cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SFTP connection failure using Private key authentication

Go to solution
Former Member

on ‎05-18-2015 8:28 AM

0 Kudos

Hi Folks,

We are trying to connect the SFTP server of the vendor using the Private key authentication method from SAP PI 7.3 EHP0. We have created Private key and certificate in NWA key storage and has shared the public key with the vendor. They have deployed the same and have provided us the UserID.

When we connect to them using Putty client by loading the public key and then connect using Filezilla client, we are able to connect to the vendor and all their folder structures are getting displayed.

But when we are doing the same using SFTP communication channel, we are getting “auth cancel” error. Attached is the error log screenshot and the receiver SFTP channel screenshot:

Please suggest.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎05-19-2015 3:02 PM
0 Kudos

Hi Guys,

The issue is now resolved. We have removed the passphrase while generating the SSH key i.e we have generated a new SSH key without using passphrase.

Thanks for your suggestions.

Show replies
Show replies

Answers (4)

Answers (4)

former_member203764
Participant
‎05-19-2015 10:49 AM
0 Kudos

Hi Monika,

I had the similiar Problem before.

Please test Telnet the SFTP-Server.

In my case the Basis guy forgot to release the port 22 in the Firewall.

Hope it can help u.

Regards

Sara

Show replies
Show replies
Former Member
‎05-19-2015 5:41 AM
0 Kudos

Hi Monika,

Did you try connecting to the SFTP server from the OS level of your PI system using the keys and the username? If not, try to connect and check.


Also, you'll need the help of your network infrastructure team to filter the traffic that is going towards the SFTP server and check what command is exactly sent to the SFTP Server.

Regards

Charan

Show replies
Show replies
Former Member
‎05-19-2015 10:24 AM
0 Kudos

Hi Charan,

Yes we had tried connecting using OS level and it gets connected. But we are facing the problem using SFTP adapter.

former_member361338
Explorer
‎05-19-2015 2:35 AM
0 Kudos

Hi Monika,

Ask the SFTP vendor to check the logs when you try to connect using SAP PI. They might have to white-list few IPs.

Show replies
Show replies
Former Member
‎05-19-2015 10:22 AM
0 Kudos

Hi Despande,

Below are the logs provided to us by our SFTP vendor:

May 18 05:51:01 cfdevinfa sshd[2269]: debug1: userauth-request for user ****** service ssh-connection method publickey

May 18 05:51:01 cfdevinfa sshd[2268]: Failed publickey for ****** from 70.***.***.** port ***** ssh2

former_member184948
Active Participant
‎05-18-2015 8:59 AM
0 Kudos

If you are able to reach the SFTP server using Username and keys in putty , that means username is valid and third party has placed the keys at right place.

Ideally in this case it should not throw authentication error.Please check for typo in channel for username or keys.

Also avoid manually writing the key names in channel and use drop-down, upon which channel will fetch the keys from NWA.

Show replies
Show replies
Former Member
‎05-18-2015 10:47 AM
0 Kudos

Hi Dilip,

We are fetching the Private Key View and Private Key Entry name using the F4 help from NWA and not manually. Also the username entered is correct.

Please suggest..

former_member184948
Active Participant
‎05-19-2015 11:25 AM
0 Kudos

Hi Monica,

1) Since you are getting "auth cancel".It means problem is with authentication, means Mismatch of keys.Also since, you are able to test connection from backend PI server using key.Means key uploaded in NWA might be wrong

2)I have worked with many SFTP channels with key auth.There could not be problem with port or firewall , since it gives "connection refused errror" when that is the case.Also only once the  FW and ports are open the SFTP server will allow you have authenticate on their server.

3) There are two methods of creating keys.1)By creating them in some tool and use it in PI by uploading them in NWA keystorage 2) By creating the keys in NWA itself and sharing them with third party..Which one did you use? If first method was used, I am afraid you might have uploaded wrong key in NWA and would suggest to upload them again.

Generating SSH Keys for SFTP Adapters - Type 1 - Process Integration - SCN Wiki

http://wiki.scn.sap.com/wiki/display/XI/Generating+SSH+Keys+for+SFTP+Adapters+-+Type+2

These are the two methods using which keys can be created , there are other tools too using which we can give expiry date as well.

Ask a Question