Public key authentication

SSH, SCP, and SFTP adapters can use public-key-based authentication when servicing adapter requests. This feature is an alternative to password-based authentication. To use public key authentication, define the file location of the SSH key file and an associated pass phrase. The following table describes optional elements that you can use for the adapter configuration and dynamic targets in the adapter requests.

The default authentication method is password-based; if a <password> element is present in an adapter configuration or the dynamic target node of an adapter request, password authentication is used, regardless of the presence of <private-key-file> and <pass-phrase> elements. If the <password> element is omitted, the <private-key-file> and <pass-phrase> elements are used.


 Optional elements for public key authentication

The following figure shows an XML sample using the optional elements for public key authentication.

XML sample of public key authentication optional elements

...
<target>
<host>test.target1.com</host>
<port>22</port>
<user-name>user1</user-name>
<private-key-file>/usr/home/user1/.ssh/id_dsa<private-key-file>
<pass-phrase encryption-type="Base64">cGFzcyBwaHJhc2U=</pass-phrase>
<prompt>user1$</prompt>
<known-hosts-config>/path/to/known_hosts</known-hosts-config>
<allow-unknown-hosts>false</allow-unknown-hosts>
<preferred-pk-algorithm>ssh-dss</preferred-pk-algorithm>
</target>
...

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*