cancel
Showing results for 
Search instead for 
Did you mean: 

Error in Seeburger SFTP : Cannot create pending keystore PENDING/SSH_hosts

Former Member
0 Kudos

Hi All,

I am developing a scenario where my sender is file and receiver is SFTP. It is pass through interface and to achive SFTP i used seeburger SFTP adapter. I generated the public from the certificate and shared the key with SFTP admin.

Now whe i test the scenario i facing the following error in the SFTP channel @ RWB. The error is

Message processing failed. Cause: javax.resource.ResourceException: Fatal exception: javax.resource.ResourceException: >> Description: putFile: Could not connect to remote host; Reason: SFTP client was not able to connect: com.seeburger.sftp.exception.HostVerificationException: Cannot create pending keystore PENDING/SSH_hosts/>> Details: putFile: Could not connect to remote host; Reason: SFTP client was not able to connect: com.seeburger.sftp.exception.HostVerificationException: Cannot create pending keystore PENDING/SSH_hosts/>>SendingStatus: NOT_TRANSMITTED>>FaultCategory: COMMUNICATION_ERROR>>Retryable: false>>Fatal: false, >> Description: putFile: Could not connect to remote host; Reason: SFTP client was not able to connect: com.seeburger.sftp.exception.HostVerificationException: Cannot create pending keystore PENDING/SSH_hosts/>> Details: putFile: Could not connect to remote host; Reason: SFTP client was not able to connect: com.seeburger.sftp.exception.HostVerificationException: Cannot create pending keystore PENDING/SSH_hosts/>>SendingStatus: NOT_TRANSMITTED>>FaultCategory: COMMUNICATION_ERROR>>Retryable: false>>Fatal: false

Has anyone faced the similar problem and resolved it , please help me on the same.

Thanks,

Siva.

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Did you try specify the private key option as USERS/SSH_hosts/ in the SFTP setting??

Regards

Ramg

Former Member
0 Kudos

Hi Ram,

I used Private Key authentication method , but for private key details are different . i gave some thing like USERS/<viemname>/<certificatename>. But in the error it shows PENDING\SSH_hosts.

Can you help me on the same.

Thanks,

Siva

srikanth_srinivasan3
Active Participant
0 Kudos

The SSH_Hosts is the place where by defualt Seeburger SFTP adapter would import the SSH certificate of the SFTP server its is connecting to.

The SFTPPartners would be the place where usually the Seeburger SFTP channels would be pointing to!

Following are the possibilites:

1) If you are using latest version Seeburger SFTP Adapter, the certificate would be evident with the following naming convention: <IP_ADDRESS>_<HOST_NAME> (seperation by '_' and not by '.')

2) If the certificate is already loaded, you may have to import it into SFTPPartners using 'Import from View' option.

3) If the certificate itself is not loaded into SSH_Hosts, then following are the possibilities:

3a) Firewall between PI and the SFTP server is not opened

3b) SSH provision is not available on the port you used in your SFTP adapter.

Looking at the error, I guess you must not find the certificate.

if you find it, then the public key is not placed properly. Refer [THIS|http://www.sdn.sap.com/irj/scn/weblogs?blog=/pub/wlg/21027] [original link is broken] [original link is broken] [original link is broken];.

-

Srikanth Srinivasan

Former Member
0 Kudos

Hi Srikanth,

I resolved the above error by creating aview in my keystore(nwa) . Now i am facing a new error.

The error looks something like this:

Message processing failed. Cause: javax.resource.ResourceException: Fatal exception: javax.resource.ResourceException: >> Description: putFile: Could not connect to remote host; Reason: Unable to establish a connection to SSH server, the authentication has failed. Details: Server returned AUTHENTICATION_FAILED. Check user and key/password-settings.>> Details: putFile: Could not connect to remote host; Reason: Unable to establish a connection to SSH server, the authentication has failed. Details: Server returned AUTHENTICATION_FAILED. Check user and key/password-settings.>>SendingStatus: NOT_TRANSMITTED>>FaultCategory: COMMUNICATION_ERROR>>Retryable: false>>Fatal: false, >> Description: putFile: Could not connect to remote host; Reason: Unable to establish a connection to SSH server, the authentication has failed. Details: Server returned AUTHENTICATION_FAILED. Check user and key/password-settings.>> Details: putFile: Could not connect to remote host; Reason: Unable to establish a connection to SSH server, the authentication has failed. Details: Server returned AUTHENTICATION_FAILED. Check user and key/password-settings.>>SendingStatus: NOT_TRANSMITTED>>FaultCategory: COMMUNICATION_ERROR>>Retryable: false>>Fatal: false.

