Setting up SSH Key/Certificate Authentication in TIBCO MFT Internet Server
Article ID: KB0071628
Updated On:
| Products | Versions |
|---|---|
| TIBCO Managed File Transfer Internet Server | All |
Description
This article describes the steps to set up SSH Key/Certificate Authentication for both a SSH client connecting to a MFT Internet Server and for a MFT Internet Server Client connecting to a SSH server.
Issue/Introduction
How to set up SSH Key/Certificate Authentication in TIBCO MFT Internet Server
Environment
All supported environments
Resolution
SSH Client connecting to MFT SSH Server
1. Add SSH public key provided by partner:
- Navigate to Management > Protocol Keys > Public Keys > Add Key
Note, for versions prior to 8.4.x navigate to Administration > Protocol Keys > Public Keys > Add Key
- Set Public Key Type to "SSH Public Key"
- Set Apply key to "User"
- Select User from drop down list
- Set Status to "Enabled"
- Paste the key value in the field below
- Click continue and continue again on the following screen
2. Set the Authentication Option Globally or override the global setting at the User level:
Globally:
- Navigate to Configuration -> System Configuration
Note, for versions prior to 8.4.x navigate to Administration -> System Configuration
- Under SSH Settings set SSH Client Authentication Method to "Key/Certificate Only", "Key/Certificate or Password", or "Key/Certificate and Password"
- Click Update
User level:
- Navigate to Partners -> Users -> Manage Users
Note, for versions prior to 8.4.x navigate to Users -> Manage Users
- Select the user
- Under Authentication Options set SSH Client Authentication Method to "Key/Certificate Only", "Key/Certificate or Password", or "Key/Certificate and Password"
- Click Update
MFT SSH Client connecting to SSH Server
1. Create an SSH System Key
2. Associate the newly created SSH System Key with the SSH Server definition:
- Navigate to Partners -> Servers -> Manage Servers
Note, for versions prior to 8.4.x navigate to Servers -> Manage Servers
- Under SSH Options set SSH System Key from the drop down list
3. Provide the Public key from the SSH System key to the SSH Partner Server and have them associate this key with the incoming user
1. Add SSH public key provided by partner:
- Navigate to Management > Protocol Keys > Public Keys > Add Key
Note, for versions prior to 8.4.x navigate to Administration > Protocol Keys > Public Keys > Add Key
- Set Public Key Type to "SSH Public Key"
- Set Apply key to "User"
- Select User from drop down list
- Set Status to "Enabled"
- Paste the key value in the field below
- Click continue and continue again on the following screen
2. Set the Authentication Option Globally or override the global setting at the User level:
Globally:
- Navigate to Configuration -> System Configuration
Note, for versions prior to 8.4.x navigate to Administration -> System Configuration
- Under SSH Settings set SSH Client Authentication Method to "Key/Certificate Only", "Key/Certificate or Password", or "Key/Certificate and Password"
- Click Update
User level:
- Navigate to Partners -> Users -> Manage Users
Note, for versions prior to 8.4.x navigate to Users -> Manage Users
- Select the user
- Under Authentication Options set SSH Client Authentication Method to "Key/Certificate Only", "Key/Certificate or Password", or "Key/Certificate and Password"
- Click Update
MFT SSH Client connecting to SSH Server
1. Create an SSH System Key
2. Associate the newly created SSH System Key with the SSH Server definition:
- Navigate to Partners -> Servers -> Manage Servers
Note, for versions prior to 8.4.x navigate to Servers -> Manage Servers
- Under SSH Options set SSH System Key from the drop down list
3. Provide the Public key from the SSH System key to the SSH Partner Server and have them associate this key with the incoming user
Feedback
Yes
No
Powered by
