Key management key-management

Last update: Mon Oct 30 2023 00:00:00 GMT+0000 (Coordinated Universal Time)

CREATED FOR:

Experienced
Admin

Adobe recommends that all customers establish connection to their SFTP servers with a public and private key pair.

The steps to generate a public SSH key and add it to access the SFTP server are decribed below, as well as recommendations regarding authentication.

Once access to the server is set up, remember to add the IP addresses that will require access to the server to the allow list so that you can connect to it. For more on this, refer to this section.

Discover this feature in video using Campaign v7/v8 or Campaign Standard

Best practices best-practices

About the public SSH key

Make sure you always use the same authentication to connect to the server, and you are using a supported format for the key.

API integration with username and password

In very rare cases, password-based authentication is enabled on some SFTP servers. Adobe recommends that you use key-based authentication, as this method is more efficient and secure. You can request to switch to key-based authentication by contacting Customer Care.

IMPORTANT

If you password expires, even if there are keys installed on your system, you will not be able to login to your SFTP accounts.

Installing the SSH key installing-ssh-key

IMPORTANT

You must always follow your organization guidelines with respect to SSH keys. The steps below are just one example of how SSH key creation can be done and they can serve as a helpful point of reference for communicating requirements to your team or internal network group.

Navigate to the Key Management tab, then click the Add new public key button.

In the dialog box that opens, select the username that you want to create the public key for, and the server for which you want to activate the key.

note note
NOTE
Control Panel will check if a given username is active on a given instance and enable you to activate the key on one or several instances.
One or more public SSH keys can be added for each user.

To better manage your public keys, you can set a duration for the availability of each key. To do so, select a unit in the Type drop-down list and define a duration in the corresponding field. For more on public key expiry, see this section.

note note
NOTE
By default, the Type field is set to Unlimited, which means that the public key never expires.

In the Comment field, you can indicate a reason for adding this public key (why, for whom, etc.).
To be able to fill in the Public Key field, you need to generate a public SSH key. Follow the steps below according to your operating system.

Linux and Mac:

Use the Terminal to generate a public and private key pair:
1. Enter this command: ssh-keygen -m pem -t rsa -b 2048 -C "your_email@example.com".
2. Provide a name to your key when prompted. If the .ssh directory does not exist, the system will create one for you.
3. Enter, then re-enter, a passphrase when prompted. It can also be left blank.
4. A key pair “name” and “name.pub” is created by the system. Search for the “name.pub” file, then open it. It should have alpha-numeric string ending with the email address that you specified.
Windows:

You might need to install a third-party tool that will help you generate private/public key pair in the same format “name.pub”.

Open the .pub file, then copy-paste the whole string starting with “ssh…” into Control Panel.

note note
NOTE
The Public Key field only accepts OpenSSH format. The public SSH key size should be 2048 bits.

Click the Save button to create the key. Control Panel saves the public key and its associated fingerprint, encrypted with the SHA256 format.

IMPORTANT

If the key you created is used to establish a connection with a system that has never been connected to the selected SFTP server before, you will need to add a public IP of that system to the allow list before you are able to use this system with the SFTP server. See this section.

You can use fingerprints to match the private keys that are saved on your computer with the corresponding public keys saved in Control Panel.

The “…” button allows you to delete an existing key, or to copy its associated fingerprint into your clipboard.

Managing public keys managing-public-keys

The public keys that you create display in the Key Management tab.

You can sort the items based on the creation date or edition date, on the user who created or edited it, and on the IP range expiry.

You can also search a public key by starting to type a name or a comment.

To edit one or more IP ranges, see this section.

To delete on or more public keys from the list, select them, then click the Delete public key button.

Expiry expiry

The Expires column shows how many days remain until the public key will expire.

If you subscribed to email alerting, you will receive notifications by email 10 days and 5 days before a public key will expire, and on the day it is due to expire. Upon receiving the alert, you can edit the public key to extend its validity period if needed.

An expired public key will be automatically deleted after 7 days. It is shown as Expired in the Expires column. Within this 7 day-period:

An expired public key cannot be used anymore to connect to the SFTP server.
You can edit an expired public key and update its duration to make it available again.
You can delete it from the list.

Editing public keys editing-public-keys

To edit public keys, follow the steps below.

NOTE

You can only edit public keys that have been created since the Control Panel October 2021 release.

Select one or more items from the Key Management list.
Click the Update public key button.

You can only edit the public key expiry and/or add a new comment.

note note
NOTE
To modify the username, instance and public key in OpenSSH format, delete the public key and create a new one corresponding to your needs.

Save your changes.

recommendation-more-help

de5e0b2b-14b9-41f2-ac61-b0893e9c55a5