SFTP authentication with private SSH key

Filip_Pejsa
Level 2
SFTP authentication with private SSH key

Hi, SCP/SFTP connection setup offers either password or public (DSS-global) SSH key authentication. Is there a way to set up private SSH key authentication ? 


Operating system used: Windows 10

0 Kudos
7 Replies
MiguelangelC
Dataiker

There is no private SSH key authentication. SSH key authentication needs both a private and public key. A server with a public key can be accessed through SSH by any host who presents the complimentary private key.

What the SCP/SFTP connection is asking you in the "Use public key authentication" option is whether you want to use the key authentication method instead of using a password.

0 Kudos
Filip_Pejsa
Level 2
Author

Thanks. Well, the public key is stored at the SFTP host. I have the host address, user name, and private key.

AKA: pysftp.Connection(host="hostname", username="username", private_key="privatekey")

Is there a way how to set it up in the DSS connection definition ?

0 Kudos
Turribeach

Yes, just create an SCP/SFTP connection (New Connection, scroll down under the File Based section). Select the "Use public key authentication" option and on Path From point to your Private Key file.

Filip_Pejsa
Level 2
Author

Thanks for your advice, but the hint at the "Path from" field points to st. different: "Optional. Limit accesses on this connection to the contents of this folder".

In case that the path to the file with SSH private key can be specified there as you write, where is the root for the path ?

0 Kudos
rajbir
Dataiker

@Filip_Pejsa I confirmed with our field engineering team that the functionality is supported, and it will use the keys for the service account running DSS in $HOME/.ssh

For more information, this documentation should answer your questions: https://doc.dataiku.com/dss/latest/connecting/scp-sftp.html?highlight=sftp#ssh-connection-parameters

Filip_Pejsa
Level 2
Author

We have explained at Aur-18 Merck - Dataiku Field Engg. Office Hours  that only a single SSH authentication per DSS instance is supported. For support of per connection SSH authentication setup, a feature request will be raised.

0 Kudos
Turribeach

You can always use a Shell Script recipe and pass custom SSH keys to the sftp command. BTW scp is way faster than sftp so you should probably use scp instead of sftp unless you need the extra functionality sftp has.

0 Kudos