AWS Transfer Family - SSH Key Pair

0

Hi all:

We are using the AWS Transfer Family service as our SFTP service.
Currently, we are generating a ssh key pairs for our vendors and add the public keys to the vendor account while creating the vendor accounts.
We are transferring the private keys to the vendors and with this they are able to log onto the account.
Let me know if this is the right approach or not.

One of the vendor says that transferring private key is not safe and asking us for the public key.
If I provide him the public key and have the public key attached to the account within AWS Transfer family, he is getting authentication error.

Should we send them the public key or private key? Is it safe to send them the private key?
Also, if he has key pair generated, is it okay if I have his public key attached to the account?
Can someone who is an expert in this area clear my confusion.
Appreciate any help in this.

Regards!
Venkata

질문됨 2년 전2182회 조회
2개 답변
0

Hello Venkata,

In terms of security best practices, sharing a Private Key is not recommended. As the name suggests, the Private Key should be kept private to the user who generated them and not shared with anyone.

Concerning SSH Key authentication, the server holds the Public Key whereas the client holds the Private Key. Authentication succeeds when the client uses the Private key which is compared against its corresponding Public Key on the server. This is why in the first case, authentication succeeded when you shared the Private Key with your vendor. When you share the Public Key with your vendor, the authentication process will fail as you cannot use a Public Key against a Public Key. Therefore the behavior that you observed when you shared the Public Key is expected.

To your questions specifically:
Q: Should we send them the public key or private key?
A: If your vendor is going to connect to your server, the vendor should have the Private Key while you/server should have the Public Key.

Q: Is it safe to send them the private key?
A: It depends on how you share the Private Key, however it is not recommended and not a best practice approach as there is always a chance of security breach during sharing confidential keys.

Q: Also, if he has key pair generated, is it okay if I have his public key attached to the account?
A: Yes, there are no issues in having a corresponding Public Key. As the name implies, they are public information.

With that said, the best approach would be to have your vendor create the SSH Keys and share the Public Key with you. You can then add the Public Key to your server and the authentication should succeed when they use the corresponding Private Key.

Let me know if you have questions.

Regards,
Sagar

AWS
전문가
답변함 2년 전
0

Thanks Sagar for sharing the information.

답변함 2년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