on 02-24-2016 6:15 AM
Hi Experts,
Based on my understanding for SFTP key based authentication configuration is that we need to generate the private and public key in PI, then sends the public key to the SFTP vendor.
Generating SSH Keys for SFTP Adapters - Type 1 - Process Integration - SCN Wiki
Generating SSH Keys for SFTP Adapters - Type 2 - Process Integration - SCN Wiki
http://scn.sap.com/docs/DOC-31925
But, the SFTP vendor sent me their public key (in *.pub extension format). Do I need their public key to put/pick files from their SFTP server?
Regards,
Suwandi C.
Hi,
<< Do I need their public key to put/pick files from their SFTP server?
Yes,it is required their public key.You have to save their public key along with your public and private key in the KeyRootpath of PI.
Their Public key is required for encryption and decryption.Without their public key you cannot do decrypt the files.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi All,
Thank you for the helps.
I have sent the public key, and now I've received the server address and username.
How to get the server fingerprint? I've tried the export the private key from PI, convert it to *.ppk with PuttyGen and import the key to Filezilla (Edit > Settings > SFTP > add key). But I still get a "Connection timed out" error.
Regards,
Suwandi C.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Suwandi,
Ideally you can ask the sftp team.
But, here is the way. Give a wrong fingerprint in channel and send a message in log it will show the corrct fingerprint or just give * in fingerprint .
for the timeout, try doing a telnet to the server address and the port (22).
Possible reasons, they might have still not configured your public key, you may have used wrong port or network problem from your local system (ntwrk allowed from PI server).
Regards,
Vikas
Hi All,
Thank you for the quick replies.
So, the SFTP vendor's public key will be used only if the file's content needs to be encrypted with their public key? AFAIK, there will be no encrypting/decrypting the file content in the SFTP server. I will confirm this with the SFTP vendor? But
The content of their public key starts with "ssh-rsa"
Regards,
Suwandi C.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi suwanidi,
Then the key they have given is for sftp authentication and not for encryption/decryption.
It may be possible that they wanted to do authentication for sftp by giving public key to us and having private key with them.
In that case you may have to convert pub key to a x.509 certificate to put in your nwa keystore. But still you can talk to them on the approach where you will give public ssh key to them.
Regards,
Vikas
Hi Suwandi,
You understanding is correct. You share your public key for authentication between sftp server and SAP PI.
I guess the client has shared the .pub file for encryption of the file. Can you please open the pub key in a notepad and see what is the starting line.
Regards,
Vikas
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Suwandi
Your understanding is correct. The vendor just needs to add the key you provided and link it to the specific user that you will use to access the server.
Normally you just need the server's fingerprint, which can be retrieved when you first login via Filezilla. You might want to ask them back what type of key they provided and what is it for? Check with them if encryption/decryption of files are expected.
Regards
Eng Swee
Message was edited by: Eng Swee Yeoh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
94 | |
11 | |
11 | |
10 | |
9 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.