| Foundation1 / Administration Guide / Integration / Ifs Connect / Configure Connect / Transport Connectors / |
The SFTP transport connector makes it possible to send and receive files to and from IFS Applications by using the SSH2 File Transfer Protocol; commonly referred to as SFTP and "Secure FTP". SFTP provides secure file transfers by utilizing strong network encryption, server authentication (by the use of "known hosts" file) and user authentication (by the use of password or identity files).
The SFTP Reader gets files from an IN directory in any format and executes them. The SFTP Sender has the possibility to put files in different xml-formats or plain text to an OUT directory.
The SFTP Reader and SFTP Sender are powered by JSch, an open source (BSD licensed) pure Java library.
SFTP requires a "known hosts" file. The "known hosts" file contains the public key of the SSH2 server, and the purpose of this file is to ensure that another server cannot maliciously impersonate another server (e.g. man-in-the-middle attacks).
The known hosts file may already has been created by an SSH2 client and may be reused by SFTP Reader. If the known hosts file does not exists, or is in an incompatible file format, a new known hosts file can be created with the following command:
java -cp <IFS_HOME>\repository\server\javaruntime\ifs-fnd-connect.jar;<IFS_HOME>\repository\server\dist\lib\jsch-0.2.17.jar ifs.fnd.connect.ftp.SftpClient -CreateKnownHosts=KNOWNHOSTS -hostname=SFTPHOST -username=USERNAME -password=PASSWORD
(replace '\' with '/' and ';' with ':' on Linux).
| Setting | Description |
|---|---|
| KNOWNHOSTS | The full path name of the known hosts file. |
| SFTPHOST | Fully qualified host name. |
| USERNAME | User account name. |
| PASSWORD | User password. |
Example: To create the file C:\ifs\knownhosts containing the server sftp.example.com for which the user account sftp with password h4rd_pPpasZzw0oRd is used to logon, issue the following command:
java -cp C:\ifs\repository\server\javaruntime\ifs-fnd-connect.jar;C:\ifs\repository\server\dist\lib\jsch-0.2.17.jar ifs.fnd.connect.ftp.SftpClient -CreateKnownHosts=C:\ifs\knownhosts -hostname=sftp.example.com -username=sftp -password=h4rd_pPpasZzw0oRd
Important! You are recommended to specify a fully qualified domain name, FQDN, when specifying hostname. In other words you should specify sftp.example.com . Do not use short hostname like sftp or an IP like 10.1.2.3. This is not strictly necessary, but generally tends to reduce the need for maintenance/reconfiguration. Also note that the hostname in known host file should match the connection settings.
The username and password is not stored in the known hosts file; they are necessary to provide in this step due to JSch internals.
This is an optional step you may ignore if it does not apply to your environment.
Some SFTP servers do not do user authentication with passwords, but with public key cryptography instead. A user then creates an "identity file" which contains the private credential needed to authenticate the user against the SFTP server. A second file, a public file, is also created when creating an identity file. The public file needs to be uploaded and installed into the SFTP server's user repository to enable identity based user authentication.
The identity file may already have been created by an SSH2 client and may be reused by SFTP Reader. If the identity file does not exists, or is in an incompatible file format, a new identity file can be created with the following command:
java -cp <IFS_HOME>\repository\server\javaruntime\ifs-fnd-connect.jar;<IFS_HOME>\repository\server\dist\lib\jsch-0.2.17.jar ifs.fnd.connect.ftp.SftpClient -CreateIdFile=IDFILE -keytype=KEYTYPE -comment=COMMENT -passphrase=PASSPHRASE -keysize=KEYSIZE
(replace '\' with '/' and ';' with ':' on Linux).
| Setting | Description |
|---|---|
| IDFILE | The full path name of the (private) identity file. The public key will be stored into a second file which begins with the same name but is suffixed with ".pub". |
| KEYTYPE | Key algorithm to use. Valid values are dsa and rsa. |
| COMMENT | An descriptive comment to add to the identity file. Anything goes. |
| PASSPHRASE | A passphrase/password used to encrypt the identity file, for additional protection. |
| KEYSIZE | The bit-length of the encryption key stored in the identity file. |
Example: To create the file C:\ifs\identity with keytype dsa, comment IFSConnect, and passphrase veRy:c0mpl3X_pq$sw0rT and keysize 1024, issue the following command:
java -cp C:\ifs\repository\server\javaruntime\ifs-fnd-connect.jar;C:\ifs\repository\server\dist\lib\jsch-0.2.17.jar ifs.fnd.connect.ftp.SftpClient -CreateIdFile=C:\ifs\identity -keytype=dsa -comment=IFSConnect -passphrase=veRy:c0mpl3X_pq$sw0rT -keysize=1024
The following parameters are common for both SFTP Sender and SFTP Reader configuration.
Server connection settings are settings which gives the connector information about which server to connect to:
sftp.example.comImportant! You are recommended to specify a fully qualified domain name, FQDN, when specifying hostname. In other words you should specify sftp.example.com . Do not use short hostname like sftp or an IP like 10.1.2.3. This is not strictly necessary, but generally tends to reduce the need for maintenance/reconfiguration. Also note that the hostname in known host file should match the connection settings.
Server authentication settings helps the SFTP transport connector to identity spoofing attacks (malicious servers attempting to impersonate the SFTP server). The way it works is compare the servers public key with the one previously recorded into known hosts file.
C:\ifs\knownhostsConsult Setting up SFTP authentication files regarding how to create the known hosts file.
User authentication settings helps the SFTP transport connector to identify itself when connecting to the SFTP server.
Typically USERAUTH_METHOD is set to Password authentication and a username/password pair is used to authenticate.
Optionally, public key identification can be provided by the use of an identity file.
Password authentication, or Identity file authentication.Password authentication unless you are using an identity file.Password authentication.C:\ifs\identityTo utilize Identity file based authentication, please consult Setting up SFTP authentication files.
Directory path name on an SFTP server is always specified in SFTP syntax; which is similar to UNIX path names. This is true for all SFTP servers standard-compliant servers even if they are hosted on Windows Operating system.
| Syntax | Root directory | Current directory | Path separator |
|---|---|---|---|
| SFTP | / | . | / |
| UNIX | / | . | / |
| Windows | A:\ C:\ etc... |
. | \ |
Examples of SFTP syntax:
The SFTP Sender connector uploads files from IFS Connect to an SFTP server. The filename to be uploaded is configured in the SFTP Sender address.
Most SFTP parameters exist in both SFTP Reader and SFTP Sender. Please refer to "Common parameters for SFTP Sender and SFTP Reader" regarding how to setup connection and authentication settings.
The directory settings controls where temporary files are to be written.
.part.Additional parameters are specified on Routing Address for
Destination Type Sftp.
The SFTP Reader is a connector for reading files from an SFTP file server.
Most SFTP parameters exist in both SFTP Reader and SFTP Sender. Please refer to "Common parameters for SFTP Sender and SFTP Reader" regarding how to setup connection and authentication settings.
The directory for this SFTP Reader to read input
files from, e.g. ./in.
Refer to
Remote directory or path names on a SFTP server for
help with specifying directory name. See also
file based reader
considerations.
Read Failed.It's possible to create new instances of the SFTP Reader Transport Connector provided that they should scan different directories, or has in-file filters without overlapping file names.