cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SFTP adapter - key based authentication. Server Public key needed?

Go to solution
suwandi_cahyadi
Contributor

on ‎02-24-2016 6:15 AM

0 Kudos

Hi Experts,

Based on my understanding for SFTP key based authentication configuration is that we need to generate the private and public key in PI, then sends the public key to the SFTP vendor.

Generating SSH Keys for SFTP Adapters - Type 1 - Process Integration - SCN Wiki

Generating SSH Keys for SFTP Adapters - Type 2 - Process Integration - SCN Wiki

http://scn.sap.com/docs/DOC-31925

But, the SFTP vendor sent me their public key (in *.pub extension format). Do I need their public key to put/pick files from their SFTP server?

Regards,

Suwandi C.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

sahithi_moparthi
Contributor
‎02-24-2016 6:28 AM
0 Kudos

Hi,

<< Do I need their public key to put/pick files from their SFTP server?

        Yes,it is required their public key.You have to save their public key along with your public and private key in the KeyRootpath of PI.

Their Public key is required for encryption and decryption.Without their public key you cannot do decrypt the files.

Show replies
Show replies

Answers (5)

Answers (5)

umesh_badveli
Participant
‎03-02-2016 5:23 AM
0 Kudos

Hi Suwandi

One more way to get the Finger Print ,

Just give the wrong Finger Print in channel level

In RWB you will get the correct Finger Prin

Regards

Umesh

Show replies
Show replies
suwandi_cahyadi
Contributor
‎03-01-2016 11:42 AM
0 Kudos

Hi All,

Thank you for the helps.

I have sent the public key, and now I've received the server address and username.

How to get the server fingerprint? I've tried the export the private key from PI, convert it to *.ppk with PuttyGen and import the key to Filezilla (Edit > Settings > SFTP > add key). But I still get a "Connection timed out" error.

Regards,

Suwandi C.

Show replies
Show replies
vicky20691
Active Contributor
‎03-01-2016 11:51 AM
0 Kudos

Hi Suwandi,

Ideally you can ask the sftp team.

But, here is the way. Give a wrong fingerprint in channel and send a message in log it will show the  corrct  fingerprint or just give * in fingerprint .

for the timeout, try doing a telnet to the server address and the port (22).

Possible reasons, they might have still not configured your public key, you may have used wrong port or network problem from your local system (ntwrk allowed from PI server).

Regards,

Vikas

suwandi_cahyadi
Contributor
‎03-01-2016 12:02 PM
0 Kudos

Hi Vikas,

Thank you for the quick reply.

You're right, the problem might be in the firewall settings. I've tried to connect to the server via my own modem connection and I can connect successfully with Filezilla.

I will contact the basis team.

Regards,

Suwandi C.

engswee
Active Contributor
‎03-02-2016 1:56 AM
0 Kudos

Hi Suwandi

If you can connect via Filezilla, you can click the padlock icon at the bottom right corner and it will display the fingerprint details.

Regards

Eng Swee

former_member182412
Active Contributor
‎03-02-2016 2:29 AM
0 Kudos

Hi Suwandi,

Another way to get the finger print, logon to pi operating system and run the command

sftp user@sftphost then it will display the finger print.

Regards,

Praveen.

suwandi_cahyadi
Contributor
‎02-24-2016 7:05 AM
0 Kudos

Hi All,

Thank you for the quick replies.

So, the SFTP vendor's public key will be used only if the file's content needs to be encrypted with their public key? AFAIK, there will be no encrypting/decrypting the file content in the SFTP server. I will confirm this with the SFTP vendor? But

The content of their public key starts with "ssh-rsa"

Regards,

Suwandi C.

Show replies
Show replies
vicky20691
Active Contributor
‎02-24-2016 7:13 AM
0 Kudos

Hi suwanidi,

Then the key they have given is for sftp authentication and not for encryption/decryption.

It may be possible that they wanted to do authentication for sftp by giving public key to us and having private key with them.

In that case you may have to convert pub key to a x.509 certificate to put in your nwa keystore. But still you can talk to them on the approach where you will give public ssh key to them.

Regards,

Vikas

vicky20691
Active Contributor
‎02-24-2016 6:35 AM
0 Kudos

Hi Suwandi,

You understanding is correct. You share your public key for authentication between sftp server and SAP PI.

I guess the client has shared the .pub file for encryption of the file. Can you please open the pub key in a notepad and see what is the starting line.

Regards,

Vikas

Show replies
Show replies
engswee
Active Contributor
‎02-24-2016 6:30 AM
0 Kudos

Hi Suwandi

Your understanding is correct. The vendor just needs to add the key you provided and link it to the specific user that you will use to access the server.

Normally you just need the server's fingerprint, which can be retrieved when you first login via Filezilla. You might want to ask them back what type of key they provided and what is it for? Check with them if encryption/decryption of files are expected.

Regards

Eng Swee

Message was edited by: Eng Swee Yeoh

Show replies
Show replies
Ask a Question