SFTP – Private/Public Authentication Keysets Beyond The First Set
I’m new to SFTP and using this mailing list was able to successfully create my first Private/Public keyset for a vendor hosting the SFTP server (I’m the client). I created the keyset by typing this:
# ssh-keygen -t rsa
When asked for the password/passphrase I hit
and “id_rsa.pub” were created in “/root/.ssh/”. I provided “id_rsa.pub” to the vendor and when told they were ready I initiated an SFTP transfer. During the first connection I was asked for the vendor-provided password and after entering it was successfully connected to the vendor’s sftp server. During successive connections I was not again asked for the password. This allowed me to create fully automated batch file transfers.my objective. Setting up my second vendor is not going as smoothly.
I did exactly the same thing for my second vendor with the exception of typing “rsa_vendor2” during keyset generation (I assumed I had to use a different name for the new keyset).
# ssh-keygen -t rsa_vendor2
Files “id_rsa_vendor2” and “id_rsa_vendor2.pub” were created in
“/root/.ssh/” and I gave “id_rsa_vendor2.pub” to the second vendor. I
initiated the first connection with the second vendor and was asked for the vendor-provided password which I entered and a successful connection was made. The problem is unlike with the first vendor I am asked for the password every time I connect to the second vendor’s server. Because I am being asked for the password I am unable to create fully automated batch file transfers.
The second vendor is telling me they added the public key to their server as required. Did I miss a step or do something wrong on my end? Was I correct using a different name for the new keyset or would the new keyset information have been appended to the information already in id_rsa and id_rsa.pub for the first vendor?
Any help you can provide will be greatly appreciated.
9 thoughts on - SFTP – Private/Public Authentication Keysets Beyond The First Set
Are using the -i flag in your invocation of sftp to the second vendor?
From the sftp man page:
-i identity_file
Selects the file from which the identity (private key) for public key authentication is read. This option
is directly passed to ssh(1).
Thanks for responding so quickly! No but I will try. Are you saying the first vendor connection worked because id_rsa and id_rsa.pub are the defaults if not specified? (I didn’t use the -i flag for the first vendor.)
—–Original Message—
In my experience – Yes.
To expand on my response – generally there is system wide default ssh_config file in
/etc/ssh/ssh_config
and by default:
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
Thank You Sir! The vendor is working on this as well and I believe may have just changed the password. The one I was using is no longer working (it worked a few minutes ago). I’ll update you later on my progress.
—–Original Message—
Inclusion of the -i flag and the location of the private key solved the problem.
Thanks Steve!
—–Original Message—
You really don’t need multiple ppk pairs for different hosts. One for all is what I do. As long as you keep the private key private you only need distribute the one public key every where you need secure identification.
Mike
You can also set up a personalised SSH config file in the ~/.ssh directory of the user employed to establish the sftp/ssh connections:
#BOF
# /home/myuser/.ssh/config
# Host parameter is any arbitrary string.
# sftp remoteuserid@first.site.com =Host site1
HostName first.site.com
User remoteuserid
IdentityFile /home/myuser/.ssh/id_rsa
# sftp otheruserid@second.other.com =Host site2
HostName second.other.com
User otheruserid
IdentityFile /home/myuser/.ssh/rsa_vendor2
#EOF
Then just run ‘sftp site1’ or ‘sftp site2’ to connect as required.
You really don’t need multiple ppk pairs for different hosts. One for all is what I do. As long as you keep the private key private you only need distribute the one public key every where you need secure identification.
Mike
——————————————–