Workload Automation

  • Private Community
 View Only
Back to Library

Setting Up Public-Key Authentication for SCP/SFTP Jobs (Requires 11.3.6 SP6) 

Nov 16, 2017 03:56 PM

Introduction:

In WAAE 11.3.6 SP6, functionality was added so that SCP job types can now support public-key authentication. This document provides an example of how to utilize this functionality. There are no changes required in the agent configuration or an existing job definition that is already utilizing user/password authentication. It is simply a difference in what is defined in the autosys_secure utility.

 

 

Instructions:

In this example, job "test_sftp" is defined to perform an SFTP upload of a file called "test_sftp.txt" from the /tmp directory on machineA to the /tmp directory on machineB as user "autosys"...

 

/* ----------------- test_sftp ----------------- */

insert_job: test_sftp   job_type: SCP
machine: machineA
owner: autosys
scp_transfer_direction: UPLOAD
scp_server_name: machineB
scp_server_port: 22
scp_remote_dir: "/tmp"
scp_remote_name: "test_sftp.txt"
scp_local_name: "/tmp/test_sftp.txt"
scp_target_os: UNIX
scp_protocol: SFTP

 

In order for this job to run successfully with public-key authentication, you will need to store the key credentials for the job owner using the autosys_secure command. You will need to know the file path where the job owner's private-key is located on the agent machine where the job runs. In this example, the private key file is /home/autosys/.ssh/id_rsa.

 

Run "autosys_secure" and select the following options...

[5] Manage users.

[2] Manage users with key credentials.

[1] Create a user.

 

You will then be prompted for the necessary key credential information.

 

The first prompt will be for the user name. This should match the job owner...

Input the user name (or hit enter to cancel):  autosys

 

The next prompt will be for the host or domain. This should match the machine attribute of the job...

Enter user host or domain (or hit enter to cancel):  machineA

 

The next prompt asks you to create a new security code for this user and verify it. This can contain any alphanumeric characters. If a user wishes to modify this entry, they will be prompted to enter this security code..

Enter new security code:

Enter new security code again:

 

The next prompt asks for the type of key credential. For this particular functionality, you must select option '2'...

Enter type of key credential [1:Upload local key or 2:Use remote key] (or hit enter to cancel):  2

 

Next, you will be prompted for the location of the user's private key file on the agent machine...

Enter the key credential file path (or hit enter to cancel):  /home/autosys/.ssh/id_rsa

 

Finally, you will be prompted for the key's passphrase. If the key is created with no passphrase, just press enter to skip.

Enter new passphrase (or hit enter to skip):

CAUAJM_I_60135 User create successful.

 

Once this entry is added, you should then be able to successfully run the SCP job using public-key authentication.

Statistics
0 Favorited
4 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Dave A
Sep 19, 2018 10:08 AM

Is there a minimum version for the System Agent?

Jehan Barona
Sep 19, 2018 09:03 AM

Thanks for the Unix but what about for Windows?

Antony Askew
Nov 28, 2017 05:07 AM

Thanks Scott.  Could you clarify a few things?

 

  • Is the 'security code' just a user defined code for this credential, ie has no bearing on the job execution?
  • Are instructions the same if the job runs uses a windows domain account as the owner?
  • Is this only available from r11.3.6 SP6 upwards?

Thanks

Legacy User
Nov 16, 2017 04:04 PM

Thank you Scott. Long overdue and I know a lot of customers trying to move away from embedding the keystores in their file transfer scripts. I am going to try this out!

Related Entries and Links

No Related Resource entered.