Inbound Connection To Active Transfer Server via SFTP Public Key authentication

Hi Experts,
I am trying to understand if it is possible to setup an incoming connection to Active Transfer Server via SFTP Public Key(i.e. installing public key on our AT Server). I was checking all the possible option(Port, Virtual Folder etc) and found that everywhere in MFT they have option only to provide the path of Private Key(or username/password combination). Can anyone please suggest if I am missing anything.

Hi Saurav,

For SSH public key ‘authentication’, server uses the public keys of its client to authenticate.
And client need to use private keys.
More details here: RFC 4252 - The Secure Shell (SSH) Authentication Protocol

Server’s public key cannot be used for authenticating the client.
So VFS(client) cannot be configured to connect just using the username and partner’s public keys.

If partners site has shared a public key, that is not for client authentication but should be for host key verification.
Would you please confirm this?

Thanks,
Bhaskar

SSH Key-Based Authentication on webMethods Active Transfer - DZone Security may have useful info.

1 Like

Hi Saurav,

The link in reamon’s reply above will help you setup SSH key auth on the Active Transfer at port level for all users.
To configure SSH public key for a particular user, go to AdministrationIntegrationManaged File TransferUser ManagementUsers.
Select the individual user and go to Restrictions tab. At the bottom, there is an option to provide path to the public keys for that user.

1 Like