SSH - Specific Clients - OpenSSH Windows

Preparation

This guide assumes you have already installed a copy of OpenSSH for Windows.

If you have not already installed OpenSSH for Windows, be sure to UNCHECK the Server box on the Choose Components section during the installation of this client.

Instructions

1. Select or CREATE a directory where the OpenSSH known_hosts and key files will be located (\Program Files\OpenSSH\bin\ssh is a good choice). We will refer to this directory as SSHDIR throughout this guide. When referenced in a command, be sure to substitute in your value.
2. Open a command-prompt, navigate to the \Program Files\OpenSSH\bin directory, and execute the following command:

   sftp -oUserKnownHostsFile=SSHDIR\known_hosts user@host

   This will come back with a warning that the host is not known. Enter yes to the question. This will add the host's key to the known_hosts file. Then, simply press CONTROL+C to leave the application. Example:

   C:\Program Files\OpenSSH\bin>sftp -oUserKnownHostsFile=C:\Progra~1\OpenSSH\bin\ssh\known_hosts sshkeyboy@dotnet.corp.stdnet.com

   Connecting to dotnet.corp.stdnet.com... The authenticity of host 'dotnet.corp.stdnet.com (192.168.3.15)' can't be established. RSA key fingerprint is ce:08:6f:28:87:b6:50:f4:84:e5:37:c2:68:89:33:2a. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'dotnet.corp.stdnet.com,192.168.3.15' (DSA) to the list of known hosts. sshkeyboy@dotnet.corp.stdnet.com's password:

   (CONTROL+C)

   C:\Program Files\OpenSSH\bin>

3. Execute the following command:

   ssh-keygen -t rsa

   When asked to enter a file to save the key in, use this value:

   SSHDIR\id_rsa

   When asked for a password, simply hit enter (and again when asked to confirm). This will create an RSA key which will be used to authenticate to the server. The ssh-keygen program should give the key files their correct permissions automatically. Example:

   C:\Program Files\OpenSSH\bin>ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (P7

   quot;/.ssh/id_rsa): c:\progra~1\OpenSSH\bin\ssh\id_rsa Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in c:\progra~1\OpenSSH\bin\ssh\id_rsa. Your public key has been saved in c:\progra~1\OpenSSH\bin\ssh\id_rsa.pub. The key fingerprint is: 44:a8:8c:88:3f:3f:91:8a:16:07:e4:c6:4a:6e:b8:df xxxx@jglshuttle

   C:\Program Files\OpenSSH\bin>

4. Execute the following command:

   sftp -oUserKnownHostsFile=SSHDIR\known_hosts -oIdentityFile=SSHDIR\id_rsa user@host

   This will come back asking for the user's password. Simply Control-C out of the program at this point. Example:

   C:\Program Files\OpenSSH\bin>sftp -oUserKnownHostsFile=c:\progra~1\OpenSSH\bin\ssh\known_hosts -oIdentityFile=c:\progra~1\OpenSSH\bin\ssh\id_rsa sshkeyboy@dotnet.corp.stdnet.com Connecting to dotnet.corp.stdnet.com... sshkeyboy@dotnet.corp.stdnet.com's password:

   (CONTROL+C)

   C:\Program Files\OpenSSH\bin>

5. The new key's fingerprint should now be logged on the MOVEit Transfer host. Log on through the web interface as an administrator, click up the user's profile, go into the user's SSH policy, and ACCEPT the SSH key from the client key holding tank. (The key fingerprint is circled in RED in the image below.)

   

   Open the user's profile and under User Authentication > SSH Policy > Current SSH Keys, add this fingerprint. A properly configured user will have a profile similar to the following:

   

   

6. You should now be able to automatically connect to the MOVEit Transfer host via SFTP using the following command:

   sftp -oUserKnownHostsFile=SSHDIR\known_hosts -oIdentityFile=SSHDIR\id_rsa user@host

   Example:

   C:\Program Files\OpenSSH\bin>sftp -oUserKnownHostsFile=c:\progra~1\OpenSSH\bin\ssh\known_hosts -oIdentityFile=c:\progra~1\OpenSSH\bin\ssh\id_rsa sshkeyboy@dotnet.corp.stdnet.com Connecting to dotnet.corp.stdnet.com... sftp> pwd Remote working directory: /Home/SSH Key Boy sftp> cd .. sftp> cd .. sftp> dir Distribution Home WebPost sftp>

7. To use SFTP in an automated setting, use the -b command-line option to supply SFTP with a list of commands to be issued. Example:

   C:\>type sftp_commands.txt cd /Home/Steve put certreq.txt dir quit

   C:\>c:\progra~1\openssh\bin\sftp -oUserKnownHostsFile=c:\progra~1\openssh\bin\ssh\known_hosts -oIdentityFile=c:\progra~1\openssh\bin\ssh\id_rsa -b sftp_commands.txt steve@dotnet.corp.stdnet.com Connecting to dotnet.corp.stdnet.com... sftp> cd /Home/Steve sftp> put certreq.txt Uploading certreq.txt to /Home/Steve/certreq.txt sftp> dir DecSet_6858908.exe MIFreelyInst_9971297.exe brain_1731860.wav certreq_1140952.txt decryptedFile_5848271.dat dmz_backups_2157003.html webpost_bundle_4594384.xml sftp> quit