It is currently 2 August 2021, 0:34 Advanced search

Using SSHKey with SFTP (InDe 18.0)

Questions and answers on how to best use Instant Developer

Using SSHKey with SFTP (InDe 18.0)

Postby ljwilson » 28 April 2018, 18:19

I started a new project this past week which needed to use sftp to securely copy some files back and forth from an InDe app to a Windows 2012 Server running OpenSSH 7.1. I had used sftp last fall in a different project using a username/password and it worked quite well. Since for this application I had control over both sides of the exchange, I wanted to make use of public/private keys so the InDe app did not have to keep up with storing the password.

In the process I discovered that the chilkat libraries included in InDe (at least as of InDe 18.0 r5) are from 2012. As such they are not able to communicate with OpenSSH greater than 6.9 without some configuration changes due to older keys/ciphers being disabled by default on OpenSSH 7.0 and higher.

The changes I had to add to the sshd_config on the OpenSSH server ( put this at the bottom of the sshd_config file):
Code: Select all
#Legacy changes
KexAlgorithms +diffie-hellman-group1-sha1
Ciphers +aes128-cbc
PubkeyAcceptedKeyTypes=+ssh-dss


The key I created for the public/private pair had to be DSA, and not the newer RSA.
References:
https://www.openssh.com/legacy.html
https://superuser.com/questions/1016989/ssh-dsa-keys-no-longer-work-for-password-less-authentication
http://www.openssh.com/txt/release-7.0
https://unix.stackexchange.com/questions/340844/how-to-enable-diffie-hellman-group1-sha1-key-exchange-on-debian-8-0

Also, in the InDe documentation, it mentions using the absolute path for the public key. It should read the absolute path for the private key. An example is:
Code: Select all
this.IDSftp.useSSH = true
this.IDSftp.SSHKey = "C:\\mykeys\\id_dsa"

where id_dsa is the private key. The public key is on the target machine with which the InDe application is communicating. Be sure the private key is readable by the account/user that your InDe application is running under. On Linux this might be the tomcat user; on Windows/IIS the account the Application Pool runs under.

Fortunately I had control over the server side. I will log an improvement request and reference this thread in the hopes of getting the chilkat libraries updated to a more recent version which will support the newer, more secure ssh keys/ciphers.

...jack
ljwilson
 
Posts: 618
Joined: 26 November 2013, 14:15

Re: Using SSHKey with SFTP (InDe 18.0)

Postby d.pierangeli » 26 July 2018, 9:36

Thanks, i've created the activity NPQ03935 for this problem.
User avatar
d.pierangeli
Pro Gamma
Pro Gamma
 
Posts: 7179
Joined: 30 September 2010, 15:35

Re: Using SSHKey with SFTP (InDe 18.0)

Postby ljwilson » 26 July 2018, 11:48

Great, thank you!

I also posted it as an improvement suggestion: PRP000264 (Update Chilkat Libraries to latest version).

...jack
ljwilson
 
Posts: 618
Joined: 26 November 2013, 14:15


Return to Tips & Tricks

Who is online

Users browsing this forum: No registered users and 7 guests

cron