Solved

Need to set up SSH key login

Posted on 2015-01-08
8
196 Views
Last Modified: 2015-01-11
A new client wants us to send them data using SFTP. They have asked for our public key.  We are not currently using SSH key authentication anywhere.  How can I set this up?  The data will be sent from a specific server only, and we currently send data to other clients using login\password authentication.
0
Comment
Question by:billherde
  • 4
  • 3
8 Comments
 
LVL 11

Accepted Solution

by:
Tej Pratap Shukla ~Dexter earned 167 total points
ID: 40539678
Hi Billherde,

While searching on google I just found a link on that there is an information about how to setup SSH keys:

Link: https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2

If you still need any help, let me know.

Thanks
Dexter
0
 
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 333 total points
ID: 40539801
what software will you be using to send the data?

Usually, when using SSH with key auth rather than password, you generate a keypair locally (I strongly advise "puttygen" from here, use no less than a 2048 bit key), send them the public key (cut and paste from the box labelled "Public key for pasting" into a text file, and attach that to the email. some email clients reformat body text) then save the private key in a suitable form.

many clients can use the putty standard file format directly - filezilla, for example - but you would need to specify the sending app before I could advise further.
0
 
LVL 3

Author Comment

by:billherde
ID: 40540552
Thank you for your replies.
The sending app is a home-built application built on .net architecture. We have built in the hooks to send password authentication, and not being a programmer, I do not know what would have to change in that.
I also found the links to set this up using putygen.  Please confirm this would need to be done from the server that will be making the connection. (fortunately only one)  
Another caveat in this is that sometime in the next year we expect we may be sending data from this server for two company names, at the same recipient server.  We would be able to keep the data seperate using login names for authentication, but if the only authentication is a key, I need to confirm if there would be issues using multiple keys on the same server. (I would think not, but as I said, this is new ground for me.)
0
 
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 333 total points
ID: 40540675
OK, I see the issue.
you are using password auth in ssh. depending on the dotnet library you are using for ssh, you will want to supply the key in place of the password; for instance, in sharpssh you would use the addIdentity method to load the key,....

puttygen will give you two things - a public key (send to the server's owner) and the private key (you keep this, and supply it to the library to authenticate to the server with)
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 3

Author Comment

by:billherde
ID: 40542207
Let me give that t shot.  will get back to you.  Thanks.
0
 
LVL 3

Author Comment

by:billherde
ID: 40543115
Using puttygen I created a keypair and set up a user on the ftp server with key authorization.  I am using Ceberus FTP as the FTP host. This part I am pretty sure is done correctly as I have another client that connects with a public key and it is working.

I have been trying to use filezilla to test and educate myself on how it works.  I am unable to get it connected. The server is responding with "2015/01/11 07:02:29       [1068]       Disconnect reason: No supported authentication methods available"

I have tried loading the private key in pagent, I have tried adding it to the SFTP setting in filezilla.  The SSH connection type is selected, and I have tried every option for logon type.  I also found a reference to the puttygen string getting formatted when saving, and have made the public key file again by copy/paste out of the puttygen window.  Also noted that the client supplied pub files do not have the "begin ..." text at the start of the public key and tried a version that more closely resembled public keys that work.

Any ideas what I should be doing to get these keys to work?

reference links
http://askubuntu.com/questions/204400/ssh-public-key-no-supported-authentication-methods-available-server-sent-publ
https://www.digitalocean.com/community/tutorials/how-to-use-filezilla-to-transfer-and-manage-files-securely-on-your-vps
https://wiki.filezilla-project.org/Howto
http://superuser.com/questions/180221/connect-to-server-using-sftp-and-public-ssh-key-using-filezilla-on-windows
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 40543389
pagant should work - I use that method myself; also, if you don't have a password set on the putty private key, you can add it directly into the filezilla setup (Connection -> SFTP and "add keyfile" - needless to say, this doesn't work if there is a password set on the keyfile.)

Public keys for openssh use (the most common) do not begin with "begin..." - those are for commercial ssh - if you need those, then you should use the menu option "save public key" in puttygen - otherwise, the text box in puttygen labelled "public key..." and containing text beginning "ssh-rsa" or "ssh-dsa" is the openssh key, and should be cut and pasted from that box to send to the server's owner.

in filezilla, you should select the protoocol sftp and logon type normal, leaving the password field blank. The fact you are getting the "no supported auth" error should indicate that you got this correct, although the refusal to honour the pagant is puzzling, and it is more likely that the error is at the remote (server) side.
0
 
LVL 3

Author Closing Comment

by:billherde
ID: 40543751
The final issue was the simple stuff.  I had typo'd the username on the filezilla site setup.  Must have looked at it 50 times before I saw the missing letter.

Thanks for all the help.  Puttygen was easy to use to create the keys.  Filezilla and Pagent work well enough to get the job done.  I like it best with the apps installed so the .ppk files associate with Pagent.  That saves some clicks and complexity for the users.  Filezilla running from a shared location on the terminal server will keep me from having to set up for multiple usrs, but I have not tested if it will cause an issue with more than one user hitting it at a time.  Users will not be an issue once the parser takes over the job.

So now I have another tool on the bat belt.

Thanks again.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

If you are on a Windows computer and decide to protect a file with sensitive data, you can encrypt the file, password protect it or rely on steganography (hiding a file in an image). This technique is especially useful because unless someone knows t…
In this era, as you know, cybercrime and other sorts of frauds using the internet has increased day by day. We should protect our information assets and confidential information from getting exploiting by the attacker or intruders. Most of the fraud…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now