Today’s enterprise concerns about every aspect of our internal LAN networks just as much as we had to worry about our WAN connections. Through the growth of the Internet and the technologies that have been developed around them, data is more vulnerable today than at any point in the past. Data transfer is so integral to the proper flow of business processes and corporate communication that it must be a high priority for any company.
Regardless of the industry, every company has an obligation to keep private information secure. Whether it is customer data or employee details, a company is required to take security measures to keep personal information safe. Laws and legislations have been passed, and more are proposed that require certain types of traffic (legal, financial, and health) to be securely encrypted whenever they cross unsecure networks.
This document briefly explains the steps to establish the connection between SAP and SFTP server, describes the creation of external OS commands using SM69 and execution of external OS commands using FM SXPG_COMMAND_EXECUTE programmatically.
Secure File Transfer Protocols:
SSH or Secure Shell is a cryptographic network protocol that allows data to be exchanged using a secure channel between two networked devices. It provides strong authentication and secure communications over insecure channels. It can transfer files using the secure file transfer protocol (SFTP) or secure copy protocol (SCP).
It uses public-key cryptography to authenticate the remote computer and allow it to authenticate the user. It was designed as a replacement for Telnet and other unsecure remote shells, which send information, notably passwords, in plaintext, rendering them susceptible to packet analysis (internal and external threats).
SSH tunnelling allows you to create an encrypted connection between Source system (SAP) and the target system (SFTP Server) at the remote site. Over this single connection, you can run the external OS commands using the FM SXPG_COMMAND_EXECUTE to transfer the files securely.
SFTP and SCP:
There are multiple mechanisms for transferring files using the SSH (Secure Shell) protocol. In this document, we are focusing on Secure File Transfer Protocol (SFTP) and Secure Copy Protocol (SCP) .
Secure File Transfer Protocol (SFTP) is a subsystem of the Secure Shell protocol. SFTP has several advantages over the non-secure FTP. First, SFTP encrypts both the username/password and the data being transferred. Second, it uses the same port as the Secure Shell server, eliminating the need to open another port on the firewall or router. Using SFTP also avoids the network address translation (NAT) issues that can often be a problem with regular FTP.
While SFTP is very similar in operation and commands to FTP, developers may find SCP much easier to use in automation scenarios. Both SFTP and FTP are session based, whereas, SCP is a single copy command.
About Key Pair:
SSH uses public-key cryptography to authenticate the remote computer and allow it to authenticate the user. An SSH identity uses a pair of keys, one private and one public .The Public and Private key pair comprise of two uniquely related cryptographic keys.
The Public Key is what its name suggests – Public. It is made available to everyone via a publicly accessible repository or directory. On the other hand, the Private Key must remain confidential to its respective owner.
During authentication, the SSH client and server have a little conversation about your private and public key. If they match (according to a cryptographic test), your identity is proven, and authentication succeeds.
To generate the private/public keys, you need to install the SSH client tool in the source system.
- PuTTY is the most popular secure SSH clients. Its very small is size and easy use.
- Cygwin is popular for Windows Servers which provide a Linux look and feel.
- OpenSSH client tool is popular tool for UNIX. It is the implementation of the SSH protocol. OpenSSH is recommended for remote login, making backups, remote file transfer via scp or sftp, and much more.
Creation of OS Commands using SM69 for Secure Data Transfer:
It copies files between hosts on a network. It uses SSH for data transfer, and uses the same authentication and provides the same security as SSH. SFTP command is session based, whereas, SCP is a single copy command. We may find SCP much easier to use in automation scenarios.
scp -2 -4 -c blowfish –C <Source Folder>\srcfile.dat scpuser@<ipaddress>:<target_folder>\targetfile.dat
Execution of OS Commands using FM:
Using the FM SXPG_COMMAND_EXECUTE, you can execute the external commands which are created in the SM69. You should have an authorization to execute the external commands using this FM.
COMMAND NAME: Specify the name of external command which is created in the SM69. For example: ZSCP_COMMAND
ADDITIONAL_PARAMETERS: Specify the parameters to execute the external commands.
For example: <Source Folder>\srcfile.dat sftpuser@<ipaddress>:<target_folder>\targetfile.dat
Summary for using the secure protocols:
Install SSH client tool (PUTTY for windows / OpenSSH for UNIX) on the source system.
Generate the public and private keys using the key generation program which is available in the SSH client tool.
Install the public key in the target server on the .ssh/authorized_keys file.
Store the private key on the source system in the passphrase-protected format. Protect your private key with a strong passphrase.
The standard TCP port 22 has been assigned for contacting SSH servers. Hence, it must be open for these secure protocols to work.
Create an external OS Command in SM69 for file transfer between the networked devices.
Using the FM SXPG_COMMAND_EXECUTE, execute the external OS command to transfer the files securely.