SAP Netweaver PI based SFTP Adapters
The following sections briefly describe the steps to create SSH key pairs which can be used as an alternative for password based authention. It also includes steps to create keys from NWA key storage and verifying key based authentication. It mainly focuses on creating SSH keys from PKCS12 Key. It does not use PuTTY utilities.
Company: SAP Labs
Created on: 30-Dec-2011
Sivasubramaniam Arunachalam is a senior developer at SAP Labs (Technology Innovation Platform). He is currently occupied with PI 7.31 development/maintenace activities. Since Sivasubramaniam joined SAP Labs in July 2010, he has developed new features in several adapters/areas including File, JDBC, IDoc, SOAP/XI, HTTP, JPR, B2B(RNIF 1.1/2.0, CIDX & PIDX) Adapters, XML Validation and Mapping Runtime. Currently, he is the component responsible for File, JDBC, B2B Adapters and XML Validation and takes care of all new development, enhancement and maintenance activities.
Table of Contents
- Open SSL Utility
- SSH Key Generator
Keys to be Generated
- Private Key (PKCS 12)
- Private Key (PEM)
- Public Key (OpenSSH Format)
Use NWA Key Storage to Create PKCS12 Key
- Open NWA Key Storage and Add a View "SFTP_TEST"
- Click on 'Create' button under 'Key Storage View Details' Section -> 'Entries' Tab
- Provide Entry Name as 'sftp_key'
- Fill the 'Subject Properties' and click on 'Finish'
- Verify the key properties and Click on 'Export Entry'
- Select 'PKCS#12 Key Pair' as a export format and enter the password then click on 'Generate'
- Save it as 'sftp_key.p12'
Use OpenSSL to generate PEM Key
- Generate PEM Key using OpenSSL
- Generate SSH Private Key using OpenSSL
Use SSH Key Generator to generate SSH Public Key
- ssh-keygen can be used to generate SSH Public Key instead of PuTTY Key Generator
- Copy the private key to client system's home directory
- Transfer the public key to SSH server via SFTP
- Login to SSH Server and Verify the permission of the transferred file
- Change the permission to 400
- Add the public key to authorized_keys and verify the access permissions
- Login to SSH Server. It should connect without prompting for password