Skip to Content
Personal Insights
Author's profile photo Dilip Kumar Krishnadev Pandey

SAP PI SFTP Adapter Authentication

Overview

  • In SAP PI, we can access SFTP server of client using SFTP Adapter.
  • SAP-PI can use SFTP Adapter in below two manners:
    1. SFTP Sender Adapter:     To pull files from SFTP server’s folder
    2. SFTP Receiver Adapter:  To push files to SFTP server’s folder
  • In this blog we conclude below aspects:
    • Authentication technique for SFTP Server
    • SFTP Sender Communication Channel Configuration
    • SFTP Receiver Communication Channel Configuration

Authentication technique for SFTP Server:

To access SFTP server from SAP-PI using SFTP adapter, below details are required:

  • SFTP Server IP
  • SFTP Server Port             (default port is 22)
  • SFTP Server Fingerprint
    • If SFTP Server Fingerprint details are not available then we can ignore it by providing input as * (star) in SFTP Communication channel
    • SFTP Server Fingerprint can be generated using any standard tool like ‘FileZilla’, where we need to provide SFTP server details (IP/Port/User-id/Password) and while connecting, tool will show SFTP’s fingerprint
    • SFTP Fingerprint looks like as below:

 

Authentication methods supported by SFTP server can be of either following types:

  1. Key Based Authentication
    • In ‘Key Based Authentication‘, SAP-PI’s ‘Public SSH Key‘ need to be imported in SFTP server.
    • While connecting SFTP- Server, SAP-PI uses following details for authentication in its SFTP-Adapter
      • SFTP Sever’s IP / Port
      • Authentication method ‘Private Key’
      • SFTP Server’s user name
      • SAP -PI’s ‘Private KEY Store View‘ details
    • For reference, following screen of SAP-PI’s SFTP-Adapter is been given
  2. Password based authentication
    • Here SFTP server is accessible via its user-id/password
    • For reference, following screen of SAP-PI’s SFTP-Adapter is been given
  3. Password based authentication with case of ‘keyboard-interactive authentication‘ [This info is been added on 13-Sept2018 into this blog…….]
    • Here SFTP server is accessible via its user-id/password but it requires keyboard interactions
    • “Keyboard Interactive authentication”:
      • Sometimes, sFTP server has enabled one property called  “Keyboard Interactive authentication”.
      • The standard keyboard-interactive authentication uses the ‘password’ as interactive question.
      • Here, rather than the SFTP server ask for “Password”, it asks for “Enter Password” i.e. once SFTP server IP details provided to connect, SFTP server asks to enter password in ‘Password’ pop-up using keyboards.
    • Such sFTP servers can easily be accessed using any standard tool like ‘FileZilla’ or ‘WinScp’, here we always provide input from keyboard
    • But SAP-PI’s SFTP adapter throws following type of error for such sFTP-server connections where ‘keyboard-interactive authentication’ is required
      • Exception received: java.lang.UnsupportedOperationException: received authentication request from server which could not be processed: destination=<sftp-UserId>@<sftp-IP>:<sftp-Port>; name=Password authentication; instruction=prompt=<sftp-UserId>’s password
    • Reason:
      • The current version of SAP-PI’s SFTP adapter does not support Keyboard-interactive authentication .
    • Solution:
      • Install “SFTP SP02 Patch 6” in SAP-PI server
      • here, there is no need to re-import metadata of SFTP-Adapter in ‘ESB/R’ (Enterprise Service Repository)

SSH Key maintenance in SAP-PI for SFTP’s Key Based Authentication” :

Summarized steps to maintain SSH key in SAP-PI, are as follows:

  1. In SAP-PI: Create ‘KeyStore View’ and ‘Keystore Entry’ and export it with ‘PKCS#12 Key Pair’ file format having extension ‘.p12’ (e.g. PItoSFTP_Key.p12 )
  2. In any ‘Windows’ system, create ‘Private SSH key’ from exported SAP-PI’s ‘.p12’ file
    • 2.1 Using tool ‘OpenSSL’, create ‘.pem’ key from ‘.p12’ file
    • 2.2 Create ‘SSH Private Key’ (e.g. PItoSFTP_Key.key ) from ‘.pem’ key
  3. In SAP-PI: Upload ‘Private SSH key’ file (PItoSFTP_Key.key file) ‘ into directory path ‘ /home/<sid>/’
  4. In SAP-PI: Generate ‘Public SSH key’ (e.g. PItoSFTP_Key.pub) using ‘ssh-keygen’ from upload key itself

Now, let’s see detailed steps….

