Skip to Content

Changes for page SFTP Known Hosts

Last modified by Danniar Firdausy on 2024/09/18 20:35
From version 34.14
edited by Danniar Firdausy
on 2024/09/18 20:35
Change comment: There is no comment for this version
To version 34.12
edited by Danniar Firdausy
on 2024/09/11 17:17
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -1,6 +1,6 @@
1 1  {{container}}{{container layoutStyle="columns"}}(((
2 2  
3 -In our previous [[microlearning>>Main.eMagiz Academy.Microlearnings.Intermediate Level.File based connectivity.intermediate-file-based-connectivity-sftp-connectivity||target="blank"]], we explored how to connect to an SFTP server using eMagiz and discussed an alternative security method for authentication. Now, we are going to delve deeper into securing your SFTP connections by storing the server’s unique fingerprint to protect against "man in the middle" attacks. This microlearning will guide you through the process of generating and managing a "known hosts" file to ensure you're always connecting to the correct SFTP server.
3 +In an earlier [[microlearning>>Main.eMagiz Academy.Microlearnings.Intermediate Level.File based connectivity.intermediate-file-based-connectivity-sftp-connectivity||target="blank"]], we discussed how to connect to an SFTP from eMagiz. Later on we zoomed in on an alternative security method to authenticate yourself at the SFTP. More on this can be found in this [[microlearning>>Main.eMagiz Academy.Microlearnings.Intermediate Level.File based connectivity.intermediate-file-based-connectivity-sftp-security||target="blank"]]. In this microlearning, we want to expand our knowledge and look at a way to store the unique fingerprint of the SFTP to avoid that someone else can pretend to be the SFTP when you want to send data (i.e. a "man in the middle attack").
4 4  
5 5  Should you have any questions, please get in touch with [[academy@emagiz.com>>mailto:academy@emagiz.com]].
6 6  
... ... @@ -12,16 +12,17 @@
12 12  == 2. Key concepts ==
13 13  
14 14  This microlearning is about SFTP known host files.
15 -* By SFTP known hosts, we mean: Making sure that we are certain that we connect to the correct SFTP to prevent data theft as a result of a "man in the middle" attack.
16 16  
17 -== 3. SFTP Known Hosts ==
16 +By SFTP known hosts, we mean: Making sure that we are certain that we connect to the correct SFTP to prevent data theft as a result of a "man in the middle" attack.
18 18  
19 -In this microlearning, we want to expand our knowledge and look at a way to store the unique fingerprint of the SFTP to avoid that someone else can pretend to be the SFTP when you want to send data (i.e. a "man in the middle attack"). To retrieve the unique fingerprint of an SFTP you first need to connect to the SFTP in question. This way you can retrieve the unique fingerprint and secure it in a file for future use to prevent the "man in the middle attack".
20 -
21 21  * Each SFTP has a unique fingerprint that identifies the SFTP.
22 22  * To prevent a "man in the middle" attack, this fingerprint needs to be stored client side.
23 23  * There are two distinct methods to generate the known hosts file.
24 24  
22 +== 3. SFTP Known Hosts ==
23 +
24 +In this microlearning, we want to expand our knowledge and look at a way to store the unique fingerprint of the SFTP to avoid that someone else can pretend to be the SFTP when you want to send data (i.e. a "man in the middle attack"). To retrieve the unique fingerprint of an SFTP you first need to connect to the SFTP in question. This way you can retrieve the unique fingerprint and secure it in a file for future use to prevent the "man in the middle attack".
25 +
25 25  There are two distinct ways of retrieving and storing the unique fingerprint of the SFTP in a "known hosts file". The first option is portal based and the second option is command line based. The preferred option is the portal based one. Do note that the first option only works if the SFTP is **publicly** accessible without any IP restrictions.
26 26  
27 27  === 3.1 Known Hosts File Generation - Portal ===
... ... @@ -66,9 +66,9 @@
66 66  
67 67  == 4. Key takeaways ==
68 68  
69 -* Each SFTP server has a unique fingerprint that serves as its identifier.
70 -* To protect against "man in the middle" attacks, you must securely store this fingerprint on the client side.
71 -* There are two methods for generating and managing the known hosts file: a portal-based approach and a command-line approach. The portal-based method is preferred for publicly accessible SFTP servers without IP restrictions.
70 +* Each SFTP has a unique fingerprint that identifies the SFTP.
71 +* To prevent a "man in the middle" attack, this fingerprint needs to be stored client side.
72 +* There are two distinct methods to generate the known hosts file.
72 72  
73 73  == 5. Suggested Additional Readings ==
74 74