Topic

Connecting to SFTP from Linux in Everbridge Suite.

Description

This document describes how to connect to SFTP from Linux and assumes familiarity with basic Linux commands and conventions.

NOTE: Unlike the instructions that you can download for WinSCP, there is no need to convert the key file for use from a Linux host. the firstSince the key is generated on a Linux host (Everbridge’s server), it’s already in the correct format.

Configure the Key

1. Authenticate using a public or private key

To authenticate using a public key, please see knowledge base article EBS: Authenticating Using a Public Key for SFTP in Everbridge Suite.

To authenticate using a private key, please see knowledge base article EBS: Authenticating Using a Private Key for SFTP in Everbridge Suite.

2. Save the key file on the Linux host in

$HOME/.ssh/[name+of+keyfile].key

3. Your .ssh directory is automatically created when you use the sftp command for the first time. If you have never used sftp before under this user account please create the directory first using:

$ mkdir $HOME/.ssh && chmod 700 $HOME/.ssh

     

4. Next, you need to ensure the permissions on the key file are correct. Incorrect permissions (e.g. group or world readable) will give you an error like this when attempting to connect:

Permissions 0644 for '/home/[user]/.ssh/keyfile' are too open.
It is recommended that your private key files are NOT accessible by others.

This private key will be ignored.
bad permissions: ignore key: /home/[user]/.ssh/keyfile

5. To apply the correct permissions to the key file, use this command:

The key file should look like this once you have fixed the permissions

      

Next, set up an ssh config file with the configuration for the Everbridge SFTP host.

6. Create a new file (or edit it if the file already exists) called

$HOME/.ssh/config

7. In the config file, enter the following block of text, replacing the User placeholder and the actual name of your key file. Save the file when you are done.

Host everbridge
        User [Your EB Org ID]
        HostName sftp-us.everbridge.net
        IdentityFile ~/.ssh/[name+of+keyfile].key

8. To connect to the Everbridge SFTP server, all you need to do is reference the config section by the alias you defined (the alias in the above example is “everbridge” on the first line).

$ sftp everbridge

9. If for some reason, the client cannot or will notset up an ssh config file, you can always pass the ssh config parameters along with the command line.

$ sftp -oIdentityFile=$HOME/.ssh/[name+of+keyfile].key [org ID]@sftp-us.everbridge.net

The First Time You Connect

The very first time you connect to the Everbridge SFTP server, you will be asked to confirm that you want to continue connecting to an unknown host.

     

The host’s signature will be added to

$HOME/.ssh/known_hosts

This file will be created automatically if it does not exist.

Adding a Passphrase to the Key File

While using a key file for authentication removes the need for a password, some clients may still wish for an extra layer of security. In that case, a passphrase can be added on to the key file. Think of a passphrase as a password to “open” the key file for use in the SFTP connection.

To do this, use the ssh-keygen command with the –p and –f flags.

If you ever need to remove the passphrase from the key file, use the same command as before. The difference here is that you must first enter the passphrase, then just hit enter twice to specify no passphrase.