Posted: 1 Feb 2018 8:54 EST Last activity: 6 Feb 2018 12:47 EST
How to create sFTP Server instance using only username and public id
I've been facing some issues with creating a sFTP server data instance. Currently, I have the host name, username and public key for the server.
a) I created FTP server data instance using hostname and created an authentication profile using username. Can anybody please tell me how and where to mention the public key for server. Do I have to mention my own client side public key as well somewhere?
b) In Pega help it says,
"Truststore – Provide the SSH public key of your FTP server in a Truststore record to restrict connectivity to this known host."
As per my understanding we should be able to restrict connectivity since we're already providing host name. So, Isn't a host name sufficient for uniquely identifying hosts? I think public key of the server is necessary for encrypting sent files but how will it help in restricting connectivity?
As this is SFTP, you should have your personal (client) key for the user that you are connecting as. This needs to be wrapped in a Keystore record, with the name of that record provided in the "Keystore" field ("client key" in later versions of Pega 7).
Using the server's public key is optional. As the help says, providing the server's key in the Truststore field will block connections to servers that do not provide that public key. (In recent versions of Pega 7, this field's label has been repaired, and now says "Server key." An example of why you may use it: if there's a "man in the middle" who redirects your traffic to his own server which has a different public key, the mismatch with the server key provided on the Pega side will prevent you from sending him your files.