I am using a private key authentication and I gave my SAP PI userid as User and private key as the key present in NWA.

Can you please help me in resolving this error.

Thanks,

Sivarama Krishna

srikanth_srinivasan3
Active Participant
0 Kudos

My focus would be on the public key installation only.

Did you happen to request the public key from the SFTP system admin? If not, please do it.

Alternatively, there is one more point of validation possible:

Extract the P12 key from NWA, convert into OpenSSH key (as illustrated in the blog I pointed) and generate the private key from the OpenSSH key using PuttyGen to try logging in via WinSCP to check locally, if the authentication works. If the public key is placed properly at the SFTP server, then your WinSCP login must work!

-

Srikanth Srinivasan

Former Member
0 Kudos

Hi Srikanth,

I actually followed your blog for implementing this scenario.

After i generated the private key i used winscp tool to connect to sftp server.

I gave the host name, default port, username and the privatekey. I didnt give the password since we are using key based authentication.

when i click login , first message i can see is server refused our private key.then it asks for pswd and i provided the pswd which i used for generation of private key through putty key generator and says access denied.

Can you please help me on this problem

Thanks,

Siva.

srikanth_srinivasan3
Active Participant
0 Kudos

I am unclear about your statement 'provided the pswd which i used for generation of private key'.

I've following the questions:

1) How did you manage to place your public key on SFTP server?

2) If done by yourself, how did you do it?

Caio added a valid point, which is the only last possible cause of this failure. However, not before finding out, if the SFTP server is accessible via your generated key over WinSCP.

-

Srikanth Srinivasan

Former Member
0 Kudos

Hi Srikanth,

I shared my public key to the SFTP admin and he uploaded it.

When i made my first connection to SFTP i even got the public key in my pending key view(SSH_hosts) nwa, which i moved to authorized key view .

From my second connection i am getting the mentioned error.

I have a question. When i checked SFTP they are using a DSA but i am using a RSA key, will this make a difference?

and about the password, when generating the private key through puuty generator i gave a passphrase, which i later used it as password in winscp.

Thanks,

Siva

srikanth_srinivasan3
Active Participant
0 Kudos

Do not get confused between a SSL certificate and SSH key pair certificate.

SSL is just used for crypting data that is transmitted to the SFTP server.

Indeed you might have found this certificate in NWA, as this is default behaviour of of SFTP Adapter when it connects to any SFTP server.

Now coming to key pair, .p12 key is already available in your key store which you've mentioned in the SFTP channel.

The work flow is: the private key is sent along with the message being transmitted to SFTP server with the user account information. The private key would then be matched with the public key found in the 'authorized_keys' file under '.ssh' directory present in the home directory of the SFTP server.

All these are possible ONLY when the server is SSH enabled.

The paraphrase of .P12 has nothing to do with your SFTP server when attempted to login via WinSCP or Putty.

-

Srikanth Srinivasan

Former Member
0 Kudos

Hi Srikanth,

i have a few questions here , can you please help me on this

i received the public key of the SFTP in my keystore when i made my first connection through channel which means that , is my channel was able to connect to SFTP server???

If it as authentication error , the entry of username or private key should be wrong.

below are details of my configuration channel

I gave the correct username and for the private key i gave , the view from which i actually exported the .p12 to my local pc.

For the know host store i gave authorized key view(where the public key of the SFTP is present) . ALL these views belongs to SAP PI keystorage.

i gave the default value for port and 22 port is working fine.

Can you please help me where could be the error

Thanks,

Siva

srikanth_srinivasan3
Active Participant
0 Kudos

What is the format of your private key in channel?

As you gave in private key label in channel.

Could you post here?

-

Srikanth Srinivasan

Former Member
0 Kudos

Hi Srikanth,

USERS\<viewname>\Test_Cert.

USERS\<viewname>\Test_Cert.

I tried both but it was no use.

Where Test_Cert is the name of the certificate present in SAP PI view.

Thanks,

Siva

srikanth_srinivasan3
Active Participant
0 Kudos

Buddy, the only possibility now is to check if the SFTP server supports SSH connectivity.

Please do.

-

Srikanth Srinivasan

Answers (1)

Answers (1)

0 Kudos

Hi Sivarama,

For my understanding, the SFTP is not supported, hence you're facing such errors.

Only FTPS is supported.

Regards,

Caio Cagnani