How to connect to a SFTP server from terminal using Password and SSH key authentication

Hi! this is a quick tip connect to SFTP server using a SSH key and password authentication.

Recently I’ve received a file created with Putty Key Generator «file.ppk», in order to establish the connection from terminal I had to use the private key and password to comply with the authentication method.

So, I had to extract the private key as shown as follow:

1. Open Putty Key Generator, select menu Conversions > Import key and load the ppk file

2. Select Conversions > Export OpenSSH key, you can save it with or without passphrase

3. Grant the permissions at the created file only for your user:

# Windows
icacls filename /inheritance:r /grant username:F

# Unix
chmod 700 filename 

4. Open the terminal and go to the folder where you saved the key, then execute the next command:

sftp -oHostKeyAlgorithms=+ssh-rsa -i <key> <username>@<server ip>

Complete the pasword prompt (and the passphrase if you setted one) to establish the connection, the output must show something like this:

$ sftp -oHostKeyAlgorithms=+ssh-rsa -i id_dummy_rsa dummyuser@111.222.33.321
(dummyuser@111.222.33.321) Enter password: 
Connected to 111.222.33.321.
sftp>

And thats it!

bye! =D

SAP PI/PO, Install a SSL Certificate to validate the Netweaver portal into the web browser

This is a quick entry, I had to change the SSL certificate in a SAP PO instance because it was going to expire soon. These are the steps to replace the certificate.

1. Download the previous key, go to NWA > Configuration > Security > Certificates and Keys and choose the Key Storage View where the previous certificate is located, select the View Entries tab and choose the PRIVATE KEY entry and click on Export Entry.

Seguir leyendo →

OpenSSL, create a certificate signing request and sign by a custom Certified Authority

In this entry I’m going to show how to create a certificate signing request (CSR) to be signed by my own Certificate Authority (CA) using OpenSSL, please, note this is different than a self-signed certificate. Use this procedure when you have to get a certificate verified by a CA (custom or online).

1. Create the CA private and public key, complete the required data:

$ openssl genrsa -out rootCA.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
...................+++++
................+++++
e is 65537 (0x010001)
client2.crt: OK

$ openssl req -new -x509 -days 9999 -key rootCA.key -out rootCA.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:MX
State or Province Name (full name) [Some-State]:Mexico
Locality Name (eg, city) []:CDMX
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Orbital Zero
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:orbitalzero.com
Email Address []:jaehoo@gmail.com

Seguir leyendo →