cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to get this SFTP Channel to run? - urgent!

Go to solution
Former Member

on ‎10-28-2013 4:55 PM

0 Kudos

Hi Gurus,

I have 0.0 experience with SFTP.

Since 1 month I struggle with this headache problem of SFTP Configuration.

My PI is PI 7.31  Java only SP 7 Patch4.

SFTP PGP ADDON 1.0 is installed.

Since long time customer uses putty to transfer files based on a 2048 bit RSA key pair . The public key is registrated in SFTP Server and the private key (cust_priv_key.key) is saved locally.  

My scenario is Proxy<--> SFTP.

According to the wiki: http://wiki.scn.sap.com/wiki/display/XI/Generating+SSH+Keys+for+SFTP+Adapters+-+Type+1 , I executed the following steps:

Step 1:

I import the cust_priv_key.key into PuTTY key Generaor with parameter SSH-2 RSA 1024 bit.

Then export OpenSSH key as private_key.pem as below:

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,C5EC3B6E2228F3EC

/KCu21h1slGi5M0IF1mZxrCIzK1QEcB8zmNlprUY6ey4r/U1tKv63BL4pzOpHAad
Ie7AzA8e5ZI3juvLrOzQK0Tf0guIoByiliGOWwAFKDUyhdZSr7nwhj3eGyHYyi7c
1Xes0UgVO+pe9Ek3wcIp207cFjOJJ3uWGTKLGQTHcX+3ntFmch1vfWUBEAztHd+0
2SFJAZ/MGw0ucttgZwDbHjcqZcULgCGda+ylM+Qvr/wf4slIThFCzT9LgiLYTam0
OycX+em2rEqlB7xKMGYPspw5ITmA7ukgtaT8l12zqvim01fSDZYZdfw018nDRRJm
LgLTXTcdNJHPZt9IwOPDwFhO5cd8IQrMebnnXNSNDQTzYE0poqIr14Qe5m191Pi/
4846al4jJgUEE4Q0t5i9Lzaah3EL5ElYnxFNIR5HXm51ff88AtkJcaOG/8tz7nYB
xflONMIK7VuGBmvfBcjUp+KZCdlvcZAwjz40tCcTW4FY0Ss+8nyZdQAx+supRi4X
jW1njWyRwmR/AlKhTJBLP2FWdT9ofw7o7lX9nPuhmxFDIpQEaCoddMHmTlmqmA/U
gw4OAZYpvRHpl/drE97eNMfZ4/9tOmQ84ujjjo5xDmwtBA06NhKMY9KiOoQ+3wS0
0FSvSIktlMLSj/Py1DLvhK6zLd+Vq/9R8CGAnsotCJFi//DG/OGus+KjC7kYAFwg
YG97Yi3wBw++t9q+5V1y2KFCqL6mMUj3LxaGe7HSXuSfIkAPzSJBfs9BEDYQGv9B
QBD9E+UDVPRwkPWFWY3NJADWA2mNTnsLtDiXXIFD9vERrzWlL1s4jXLy1+WKPQA7
JGCoj5aY6FuaDyPTDC1LUaXyvDuCLQlU22ZePUnOUfjj55jCy5W3G1J9XZ+if7Eq
YP7v/5aRGgPu+yTD2NfmkXRpWBS67IQgLNbcf1LMdBJPZAw1M9XZDtCDuABawIad
cCCJZHqw8X1sasnKUzwPoRYhv0WJgnPXkZIeNM8mUKSuqjnq5awlwhzbKlPWTD+U
JR67cT4ToTxzM5nqLHKan7PSOelGBhk1Zeh8RCzrECtl6uzmnENIgGUp8PeFygxT
mhYGWT8yy86/FKyA8szfanVTUNoIVz76XlGxL35+oofH8bXBhSdSw2iRPio1+llW
gOCdQG/xdTbit00tfmTT4N5ETHm4UAZ7mPyl5Y/IhfMRTR31rz3cw4H96JbWpuvp
Bsnt8xuX/PwdFB4HXg5Wo7uQFPgplWoTSzov11+ztNXzuI4yOcl+j356salgDJlh
uIMDwXiixuENnzcs+wy2/Qj75WId81ZVmIqugkWCZJN7fRbtxlgDicxjuGWyYPnk
fsGOppGpyjfOCx2AFACNrM4ZtrG0AJd51yvZyUgB06AIXHSkpDrvuDxo0l07D1U5
J0XZs/wqbMiJCT8csi0/flLCLrnqkhAOXLrnKqfoZzZUaKEs6JQDGQDkUWyaYsEe
V7ZoP3ahVjzRDHVrM3FI/hrhOBfWbgM/C9UK7XoFL7O6u78HRiU9G8vZPHMcRHAo
YkmUamBURyxiMYCLNqlkzpO1yksnfCU1KsxjgAo6ydFRlQy/Qo1APg==
-----END RSA PRIVATE KEY-----

