Public key authentication

SSH, SCP, and SFTP adapters can use public-key-based authentication when servicing adapter requests. This feature is an alternative to password-based authentication. To use public key authentication, define the file location of the SSH key file and an associated pass phrase. The following table describes optional elements that you can use for the adapter configuration and dynamic targets in the adapter requests.

The default authentication method is password-based; if a <password> element is present in an adapter configuration or the dynamic target node of an adapter request, password authentication is used, regardless of the presence of <private-key-file> and <pass-phrase> elements. If the <password> element is omitted, the <private-key-file> and <pass-phrase> elements are used.

Optional elements for public key authentication

Element	Description
`<private-key-file>`	Identifies the path and the file name for the local SSH key file This file is used when performing public key authentication. This path and file must exist on the peer servicing the adapter request.
`<pass-phrase>`	Identifies the pass phrase that protects the private key file This element can contain an `encryption-type` attribute to indicate whether the pass phrase provided is encrypted. Valid values (encryption type): Base64, Plain (default) (unencrypted)

The following figure shows an XML sample using the optional elements for public key authentication.

XML sample of public key authentication optional elements

...
<target>
 <host>test.target1.com</host>
 <port>22</port>
 <user-name>user1</user-name>
 <private-key-file>/usr/home/user1/.ssh/id_dsa<private-key-file>
 <pass-phrase encryption-type="Base64">cGFzcyBwaHJhc2U=</pass-phrase>
 <prompt>user1$</prompt>
 <known-hosts-config>/path/to/known_hosts</known-hosts-config>
 <allow-unknown-hosts>false</allow-unknown-hosts>
 <preferred-pk-algorithm>ssh-dss</preferred-pk-algorithm>
</target>
...

Public key authentication

Comments