Scribd
Upload
12 views11 pages

SFTP Authentication v3

sftp_authentication_v3

Uploaded by

aleem.shabbir
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
12 views11 pages

SFTP Authentication v3

sftp_authentication_v3

Uploaded by

aleem.shabbir
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 11

Oracle Financial Services Revenue

Management and Billing Cloud Service

sftp Authentication
ORACLE WHITE PAPER | JANUARY 2016
Disclaimer
The following is intended to outline our general product direction. It is intended for information
purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any
material, code, or functionality, and should not be relied upon in making purchasing decisions. The
development, release, and timing of any features or functionality described for Oracle’s products
remains at the sole discretion of Oracle.

SFTP AUTHENTICATION
Table of Contents

Disclaimer 1

Introduction 1

Authentication Overview 1

Establishing Authentication 2

Generate Public/Private Key Pair 2

Step 1 – open puttygen.exe 2

Step 2: Generate keys. 4

Step 3: Save private key 4

Step 4: Save public key to text file 4

Submit public key to Oracle 6

Logging on with Key Based Authentication 6

Windows - WinSCP 6

References 7

SFTP AUTHENTICATION
Introduction
This document outlines how to establish authentication with the sftp hosts in the ORMB cloud service
using keys.

Authentication Overview
Authentication is based on a public and private key being generated. The public key is placed on the server, while
the private key remains in a secure location on the client computer. These public/private keys use asymmetric
cryptography to establish the clients identity.

Step 1:
Initiate initial connection
with username Step 2:
Generate a
challenge
message using
Step 3: public key
Send challenge
Step 4: message to client
Prompt for passphrase
to access private key
Private Key and decrypt challenge
message (response
message) Public Key
Step 5:
Send response
message to server Step 6:
Validate response
message with
original challenge
message and
allow access if
same

Summary of ssh key based authentication.

When using Key based Authentication the following occurs:

» An initial connection is made by the client providing the username and request to authenticate using keys.
» The sftp server (sshd) takes the public key for that user and constructs a message based on the public key. This
message (or challenge) is returned to the sftp client.
» The client locates the local private key and prompts for a passphrase to access to local key (when necessary).
» The client then generates a response to the challenge message using the private key. This response is sent to
the sever.
» The server takes the message response and validates it using the public key and grants access.

SVTP AUTHENTICATION
Establishing Authentication

Generate Public/Private Key Pair


Use puttygen.exe to generate the public private key pair. From WinSCP there is a menu item to for PuttyGen under
the Tools menu as shown here:

Step 1 – open puttygen.exe

2 | SFTP AUTHENTICATION
Select options

» Type of key generate : SSH-2 RSA


» Number of bits in a generated key: 2048

3 | SFTP AUTHENTICATION
Step 2: Generate keys.
Click on the Generate button and move the mouse as directed until the keys are generated.

Assign a comment to the key so that it can be identified.

Step 3: Save private key


Once the keys are generated – save the private key to a secure location, assigning a pass phrase. While assigning
a passphrase is not required it is strongly recommended. This passphrase will be required to subsequently access
the private key.

Important: It is critically important that the private key file is secured and protected at all times.

Step 4: Save public key to text file

4 | SFTP AUTHENTICATION
Using the button “Save public key” saves the key in the incorrect format, a better way is to copy the public key text
and from the puttygen screen and paste it into a text file to save it.

Specifically copy text from the top of the puttygen screen:

And paste it in a text file.

5 | SFTP AUTHENTICATION
Save this text file containing the public key.

Tip: You may save the file with any extension, but “.pub” is a useful convention to indicate that this is a public key.

Once finished you should have two files, a file containing the private key and a file containing the public key.

The private key remains in your possession, and the public key is sent to Oracle so that it can use it for
authentication of the sftp service.

Submit public key to Oracle


Raise a service request with Oracle Global Support and attach the public key file only. Identify both the user and
environment you would like to use this public key to establish an authenticated session. The user should already
have been created by Oracle and a temporary password provided. This key pair will replace the password
authentication.

Oracle will take the public key and associate it with the relevant user on the relevant environment, updating the
service request when done.

Logging on with Key Based Authentication

Windows - WinSCP
There are multiple sftp clients available and you will need to consult the documentation of the sftp client you are
using to understand the syntax of how to refer to the private key when connecting.

As an example – using WinSCP, create a new site – entering the hostname and port. Then under
Advanced>Authentication set path and filename of the private key as shown in screen shot.

6 | SFTP AUTHENTICATION
Finally enter the User name – which is the same username you requested the public key to be associated with when
sending the public key to Oracle, and leave the password blank.

Click Save, then Login and an authenticated session should be established.

If you put a pass phrase on your local private key, you will be prompted to enter that so that WinSCP can open the
private key file.

References
https://docs.oracle.com/cloud/latest/dbcs_dbaas/CSDBI/GUID-4285B8CF-A228-4B89-9552-
FE6446B5A673.htm#CSDBI3349

7 | SFTP AUTHENTICATION
Oracle Corporation, World Headquarters Worldwide Inquiries
500 Oracle Parkway Phone: +1.650.506.7000
Redwood Shores, CA 94065, USA Fax: +1.650.506.7200

CONNECT W ITH US

blogs.oracle.com/oracle
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only, and the
contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other
facebook.com/oracle warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or
fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are
formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any
twitter.com/oracle means, electronic or mechanical, for any purpose, without our prior written permission.

oracle.com Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and
are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are
trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group. 0116

sftp Autentication Overview


January 2016
Author: FSGBU

You might also like