Step 2:

with Cygwin with OpenSSL unitlites I convert this private_key.pem into x509_certificate.pem

-----BEGIN CERTIFICATE-----

MIIDWzCCAkOgAwIBAgIJAMKmweprD4wJMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV

BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX

aWRnaXRzIFB0eSBMdGQwHhcNMTMxMDI4MTYzMTMzWhcNMjMxMDI2MTYzMTMzWjBF

MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50

ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIB

CAKCAQEAvZdaSuKy75WRL6HL1rwChCsH0bMfmNGn3b7kakuu/HFlBJ5k2c5HkhuA

mEFObo9Lb4dMVYVlJa1y8+8cwS4TtGKXeBypVAhyyrVuR30RR/1uK64OH4ppBWaH

db8AATH33Ld+RRpkP47ufVutNj9HYU01Ivp41XBmUYuZGuPH63sBz0vT0UuezS5d

QIh07fRwDFkuMu57kPhm/vupSry7WVBisp9mKCC2JbbW+uysDHwoD179J63q1lkY

iOkEMkZE2yXn9DWjXE6B3JYf6UKqMQcQmH6Z8emz3jR6EFitwRSJp8mC7UeFRh1i

VBOJ4BG38D8lADzI1HKClHhf8bdLgQIBJaNQME4wHQYDVR0OBBYEFCBVXPeI6rOh

7TmtUgkAIiUDFnrqMB8GA1UdIwQYMBaAFCBVXPeI6rOh7TmtUgkAIiUDFnrqMAwG

A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADaaJwLsjMpeIdIStiZivXY8

AClkb0J89xzwzx63+cL0pARdn2a8y6ipA0ih4UsUUPMmyO4cEP89CrQO4M3FKtmu

vOFcj9kJ7d76pY7xbCXPafA1kEYg7WE2G1tw68aFYMwyF4hNa1uqbrkFzaGpZ2dv

TlgFr49MUd30+2RLHgY/Ne1rc/v3ymES2OqQAlzjJB8toyeM/EB3yQGTx6A1etq5

VhmccJpG9e0ZU7Xj19XXe/d+fBlLt67mprnjuT0rGM+BrmK8xCKMpIk4Xzto8AIy

dsP0FbLMmDp3A0fhRV3e3jBwpLZNDY2JBjAwCiuBR+lGbEWXW9BlQiwV42HvcwA=

-----END CERTIFICATE-----

Step 3: create the PKCS type 12 keystore with password.

Step 4: In NWA Key Store I created a new view and import this PKCS type 12 key.

Step: 5: In IB I created a SFTP Receiver Channel with following parameter:

     Server: sftpserver.customer.com

     Port: 22  (I have asked Basis to open Port 22).

     Server fingerprint: 3e:1e:73:bb:82:67:a6:f0:99:fc:21:95:98:1b:53:11

     Proxy: No Proxy

     Authentication method: Private Key

     Username: xyz

     Private Key View: SFTP_customer

     Private key Entry: sftp_keystore

But I always get the following error in the Message-Monitor:

MP: exception caught with cause javax.resource.ResourceException: com.jcraft.jsch.JSchException: java.net.ConnectException: Connection refused: connect.

What for a problem?

Highly appreciated if anyone give me some hints!

Regards

Rene

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎11-25-2013 4:18 PM
0 Kudos

i got it run!

I generated the key and certificates according to the Wiki article:

How To Configure SFTP Adapter in SAP PI

and registrate the new public-key in sftp-server again.

Then it works.

The trick is to create private-key and certificate in the key-store in same time. After that exporting certificate and converting it to public-key in cygwin. So, the connection betwenn public and private-keys would be set up.

Show replies
Show replies
Former Member
‎07-03-2014 5:00 AM
0 Kudos

Hi Rene

I have similar SFTP issue with Private Key auth. like we have added 2 new servers to our landscape and the message works for old servers and for new servers its failing. Do you have any idea to resolve this

ng82si
Participant
‎07-07-2014 12:41 PM
0 Kudos

Hi Uma,

nothing special what I did, just release the ports for SFTP on the firewall.

Regards

Rene

Answers (4)

Answers (4)

Former Member
‎12-03-2015 7:23 AM
0 Kudos

Hi All,

Can you pls let me know any SFTP test servers with host details & credentials available online to post data from PI server?

-Nithin.

Show replies
Show replies
Former Member
‎12-03-2015 7:27 AM
0 Kudos

Any SFTP server having access to a folder with read-write permissions.

Former Member
‎06-17-2015 2:40 PM
0 Kudos

Hi Rene,

Would like to ask when you say SFTP server here, are you pertaining to your PI server or the server of your 3rd party partner in which you connect to?

