As organizations throughout the world continue to strengthen their network and data communications systems to counter increased security threats, we’ve noticed a trend: there’s been an increase in the number of Campbell Scientific customers setting up secure communications between their data loggers and other devices.
SSH File Transfer Protocol (SFTP) is a common protocol used for securely sending files from one device to a server, and the protocol is supported on our newest data loggers, including the CR1000X, CR6, and GRANITE™ Series. The SFTP protocol is based upon Secure Socket Shell (SSH) and therefore requires that the data logger have a public and a private key. The public key is shared between both the server and the data logger sending files to it.
If you’re having some difficulty generating the required private and public keys for the SFTP protocol, you’re not alone. This article covers one straightforward method to generate your own keys using the well-known open-source tool called PuTTY Key Generator and then apply those keys to your compatible data logger.
Let’s get started
To generate your public/private key pair for SFTP on a Campbell Scientific data logger, please follow the steps below:
- Install the PuTTY Key Generator, navigate to the PuTTYgen directory, and launch it. The default directory path is C:\Program Files (x86)\PuTTY\puttygen.exe.
Note: If you have an existing public/private key pair in PPK format, skip to Step 4.
- Create a new public/private key pair by clicking the Generate button:
- Move your mouse over the blank area to create some randomness that can be used to generate the keys:
Note: After completing Step 3, skip to Step 6.
- With the PuTTY Key Generator open, click the Conversions menu, and select Import key:
- The Load private key screen will appear. Select the .PPK formatted key file and click Open. Here is an example:
- Click the Conversions menu, and select Export OpenSSH key. Save that as your private .PEM key file in a location you can easily find:
Note: A PuTTYgen Warning prompt will appear, asking if you want to save the key without a passphrase to protect it. Click Yes.
If you open the content of that key file as a text document, its header and footer should appear as the following:
-----BEGIN RSA PRIVATE KEY-----
[key content here]
-----END RSA PRIVATE KEY-----
- Now that you have the private key, let's work on the public key. Copy the public key text. Then, open Notepad or Notepad++, paste the content in the text document, and save the .txt file where you can refer to it as necessary. Your server will need that key.
- Copy the content of the public key, and connect to your data logger using the Device Configuration Utility (DevConfig).
- In DevConfig, click the Settings Editor tab, and select the Advanced subtab. Scroll to the bottom, and paste your public key in the SFTP Public Key field:
- Click the More button with the three dots (…) to browse for your private key .PEM file that you saved earlier. Then click the Apply button:
- Lastly, ensure that your SFTP server has the same public key attached or shared to it so that you can connect to the SFTP server. Your keys are now applied.
A testing tip
Test your system using the FTPClient() instruction in your data logger. Be aware that the processing of encrypted data takes longer than with a straight FTP instruction. To avoid skipped scans, it is usually best to contain an SFTP transaction within a SlowSequence near the end of your data logger program. A simple example is below:
A final word
I hope you found this information helpful and can easily generate your SFTP keys to secure your communication. If you have any questions, please post them below.