Connect to SFTP Server with SSH/Public Key Authentication from MuleSoft SFTP Connector
This article gives high-level overview of SSH/Public Key Authentication for SFTP connection, how to create a key’s and how to use that key’s to establish the SFTP connectivity from MuleSoft.
What is Public Key Authentication?
SFTP provides an alternative method for SSH client authentication, it’s called SFTP public key authentication. This method allows user to login to your server without entering a password authentication. Idea of using public key authentication over simple password is to enhance the security.
- Public Key — Authorized keys are public keys that grant access. They are lock that corresponding private key can open.
- Private Key — Identity keys are private key that client uses to authenticate itself when logging into Server.
- Passphrase — A password generally refers to a secret used to protect an encryption key.
Now we know what the Public Key Authentication is, let’s see how to generate the keys.
There are two ways to acquire the key’s —
- SFTP Server owner will provide the username, private key and passphrase for authentication.
2. Or Client can generate the key pair and provide the public key to SFTP server owner.
How to Generate Private and Public Key’s
If you are doing this activity in windows, please install git bash.
- Open git bash and execute below command -
$ ssh-keygen -t rsa -b 3072Output —
Generating public/private rsa key pair.
Enter file in which to save the key (/c/Users/..../.ssh/id_rsa): mulesftptest
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in mulesftptest
Your public key has been saved in mulesftptest.pub
The key fingerprint is:
SHA256:X5YKyw1kRWRgv2********************** *******
The key's randomart image is:
+---[RSA 3072]----+
| o+= |
| . + |
| o . |
| o . . |
| S o *. . |
| o X B o=+.|
| . o..* = =.*=o|
| o o=. . ++oo|
| .++E. .*+|- Once the command executed successfully, you will find keys under .../users/{loggedInUser} folder.
→ Private Key — mulesftptest
→ Public Key — mulesftptest.pub
It is recommended that always use passphrase to the private key.
- Configure the private key in your code.
- Share the public key with SFTP server owner.
Now we have the key’s, let’s see how to configure those keys in Server and MuleSoft code.
Configure Public Key on Server
For this article purpose, I have created an AWS EC2 instance to explain how to configure public key on the server. If you are interested to understand how to create an EC2 instance, then refer — https://medium.com/@vicksjujarao/create-ec2-instance-in-aws-7e7fb546723b
- Once you are logged in to Server go to users folder and locate .ssh folder.
- Go inside .ssh folder and look for authorized_keys file. Open the file and add the public key in authorized_keys file.
$ vi authorized_keys
- Once you have added the key then save the changes and close the file.
Note —
→ In file you may find multiple key’s don’t touch other key’s just add your key to the new line.
→ If .ssh folder and authorize_keys file is not present then create it.
Configure the Private Key in MuleSoft SFTP Connector
- Place private key under resource folder
- Add required configuration to SFTP connector.
- Host
- Port
- Username
- Identity File Path (private key)
- Key Passphrase
Note — you can’t use private key directly in MuleSoft, if you use it then MuleSoft will throw below error.
- To fix this error, convert the key to open SSH key format using puttyGen as shown below -
Load the Key and Convert to open SSH format.
- Test the application in debug mode.
- Here we can see, we have listed down the files successfully from the EC2 instance, just to cross verify let’s check the available files in that directory on the EC2 instance.
Summary
In this article we have learned about, what is Public Key Authentication and how to implement same in the MuleSoft.
