For numerous customers I have had to implement a solution, which could integrate via SFTP as way to exchange documents. Unfortunately none of the SFTP solutions have been the one based on SSL (Secure Socket Layer) which the PI supports. All the integrations have been for the SSH (Secure SHell), which is not supported by default.
One option is to buy the Seeburger SFTP adapter, which is rather expensive. I have therefore not seen a situation where there was a business case, for this solution. Therefore I have always tried to find other communication methods, to something both parties understand.
I have now found a way to use scripting and the build openssh sftp service, to create a connection and download the files. The script can be scheduled with the communication channel.
The parameters of the script is the following.
- The name of the script.
- Then the target Filename.
- Then the host and user.
- A filter for which files to download.
- And a list of ssh properties. In the manual there is a long list of possible properties. The most important is which key file to use, to it is possible to login without password.
The script first creates a batch file, which can execute the sftp transaction. Then sftp is called with the batchfile and fetches all the files. The downloaded files are then concatenated into the target file. If there are no files the target file will be empty.
To be able to execute this script, the key file should be place in a directory, where pi server has access and without a protecting password. And this is the problem with this solution. The SSH key is not secured in any other way than by the file system; therefore Unix administrators can get the file and use it for logon. The SSH account, for which the key exists, must therefore not contain sensitive information.
In the communication channel it looks like the following.
There should be pointed to a named file, in the file selection. This file should always exists otherwise the script is not executed. Processing Mode is set to Test, so the file is not deleted. If you want archiving of the files consider to build them into the sftp script. The empty-file handling is set to Do Not Create Message and then the command line is placed in the before message processing area.
This script does not support Windows, but suspect that it will be easy to write bat file which can do the same.
One large problem with this script is that it does not report errors to the user. I have tried with the command exit 1, but the file adapter just says the command was executed successfully. I don’t know if there is a solution to this problem.