Ensemble SFTP public key authentication -- Best practice for permissions on public/private key files

I am using Ensemble FTP adapter to monitor file directory for files that require SFTP transfer to remote server using public/private keys for remote server authentication.

This works great in my engineering development space where file protections are loose.

I want to apply "principle of least privilege" regarding the public and private key files specified in  FTP Outbound adapter Business Operation. 

Can anyone recommend (Linux) permissions that allow Ensemble to execute the SFTP operation but minimizing access to the key files?

I've tried variouse combinations without success. 

Any recommendations are appreciated. 

 

The following is a sample error when I tighten file access. 

============================================================

ERROR <Ens>ErrFailureTimeout: 
FailureTimeout of 15 seconds exceeded in XXXX.DWX.Extractor.BO.AzureFileTransferProtocol; 
status from last attempt was ERROR <Ens>ErrOutConnectFailed: SFTP Connect 
failed for  3.20.229.104:22/precustomerz_PrivateKey/SSL='!SFTP'/PubKey='/database/cb70t/sFTPKeyFiles/precustomerz/id_rsa.pub'/PrivKey='/database/cb70t/sFTPKeyFiles/precustomerz/id_rsa' 
with error ERROR #7510: SSH Error '-16': SSH Error [80101010]: Unable to open public key file [80101010] at Session.cpp:418,0

=============================================================================
 

 

 

 
 

 

Answers

cacheusr should have read on them. That's about it.