Wiki source code of SFTP Security
Last modified by Erik Bakker on 2023/10/17 11:23
Show last authors
| author | version | line-number | content |
|---|---|---|---|
| 1 | {{container}}{{container layoutStyle="columns"}}((( | ||
| 2 | |||
| 3 | In the last microlearning, we discussed how to connect to an SFTP from eMagiz. In this microlearning, we want to expand our knowledge and look at a more complex security configuration when connecting to SFTP instances. The configuration we are talking about is the private key configuration. | ||
| 4 | |||
| 5 | Should you have any questions, please get in touch with [[academy@emagiz.com>>mailto:academy@emagiz.com]]. | ||
| 6 | |||
| 7 | == 1. Prerequisites == | ||
| 8 | |||
| 9 | * Basic knowledge of the eMagiz platform | ||
| 10 | * Novice course on File-based connectivity | ||
| 11 | |||
| 12 | == 2. Key concepts == | ||
| 13 | |||
| 14 | This microlearning is about SFTP security. | ||
| 15 | |||
| 16 | By SFTP security, we mean: Making sure that the SFTP we connect to knows that we are indeed eMagiz | ||
| 17 | |||
| 18 | * Private key is unique per client | ||
| 19 | * Private key should only be known to the client | ||
| 20 | * Public key should be known to the SFTP (server), so they trust us when we set up the communication | ||
| 21 | * A private key comes with a passphrase | ||
| 22 | |||
| 23 | == 3. SFTP Security == | ||
| 24 | |||
| 25 | In the last microlearning, we discussed how to connect to an SFTP from eMagiz. In this microlearning, we want to expand our knowledge and look at a more complex security configuration when connecting to SFTP instances. The configuration we are talking about is the private key configuration. | ||
| 26 | |||
| 27 | * Private key is unique per client | ||
| 28 | * Private key should only be known to the client | ||
| 29 | * Public key should be known to the SFTP (server), so they trust us when we set up the communication | ||
| 30 | * A private key comes with a passphrase | ||
| 31 | |||
| 32 | If you are looking for some introductory reading into certificates, please check this [[microlearning>>doc:Main.eMagiz Academy.Microlearnings.Novice.Securing Data Traffic.novice-securing-your-data-traffic-what-are-certificates.WebHome||target="blank"]]. | ||
| 33 | |||
| 34 | As the private key is yours, you can ask a trusted party to generate the key, or you could create it yourself. The latter part happens a lot when connecting to an SFTP. You could use a tool like PuttyGen to achieve this. As a result, you will have a keypair. The private key should be kept safely with you in eMagiz, and you need to share the public key with the SFTP server party. In this microlearning, I will not explain how PuttyGen works in detail. Instead, we will focus on the part in eMagiz. In eMagiz, we need to refer to the key file (linked under Resources), and we need to refer to the password we use to save our key file securely. | ||
| 35 | |||
| 36 | [[image:Main.Images.Microlearning.WebHome@intermediate-file-based-connectivity-sftp-security--private-key-config.png]] | ||
| 37 | |||
| 38 | Note that the use of a password and a private key are mutually exclusive. So you need to either provide a password or a private key for authentication. In the help text provided by eMagiz, you can see how the reference to the key file should be made. | ||
| 39 | |||
| 40 | When you have configured these settings, you have finished the configuration in eMagiz. Now you could test whether the configuration is set up correctly between eMagiz and the SFTP. If this is not the case, eMagiz will notify you via the Manage phase, either as an error message or a log entry. | ||
| 41 | |||
| 42 | Using this setting gives the server the option to verify if the communication request came from eMagiz (or at least from the party that holds the private key of eMagiz). This is an additional security measure to ensure data integrity and quality. | ||
| 43 | |||
| 44 | == 4. Key takeaways == | ||
| 45 | |||
| 46 | * Private key is unique per client | ||
| 47 | * Private key should only be known to the client | ||
| 48 | * Public key should be known to the SFTP (server), so they trust us when we set up the communication | ||
| 49 | * A private key comes with a passphrase | ||
| 50 | |||
| 51 | == 5. Suggested Additional Readings == | ||
| 52 | |||
| 53 | If you are interested in this topic and want more information, please read the release notes provided by eMagiz. Furthermore, check out these links: | ||
| 54 | |||
| 55 | * [[SFTP Outbound>>https://docs.spring.io/spring-integration/docs/2.2.6.RELEASE/reference/html/sftp.html#sftp-outbound||target="blank"]] | ||
| 56 | * [[SFTP Session Factory>>https://docs.spring.io/spring-integration/docs/2.2.6.RELEASE/reference/html/sftp.html#sftp-session-factory||target="blank"]] | ||
| 57 | * [[SFTP Authentication>>https://www.2brightsparks.com/resources/articles/sftp-authentication.html||target="blank"]] | ||
| 58 | |||
| 59 | )))((({{toc/}}))){{/container}}{{/container}} |