Key management
Adobe recommends that all customers establish connection to their SFTP servers with a public and private key pair.
The steps to generate a public SSH key and add it to access the SFTP server are decribed below, as well as recommendations regarding authentication.
Once access to the server is set up, remember to add the IP addresses that will require access to the server to the allow list so that you can connect to it. For more on this, refer to this section.
Discover this feature in video using Campaign v7/v8 or Campaign Standard
Best practices
About the public SSH key
Make sure you always use the same authentication to connect to the server, and you are using a supported format for the key.
API integration with username and password
In very rare cases, password-based authentication is enabled on some SFTP servers. Adobe recommends that you use key-based authentication, as this method is more efficient and secure. You can request to switch to key-based authentication by contacting Customer Care.
Installing the SSH key
-
Navigate to the Key Management tab, then click the Add new public key button.
-
In the dialog box that opens, select the username that you want to create the public key for, and the server for which you want to activate the key.
note note NOTE Control Panel will check if a given username is active on a given instance and enable you to activate the key on one or several instances. One or more public SSH keys can be added for each user. -
To better manage your public keys, you can set a duration for the availability of each key. To do so, select a unit in the Type drop-down list and define a duration in the corresponding field. For more on public key expiry, see this section.
note note NOTE By default, the Type field is set to Unlimited, which means that the public key never expires. -
In the Comment field, you can indicate a reason for adding this public key (why, for whom, etc.).
-
To be able to fill in the Public Key field, you need to generate a public SSH key. Follow the steps below according to your operating system.
Linux and Mac:
Use the Terminal to generate a public and private key pair:
- Enter this command:
ssh-keygen -m pem -t rsa -b 2048 -C "your_email@example.com"
. - Provide a name to your key when prompted. If the .ssh directory does not exist, the system will create one for you.
- Enter, then re-enter, a passphrase when prompted. It can also be left blank.
- A key pair “name” and “name.pub” is created by the system. Search for the “name.pub” file, then open it. It should have alpha-numeric string ending with the email address that you specified.
Windows:
You might need to install a third-party tool that will help you generate private/public key pair in the same format “name.pub”.
- Enter this command:
-
Open the .pub file, then copy-paste the whole string starting with “ssh…” into Control Panel.
note note NOTE The Public Key field only accepts OpenSSH format. The public SSH key size should be 2048 bits. -
Click the Save button to create the key. Control Panel saves the public key and its associated fingerprint, encrypted with the SHA256 format.
You can use fingerprints to match the private keys that are saved on your computer with the corresponding public keys saved in Control Panel.
The “…” button allows you to delete an existing key, or to copy its associated fingerprint into your clipboard.
Managing public keys
The public keys that you create display in the Key Management tab.
You can sort the items based on the creation date or edition date, on the user who created or edited it, and on the IP range expiry.
You can also search a public key by starting to type a name or a comment.
To edit one or more IP ranges, see this section.
To delete on or more public keys from the list, select them, then click the Delete public key button.
Expiry
The Expires column shows how many days remain until the public key will expire.
If you subscribed to email alerting, you will receive notifications by email 10 days and 5 days before a public key will expire, and on the day it is due to expire. Upon receiving the alert, you can edit the public key to extend its validity period if needed.
An expired public key will be automatically deleted after 7 days. It is shown as Expired in the Expires column. Within this 7 day-period:
-
An expired public key cannot be used anymore to connect to the SFTP server.
-
You can edit an expired public key and update its duration to make it available again.
-
You can delete it from the list.
Editing public keys
To edit public keys, follow the steps below.
-
Select one or more items from the Key Management list.
-
Click the Update public key button.
-
You can only edit the public key expiry and/or add a new comment.
note note NOTE To modify the username, instance and public key in OpenSSH format, delete the public key and create a new one corresponding to your needs. -
Save your changes.