Thanks

Regards,

Meinard

Show replies
Show replies
Former Member
‎10-29-2013 5:26 AM
0 Kudos

Hi

I think your PI serever is not able to connect to the server " sftpserver.customer.com".

Can you try to make a simple FTP connection to that server to see whether there are any firewall issues or not.

Show replies
Show replies
Former Member
‎11-02-2013 10:27 PM
0 Kudos

Hi Indrajit,

your prognosis is correct.

After confirmation with Basis team again, the port 22 is open and now I get new error:

Auth failed.

Could you tell me what mistakes I did during conversion?

Thanks a lot!

Regards

Rene

Former Member
‎11-04-2013 5:51 AM
0 Kudos

Hi Rene

Looks like the problem is with the user id and password you are using to connect to the server.

Whether the credentails are not correct or the user is not having sufficient authorization to looged in to the server.

Kinldy work together with basis team.

Former Member
‎10-28-2013 6:35 PM
0 Kudos

Hi

SFTP for SAP NetWeaver (7.3 compatible)


SFTP, or secure FTP, is a concept that uses SSH to transfer files. Unlike standard FTP, it encrypts both commands and data, preventing passwords and sensitive information from being transmitted in the clear over the network. It is functionally similar to FTP, uses a different, newly designed protocol.

The AEDAPTIVe SFTP Adapter client for SAP NetWeaver© was originately designed and written for a few industry leaders in the Retail and High Tech industry, to enable SAP Exchange Infrastructure to exchange files securely with other internal applications, as regular FTP did not meet the companie's security policies. The adapter is able to push files to other SFTP applications or pull files using a listener mechanism. For authentication, the adapter supports three methods, which should cover basically any common security measure.

Integrated with SAP Process Integration / NetWeaver

Like any other AEDAPTIVe solution, the SFTP Adapter is built on the SAP NetWeaver Adapter Framework. This ensures customers native integration with NetWeaver and existing monitoring tools such as SAP Solution Manager and the underlying CCMS.The adapter can be used in transparent conjuction with other adapters already available in SAP NetWeaver.

Features

FeatureSupportRemarks
SFTP Features
SFTP versionDraft version 3Although widely used the SFTP protocol is currently still an Internet draft. AEDAPTIVe SFTP supports draft version 3, which is the most commonly implemented version.Refer to:http://tools.ietf.org/pdf/draft-ietf-secsh-filexfer-03.pdf
Supported data streamsSSH2 onlySFTP can be used over several data streams, notably SSH1 and SSH2. AEDAPTIVe SFTP only supports SSH2 which offers several security benefits over SSH1.
Authentication MethodsPassword, Public Key, Host BasedSupports Public Key authentication and Host Based authentication. The following SFTP servers have been tested with these authentication methods: OpenSSH and SSH Communications.
ProxyHTTP, SOCKS4, and SOCKS5 proxy authenticationSFTP Sender and Receiver can access SFTP servers via a proxy server; authentication on the proxy server with user name and password is also supported.
ArchivingSupportedPossibility to archive messages on the SFTP server or locally on the PI server.
Setting file permissions on new filesSupportedThe SFTP Receiver adapter can set the UNIX filepermissions after writing the file to the SFTP server
SAP NetWeaver Process Integration Features
Supported SAP NetWeaver PI versionsSAP NetWeaver 2004 (XI 3.0), SP 12 or higherSAP NetWeaver 2004s (PI 7.0), SP 8 or higher. SAP NetWeaver 7.3.
Use of adapter specific message attributesSupportedSFTP Sender Adapter supports: File Name, Directory, File Type, Source File Size, Source File Timestamp, Source SFTP Host. SFTP Receiver Adapter supports: File Name, Directory.
Control via Run Time WorkbenchSupportedThe SFTP Sender and Receiver Adapter can be manipulated via SAP NetWeaver RTW just as any standard SAP Adapter.
Type of data streamBinarySFTP draft version 3 is a binary only protocol. Inbound and outbound data can still be manipulated as text in SAP NetWeaver PI.
SchedulerSupported for SFTP Sender AdapterIn the SFTP Sender Adapter a scheduler is available that allows the configuration of the polling interval and polling times. With this polling mechanism it is possible to restrict polling to specific week days and/or times.
Variable substitutionSupportedThe SFTP Receiver Adapter support variable substitutionoptions similar to those of the standard File Adapter.

How to use the SFTP Adapter

Link - http://www.aedaptive.com/index.php/solutions/sftp-for-sap-netweaver/how-to-use-the-sftp-adapter

Note 1692819 - FAQ: PI SFTP Adapter

Thanks

Shrikant

Show replies
Show replies
Former Member
‎10-28-2013 10:58 PM
0 Kudos

Hello Shrikant,

you mean, the SFTP PGP ADDON is not correct?

I should change it to aedaptive SFTP?

Regards

Rene

Ask a Question