During our monthly webinars we receive some great questions that we like to share with our blog readers. Our most recent webinar titled “Secure Managed File Transfers on the IBM i” discussed meeting compliance regulations, as well as how to automatically transfer files to trading partners using sFTP or SSL FTP. While on the topic of secure transfers, one attendee asked the following question that Patrick Townsend, Founder & CTO, was able to answer:
A public/private key pair is needed for SSH/sFTP Transfers. Does the Alliance FTP Manager exchange keys with the destination server?
Yes, SSH as a technology, implements a number of ways to secure and authenticate connections. Public/Private Key or PKI implementation is a part of that. Also password authentication is an option within the SSH world too. Looking back over the last few years, public/private key based encryption has predominately been the rule with SSH and sFTP Transfers.
Recently, there has been an interesting migration with a trend of moving to a password-based authentication for sFTP sessions, and I understand why. Many large institutions have a big task of managing all of their Public/Private key pairs. If you are transferring just one file outside of the company, like to a bank, then there is not really much of a problem. But some of our customers use thousands of keys within their IT environment, which becomes very difficult to manage.
Alliance FTP Manager supports Public/Private key based authentication as well as “password based” authentication. Usually, your trading partner is choosing the authentication for you, but we do support both models.
There is another aspect to this question and that is the key exchange, which can be a bit of an administrative nightmare. We have really tried to help our customers by automatically pulling in a remote SSH severs Public Key into the proper files on the IBM i. Additionally, we have developed utilities that make that a matter of selecting on option in a menu. In some cases you still have to send a public key to your partner, but we have done a lot to help manage the PKI infrastructure exchange that needs to happen. From an administrative perspective, you don’t want to be emailing keys around all over and we have done a lot to help make secure managed file transfers an easy process.
View our webinar “Secure Managed File Transfers on the IBM i” for more information on automatically transferring files to business partners while meeting compliance regulations.