EBS: How to Connect to SFTP from Linux in Everbridge Suite

SFTP and Linux

This document describes how to connect to SFTP from Linux and assumes familiarity with basic Linux commands and conventions.

NOTE: Unlike the instructions that you can download for WinSCP, there is no need to convert the key file for use from a Linux host. Since the key is generated on a Linux host (Everbridge’s server), it’s already in the correct format.

Obtaining the Private Key

**Please note: NEVER, EVER, EVER, send an org’s private key over an unencrypted communication channel such as email. Doing so breaks the “chain of custody” so to speak and most clients would consider that key compromised.**
 
  1. The key is available under Settings > Contacts and Groups or Contacts/Assets > Security.
        User-added image
  1. If for some reason you need to generate a new key (say you emailed the key unencrypted to the client, which you should never do), simply click the Generate a New Key link and then download the new key file.

Save the key file on the Linux host in

$HOME/.ssh/[name+of+keyfile].key

  1. Your .ssh directory is automatically created when you use the sftp command for the first time. If you have never used sftp before under this user account please create the directory first using:

$ mkdir $HOME/.ssh && chmod 700 $HOME/.ssh

      User-added image
  1. Next, you need to ensure the permissions on the key file are correct. Incorrect permissions (e.g. group or world readable) will give you an error like this when attempting to connect:

Permissions 0644 for '/home/[user]/.ssh/keyfile' are too open.
It is recommended that your private key files are NOT accessible by others.

This private key will be ignored.
bad permissions: ignore key: /home/[user]/.ssh/keyfile

  1. To apply the correct permissions to the key file, use this command:
$ chmod 600 $HOME/.ssh/[name+of+keyfile].key

The key file should look like this once you have fixed the permissions

       User-added image

Next, we’ll set up an ssh config file with the configuration for the Everbridge SFTP host.

  1. Create a new file (or edit it if the file already exists) called

$HOME/.ssh/config

  1. In the config file, enter the following block of text, replacing the User placeholder and the actual name of your key file. Save the file when you are done.

Host everbridge
        User [Your EB Org ID]
        HostName sftp-us.everbridge.net
        IdentityFile ~/.ssh/[name+of+keyfile].key

  1. To connect to the Everbridge SFTP server, all you need to do is reference the config section by the alias you defined (the alias in the above example is “everbridge” on the first line).

$ sftp everbridge

  1. If for some reason, the client cannot or will notset up an ssh config file, you can always pass the ssh config parameters along with the command line.

$ sftp -oIdentityFile=$HOME/.ssh/[name+of+keyfile].key [org ID]@sftp-us.everbridge.net

The First Time You Connect

The very first time you connect to the Everbridge SFTP server, you will be asked to confirm that you want to continue connecting to an unknown host.

      User-added image

The host’s signature will be added to

$HOME/.ssh/known_hosts.

This file will be created automatically if it does not exist.

Adding a Passphrase to the Key File

While using a key file for authentication removes the need for a password, some clients may still wish for an extra layer of security. In that case, a passphrase can be added on to the key file. Think of a passphrase as a password to “open” the key file for use in the SFTP connection.

To do this, use the ssh-keygen command with the –p and –f flags.

~/.ssh $ ssh-keygen -p -f MWallick+Sandbox+ORG.key
Key has comment 'MWallick+Sandbox+ORG.key'
Enter new passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved with the new passphrase.
~/.ssh $

If you ever need to remove the passphrase from the key file, use the same command as before. The difference here is that you must first enter the passphrase, then just hit enter twice to specify no passphrase.

~/.ssh $ ssh-keygen -p -f MWallick+Sandbox+ORG.key
Enter old passphrase:
Key has comment 'MWallick+Sandbox+ORG.key'
Enter new passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved with the new passphrase.
~/.ssh $

 
Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.