Setting Up Public-Key Authentication for SCP/SFTP Jobs

Document ID : KB000010545
Last Modified Date : 14/02/2018
Show Technical Document Details

In WAAE 11.3.6 SP6, functionality was added so that SCP job types can now support public-key authentication. This document provides an example of how to utilize this functionality. There are no changes required in the agent configuration or an existing job definition that is already utilizing user/password authentication. It is simply a difference in what is defined in the autosys_secure utility.


In this example, job "test_sftp" is defined to perform an SFTP upload of a file called "test_sftp.txt" from the /tmp directory on machineA to the /tmp directory on machineB as user "autosys"...

/* ----------------- test_sftp ----------------- */

insert_job: test_sftp   job_type: SCP
machine: machineA
owner: autosys
scp_transfer_direction: UPLOAD
scp_server_name: machineB
scp_server_port: 22
scp_remote_dir: "/tmp"
scp_remote_name: "test_sftp.txt"
scp_local_name: "/tmp/test_sftp.txt"
scp_target_os: UNIX
scp_protocol: SFTP

In order for this job to run successfully with public-key authentication, you will need to store the key credentials for the job owner using the autosys_secure command. You will need to know the file path where the job owner's private-key is located on the agent machine where the job runs. In this example, the private key file is /home/autosys/.ssh/id_rsa.

Run "autosys_secure" and select the following options...

[5] Manage users.

[2] Manage users with key credentials.

[1] Create a user.

You will then be prompted for the necessary key credential information.

The first prompt will be for the user name. This should match the job owner...

Input the user name (or hit enter to cancel):  autosys

The next prompt will be for the host or domain. This should match the machine attribute of the job...

Enter user host or domain (or hit enter to cancel):  machineA

The next prompt asks you to create a new security code for this user and verify it. This can contain any alphanumeric characters. If a user wishes to modify this entry, they will be prompted to enter this security code..

Enter new security code:

Enter new security code again:

The next prompt asks for the type of key credential. For this particular functionality, you must select option '2'...

Enter type of key credential [1:Upload local key or 2:Use remote key] (or hit enter to cancel):  2

Next, you will be prompted for the location of the user's private key file on the agent machine...

Enter the key credential file path (or hit enter to cancel):  /home/autosys/.ssh/id_rsa

Finally, you will be prompted for the key's passphrase. If the key is created with no passphrase, just press enter to skip.

Enter new passphrase (or hit enter to skip):

CAUAJM_I_60135 User create successful.

Once this entry is added, you should then be able to successfully run the SCP job using public-key authentication.