SFTP authentication with private SSH key
Hi, SCP/SFTP connection setup offers either password or public (DSS-global) SSH key authentication. Is there a way to set up private SSH key authentication ?
Operating system used: Windows 10
Answers
-
Miguel Angel Dataiker, Dataiku DSS Core Designer, Dataiku DSS ML Practitioner, Dataiku DSS Adv Designer, Registered Posts: 118 Dataiker
There is no private SSH key authentication. SSH key authentication needs both a private and public key. A server with a public key can be accessed through SSH by any host who presents the complimentary private key.
What the SCP/SFTP connection is asking you in the "Use public key authentication" option is whether you want to use the key authentication method instead of using a password.
-
Thanks. Well, the public key is stored at the SFTP host. I have the host address, user name, and private key.
AKA: pysftp.Connection(host="hostname", username="username", private_key="privatekey")
Is there a way how to set it up in the DSS connection definition ?
-
Turribeach Dataiku DSS Core Designer, Neuron, Dataiku DSS Adv Designer, Registered, Neuron 2023 Posts: 2,111 Neuron
Yes, just create an SCP/SFTP connection (New Connection, scroll down under the File Based section). Select the "Use public key authentication" option and on Path From point to your Private Key file.
-
Thanks for your advice, but the hint at the "Path from" field points to st. different: "Optional. Limit accesses on this connection to the contents of this folder".
In case that the path to the file with SSH private key can be specified there as you write, where is the root for the path ?
-
@Filip_Pejsa
I confirmed with our field engineering team that the functionality is supported, and it will use the keys for the service account running DSS in $HOME/.sshFor more information, this documentation should answer your questions: https://doc.dataiku.com/dss/latest/connecting/scp-sftp.html?highlight=sftp#ssh-connection-parameters
-
We have explained at Aur-18 Merck - Dataiku Field Engg. Office Hours that only a single SSH authentication per DSS instance is supported. For support of per connection SSH authentication setup, a feature request will be raised.
-
Turribeach Dataiku DSS Core Designer, Neuron, Dataiku DSS Adv Designer, Registered, Neuron 2023 Posts: 2,111 Neuron
You can always use a Shell Script recipe and pass custom SSH keys to the sftp command. BTW scp is way faster than sftp so you should probably use scp instead of sftp unless you need the extra functionality sftp has.