How to SFTP via Policies Using a Host Key

book

Article ID: 140099

calendar_today

Updated On:

Products

CA API Gateway API SECURITY STARTER PACK-7

Issue/Introduction

The Route via SSH2 assertion offers the option to validate a remote server's host key, by using the public key assigned to the user who will be accessing the remote server.

The steps below are for an appliance gateway. 

Environment

API Gateway 9.3+

Resolution

1. Login to the gateway

2. Select option 3 - enter the password

3. Run command: su ssgconfig

4. Navigate to the /usr/bin directory

5. Run command: ssh-keygen

   > Accept the default file location

   > If the file exists, overwrite it

   > Enter the password that is used by the ssgconfig user

6. Run command: ssh-copy-id [email protected]

   > You can use the IP address or FQDN

7. Confirm that you want to continue connecting

8. Enter the password for the ssgconfig user

9. Copy the RSA key fingerprint (don't include the period at the end)

    The authenticity of host '[email protected] (127.0.0.1)' can't be established.

    RSA key fingerprint is 54:xx:dc:b8:xx:c6:xx:5e:be:xx:bc:ff:xx:ab:ec:xx.

10. Open the Route via SSH2 assertion - check the 'Validate Server's Host Key' checkbox - click [Manage Host Key]

11. Paste the fingerprint in the text box

     > Alternatively, you can paste the fingerprint in a file and use the [Load From File] option