermediate-file-based-connectivity-sftp-connectivity||target="blank"]], we discussed how to connect to an SFTP from eMagiz. Later on we zoomed in on an alternative security method to authenticate yourself at the SFTP. More on this can be found in this [[microlearning>>Main.eMagiz Academy.Microlearnings.Intermediate Level.File based connectivity.intermediate-file-based-connectivity-sftp-security||target="blank"]]. In this microlearning, we want to expand our knowledge and look at a way to store the unique fingerprint of the SFTP to avoid that someone else can pretend to be the SFTP when you want to send data (i.e. a "man in the middle attack").
3 +In the last microlearning, we discussed how to connect to an SFTP from eMagiz. In this microlearning, we want to expand our knowledge and look at a more complex security configuration when connecting to SFTP instances. The configuration we are talking about is the private key configuration.
4 4  
5 5  Should you have any questions, please get in touch with [[academy@emagiz.com>>mailto:academy@emagiz.com]].
6 6  
... ... @@ -15,15 +15,19 @@
15 15  
16 16  By SFTP security, we mean: Making sure that the SFTP we connect to knows that we are indeed eMagiz
17 17  
18 -* Each SFTP has a unique fingerprint that identifies the SFTP.
19 -* To prevent a "man in the middle" attack, this fingerprint needs to be stored client side.
20 -* There are two distinct methods to generate the known hosts file.
18 +* Private key is unique per client
19 +* Private key should only be known to the client
20 +* Public key should be known to the SFTP (server), so they trust us when we set up the communication
21 +* A private key comes with a passphrase
21 21  
22 -== 3. SFTP Known Hosts ==
23 +== 3. SFTP Security ==
23 23  
24 -In this microlearning, we want to expand our knowledge and look at a way to store the unique fingerprint of the SFTP to avoid that someone else can pretend to be the SFTP when you want to send data (i.e. a "man in the middle attack"). To retrieve the unique fingerprint of an SFTP you first need to connect to the SFTP in question. This way you can retrieve the unique fingerprint and secure it in a file for future use to prevent the "man in the middle attack".
25 +In the last microlearning, we discussed how to connect to an SFTP from eMagiz. In this microlearning, we want to expand our knowledge and look at a more complex security configuration when connecting to SFTP instances. The configuration we are talking about is the private key configuration.
25 25  
26 -There are two distinct ways of retrieving and storing the unique fingerprint of the SFTP in a "known hosts file". The first option is portal based and the second option is command line based. The preferred option is the portal based one. Do note that the first option only works if the SFTP is **publicly** accessible without any IP restrictions.
27 +* Private key is unique per client
28 +* Private key should only be known to the client
29 +* Public key should be known to the SFTP (server), so they trust us when we set up the communication
30 +* A private key comes with a passphrase
27 27  
28 28  If you are looking for some introductory reading into certificates, please check this [[microlearning>>doc:Main.eMagiz Academy.Microlearnings.Novice.Securing Data Traffic.novice-securing-your-data-traffic-what-are-certificates.WebHome||target="blank"]].
29 29  
... ... @@ -37,14 +37,19 @@
37 37  
38 38  Using this setting gives the server the option to verify if the communication request came from eMagiz (or at least from the party that holds the private key of eMagiz). This is an additional security measure to ensure data integrity and quality.
39 39  
40 -== 4. Key takeaways ==
44 +== 4. Assignment ==
41 41  
46 +Check within your project(s) whether an SFTP connection is secured with the help of private key construction.
47 +This assignment can be completed with the help of the (Academy) project that you have created/used in the previous assignment.
48 +
49 +== 5. Key takeaways ==
50 +
42 42  * Private key is unique per client
43 43  * Private key should only be known to the client
44 44  * Public key should be known to the SFTP (server), so they trust us when we set up the communication
45 45  * A private key comes with a passphrase
46 46  
47 -== 5. Suggested Additional Readings ==
56 +== 6. Suggested Additional Readings ==
48 48  
49 49  If you are interested in this topic and want more information, please read the release notes provided by eMagiz. Furthermore, check out these links:
50 50  
... ... @@ -52,4 +52,8 @@
52 52  * [[SFTP Session Factory>>https://docs.spring.io/spring-integration/docs/2.2.6.RELEASE/reference/html/sftp.html#sftp-session-factory||target="blank"]]
53 53  * [[SFTP Authentication>>https://www.2brightsparks.com/resources/articles/sftp-authentication.html||target="blank"]]
54 54  
64 +== 7. Silent demonstration video ==
65 +
66 +As this is a more theoretical microlearning, there is no video.
67 +
55 55  )))((({{toc/}}))){{/container}}{{/container}}