Author: Saddam Shaikh
In this blog, we will learn how to connect to an SFTP server using public key authentication in MuleSoft.
What is SFTP?
SFTP stands for Secure File Transfer Protocol. It is the successor to File Transfer Protocol (FTP) and built on FTP and includes Secure Shell (SSH) components to provide data security. SFTP protocol is used for transferring large files over the internet securely.
What is Public Key Authentication in SFTP?
SFTP authentication using public/private key pairs is known as SFTP public key authentication. To implement this authentication in SFTP, we need to generate public/private key pairs and assign public key to your SFTP users. Each key pair must be associated with one user only. Once you’ve generated a key pair for a user, you would then place the user’s public key on your SFTP server and share the corresponding private key to the user. The user must keep his private key in a secret place to avoid unauthorized access. Public key authentication can be used in scenarios where we need to use a highly secure authentication method for SFTP server access. Also, we can set up single sign-on (SSO) across multiple SFTP servers for users using public key authentication.
Generate Public/Private key pair:
We can generate the key pair using the ssh-keygen command in Windows. You can refer to the ssh-keygen documentation to generate ssh key pairs.
command: ssh-keygen -t rsa -m PEM
Steps to setup SFTP server on Windows Machine:
1. Go to Settings > Apps > Apps & features > Optional features and click on Add a feature.
2. Search “OpenSSH server” feature and select Install. Binaries are installed to %WINDIR%\System32\OpenSSH.
3. Go to Control Panel > System and Security > Administrative Tools and open Services. Locate OpenSSH Authentication Agent and OpenSSH SSH Server service and right-click and start both services.
4. Setting up SSH public key authentication.
- Create the .ssh folder (for the authorized_keys file) in your Windows user profile folder (typically in C:\Users\username\.ssh).
- Create authorized_keys file and add a public key to it.
- Go to “%ProgramData%\ssh” directory and open sshd_config file to set SFTP user root directory using the ChrootDirectory parameter and enable public key authentication by setting PubkeyAuthentication to yes.
We have completed the SFTP configuration part on windows. Let’s start with the MuleSoft configuration.
1. Download the SFTP connector from Exchange. I am using the 1.4.0 SFTP connector version.
2. Add ‘SFTP Config’ in Global Elements and configure the below fields:
Working Directory: directory to be considered as the root of every relative path used with this connector
Host: SFTP server hostname
Username: SFTP user’s username
Identity file: private key of SFTP user
Passphrase: private key password
3. Click on Test Connection.
4. Create mule flow using this configuration in “On New or Updated File” and check whether you are able to receive events if files are created/updated/deleted in the SFTP folder.
I hope you find this article helpful. Thanks for reading it.