Versions Compared

Version Old Version 3 New Version 4
Changes made by

Former user

Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Server Identification

  • Attributes

  • Authentication

  • Server Keys
     

Server Identification

The DX200 agent uses a file with known host keys to validate the server identity during connection setup. The location and naming of this file is managed through the property:

...

For unlimited strength cryptography on the Oracle JRE, download the JCE Unlimited Strength Juris- diction Policy Files from http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html. Replace the jar files in $JAVA_HOME/jre/lib/security with the files in this package. The OpenJDK JRE does not require special handling of the JCE policy files for unlimited strength cryptography.


Attributes

DX200 agent support the following SFTP algorithms:

blowfish-cbc, cast128-cbc, twofish192-cbc, twofish256-cbc, twofish128-cbc, aes128-cbc, aes256-cbc, aes192-cbc, 3des-cbc.


Anchor
dx200PrepAuthentication
dx200PrepAuthentication
Authentication

The DX200 agent support authentication through either username/password or private key. Private keys can optionally be protected by a Key password. Most commonly used private key files, can be imported into.

...

ArgumentDescription

keyType

The type of key to be generated. Both RSA and DSA key types are supported.

directoryPath

The directory in which you want to save the generated keys.

Info
titleExample

The private key may be created using the following command line:

Code Block
languagetext
themeEclipse
> ssh-keygen -t rsa -f /tmp/keystore
    Enter passphrase: xxxxxx
    Enter same passphrase again: xxxxxx

Then the following is stated:

Your identification key has been saved in /tmp/keystore
    Your public key has been saved in /tmp/keystore.pub

When the keys are created the private key may be imported to the DX200 agent:

Finally, on the SFTP server host, append /tmp/keystore.pub to $HOME/.ssh/authorized_keys. If the $HOME/.ssh/authorized_keys is not there it must be created.

Server Keys

The SSH protocol uses host verification as protection against attacks where an attacker manages to reroute the TCP connection from the correct server to another machine. Since the password is sent directly over the encrypted connection, it is critical for security that an incorrect public key is not accepted by the client.

The agent uses a file with the known hosts and keys. It will accept the key supplied by the server if either of the following is fulfilled:

  1. The host is previously unknown. In this case the public key will be registered in the file.

  2. The host is known and the public key matches the old data.

  3. The host is known however has a new key and the user has been configured to accept the new key. For further information, see the section Advanced Tab in 9.3132.3 FTP DX200 Agent Configuration.

If the host key changes for some reason, the file will have to be removed (or edited) in order for the new key to be accepted.

...