I suppose that answer is "No" but I need somebody clever and wise to confirm it.
We have a SFTP server (host) and use .ppk private key to connect to it from another server (guest). The first (host) SFTP server does not support openSSH format. But now we need to use a cloud solution instead of the second (guest) server and it does not support .ppk key format. I can convert it to .pem format. But will it fit to its old public key that is saved on the SFTP server?
Thank you in advance.
Not a problem to convert the key format, but I don't understand if I can use public and private key when they are in different formats.
Related
Why is there a SMTP/HTTP Protocol? I mean, why can't we use (or extend) the existing SSH protocol? Wouldn't using SSH also eliminate the need for a paid key?
Or, perhaps another why to frame this question is why do we need yet another encryption scheme?
There are different protocols for different purposes. What I'm hearing here really is 'why do we need to pay for an SSL certificate in HTTPS but not SSH'.
The reason for this is as follows:
When you first connect to a SSH server, you as the person logging in are asked to validate the public key. Do you read it and recognize the code before you accept it?
Imagine if this were needed the first time you connect to any HTTPS server. We can't ask users to validate every public key manually. How would they recognize what a public key is the correct one?
We solve this by relying on other authorities to validate the keys. These authorities don't just sell SSL certificate, their product really is validating that the person owning the domain is the one encrypting it.
So you can totally generate your own self-signed SSL certificates, but browsers won't recognize these by default. Browsers and operating system have a database of certificates they trust.
Anyway, these days you no longer need to pay for a certificate. LetsEncrypt gives them away for free.
We are sending some date from one system to another system (outside network). The data will be transferred over SFTP. Some the data is sensitive.
I was told that since we are sending it over SFTP, we don't need to encrypt the data. As per my understanding even if we are sending data over SFTP, we should encrypt it.
I want to know if it's true that we don't need to encrypt data if we are sending over SFTP?
SFTP uses SSH as the underlying protocol. SSH handles encryption for you. Provided the SSH connection is secured well (e.g. using a private key) and you trust the system you are communicating with, you don't need to implement any further encryption.
To make a long story short, a former developer have setup a database(MongoDB) at Amazon Web Services(AWS), through EC2. Now to the problem, all I have got thus far is the information in the previous sentence as well as a .PEM file, and I would like to access the database through R, is that possible?
Sorry that I don’t have more information at the moment, but I just have no idea where to start.
If you have the PEM file you can follow the directions to access the instance here. Now this assumes the instance has a public ip address that is internet reachable with port 22 open.
If it does not you'll need a vpn setup to reach the private instances.
If you do not have the PEM file you'll need to re-create instance by snapshotting it and creating a new instances based off of that snapshot, with a PEM key you do have access to. Here is the AWS documentation on that process
I got the connection details of a SFTP server, connected to it with FileZilla, and then successfully downloaded a file from that SFTP.
The only details I had was host, port, user and pass.
Now I'm trying to connect to this same server trough WinSCP .NET assembly (C#)
using(Session session = new WinSCP.Session()) {
session.Open(new SessionOptions() {
Protocol = Protocol.,
HostName = "ftp.*********.be",
UserName ="*****",
Password ="*****"
});
TransferOptions transferOptions = new TransferOptions();
transferOptions.TransferMode = WinSCP.TransferMode.Binary;
TransferOperationResult transferResult;
transferResult = session.GetFiles("/downld/fileonserver.dbf",#"c:\testfolder\localfilename.dbf", false, transferOptions);
Whatever I try here it keeps asking for a key for SSH, but I don't have that key, I generated a 128 bit RSA key somewhere online and put it in the session options like:
SshHostKeyFingerprint = "ssh-rsa 1024 82:09:12:b4:93:92:3a:61:10:90:61:12:b4:XX:XX:XX"
But this just tells me that key is invalid.
I kind of figured out that I maybe need the public/private SSH key from the server to get this to work but I sadly don't have access to this server.
Since FileZilla can connect to it without me entering any KEYS, why can't my C# program do the same?
I'm not an expert when it comes to security related stuff, so please point me in the right direction. I found this thread but I don't have access to .ssh folder on the FTP server and I don't really get where they are going with this.
You are confusing the SSH server public host key verification with the client public key authentication. These are two completely different things. This first involves the public key of the server, while the latter involves your account public key.
Read about SSH Key Pairs to learn the difference.
FileZilla cannot connect without verifying the server's public host key either. On the first connection it always prompts you to accept the key. Once you do, it optionally caches the key and won't prompt you again, unless the key changes.
You have probably forgotten that you got this prompt before or someone else connected to the server before from your machine.
Any SSH (SFTP) client must do the same. You are losing any security had you not verified your server's host key.
You should get the host key fingerprint from your server administrator.
If you had not, you can see it on WinSCP Server and Protocol information dialog.
For details see WinSCP FAQ Where do I get SSH host key fingerprint to authorize the server?
I solved this by just copying the SSH key returned to my FileZilla client into my C# app. I don't know if this is the right thing to do, but at least it got my solution working now.
It was also an SSH-DSS key 2048 key instead of an SSH-RSA 1024, and that's why messing around with the keys kept failing I guess.
Recently all our testing machines have been moved to a secured shell network. As a result, ip addresses of all these machines has now been changed and we have to access these machines using SSH protocol now onwards.
However, I am not able to access any target machine which is also enabled for SSH using "remsh" to perform some task.
I have checked the existence of ".rhosts" file and and entry of the target machine's ip entry into "/etc/hosts" file.
Kindly let me know if I need to change/look any where else to make remsh work?
Remsh, rlogin, rsh, and rcp are not a secure systems as information is sent as plain text between the machines and because the hosts verification is not done with secret keys but is host-based and can be forged. I would think that you have changed to ssh precisely for these reasons.
Luckily you can do all the same things using ssh. For example, after configuring the machines to use public & private key pairs, you can run commmands on remote machine automatically (by supplying password or using passwordless keys):
ssh user#remotehost command-to-be-run
If you haven't used ssh much earlier, there are a lot of things to learn, but isn't that fun? As a result you will also know how to do state of the art secure connections. You will want to learn especially about public key authentication.
There are lots of tutorials on the Internet how to create and use keys and use ssh. http://www.olearycomputers.com/ll/ssh_guide.html seems like a good starting point. https://engineering.purdue.edu/ECN/Support/KB/Docs/SSHReplacingRhosts discusses specifically replacing .rhosts authentication with a key pair.