[Step-1] In SAP-PI: Create ‘KeyStore View’ and ‘Keystore Entry’ and export it with ‘PKCS#12 Key Pair’ file format having extension ‘.p12’

  • Go to SAP-PI’s netweaver (nwa) page using below url
    • http://<host>:<port>/nwa
  • Create a new Keystore view, for same,
    • Go to nwa url page => ‘Configuration Management’ => ‘Security’ => ‘Certificates and Keys’ => ‘Key Storage’ => ‘Content’ => ‘Keystore Views’
    • To create a new keystore view, click on button ‘Add view’
    • Enter ‘View name’, ‘Description’ and click button ‘Create’
  • Create a  Keystore Entry in same ‘KeystoreVview’ which just has created above
    • Provide details as Entry Name, Algorithm as RSA and Key length 1024 or 2048, validity time
    • Entry Type ‘Private Key’
    • Follow the rest step to complete creation of Keystore Entry
  • Export ‘Keystore View’ and ‘Keystore Entry’ (with ‘PKCS#12 Key Pair’ file format having extension ‘.p12’)
    • Select row of  ‘Keystore view’ and its respective ‘Keystore Entry’
    • Click on button ‘Export Entry’ -> export format ‘PKCS#12 Key Pair’ -> enter a password here and note it down
    • Click on link ‘Download’ to extract .p12 file for example file name is ‘PItoSFTP_Key.p12‘.

[Step-2] In any ‘Windows’ system, create ‘Private SSH key’ from exported SAP-PI’s ‘.p12’ file

  • Now using tool ‘OpenSSL’ (in any windows local desktop) perform below activities:
    1. Extract ‘OpenSSL’ in to a directory  for e.g. ‘C:/OpenSSL/’
    2. Copy ‘PItoSFTP_Key.p12‘ into ‘C:/OpenSSL/bin/’
    3. Create ‘.pem’ key file from .p12 file using below command  in cmd prompt
      • cd \OpenSSL\bin
      • openssl pkcs12 -in PItoSFTP_Key.p12 -out PItoSFTP_Key.pem
      • Enter Import Password: pass1234
      • Enter PEM pass phrase: pass1234
    4. Create ‘Private SSH Key‘ from ‘.pem’ file
      • openssl rsa -in PItoSFTP_Key.pem -out PItoSFTP_Key.key
      • Enter pass phrase for PItoSFTP_Key.pem: pass1234

[Step-3] In SAP-PI: Upload ‘Private SSH key‘ file

  • Now upload ‘Private SSH key‘ file ‘PItoSFTP_Key.key‘ in to directory path ‘ /home/<sid>/’ of SAP-PI server

[Step-4] In SAP-PI: Generate ‘Public SSH key‘ 

  • Generate ‘Public SSH Key‘:
    • Using SSH Key Generator in PI-server, we can generate SSH public key from private key file, with below commands:
      • su <sappi-adm-id>
      • chmod 600 PItoSFTP_Key.key
      • ssh-keygen -y -f PItoSFTP_Key.key > PItoSFTP_Key.pub
    • Thus SAP-PI’s ‘Public SSH Key‘ file ‘PItoSFTP_Key.pub’ has been generated
  • Note: 
    • Share this SAP-PI’s ‘Public SSH Key‘ (PItoSFTP_Key.pub) to external sFTP-Server-Team,
    • which they need to import in their sFTP server,
    • so that, while connecting from SAP-PI using SFTP-Adapter, access can be granted i.e. ‘Key Based Authentication’

 

SFTP Adapter configuration for ‘Key Based Authentication‘:

Example: Receiver communication channel configuration
  • Business requirement case: To push/write files into external SFTP-Server’s specific folder
    • As shown in following screen, in SFTP Receiver Communication channel, provide sFTP-server details (like server-IP/Port/Username/FilePath) and for authentication provide ‘Key View’ details as created above
  • Fingerprint:
    • if specific sFTP-Server’s ‘Fingerprint’ string is been given from ‘sFTP-Server-Team‘ then provide same
    • else it can also be ignored ‘Finger’ by giving input as ‘*‘ (star)
  • In SFTP server folder, files will be dropped with same original name by enabling ‘Adapter Specific Message-Attributes‘ and using %FileName% in ‘FileName’ input field
  • Note:
    • Same authentication inputs will be required in case of ‘Sender Communication Channel Configuration’ too (where “business requirement case” is ‘to pull/read files from external SFTP-Server’s specific folder‘)

 

SFTP Adapter configuration for ‘Password based authentication‘:

Example: Sender communication channel configuration
  • Business requirement case: To pull/read files from external SFTP-Server’s specific folder
  • In Sender Channel, provide input for SFTP server’s IP/Port/Fingerprint/Authentication details as shown in below screen:
  • Fingerprint:
    • if specific sFTP-Server’s ‘Fingerprint’ string is been given from ‘sFTP-Server-Team‘ then provide same
    • else it can also be ignored ‘Finger’ by giving input as ‘*‘ (star)
  • Directory references starts from root directory of SFTP server
  • And we are reading all files of that direcrtoy using Filename input .*
  • To archive read files, we can use below parameters:
  • Given ‘Archive name’ will move same read file to mentioned Archive path with prefix ‘ARC_’ in original filename

Assigned Tags

      39 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Raja Sekhar
      Raja Sekhar

      very good posting with screen shots...

      Author's profile photo Jürg Aebersold
      Jürg Aebersold

      Hi Dilip Kumar,

      you mentioned after point 4 to "Now upload Private SSH key file ‘PItoSFTP_Key.key’ in to SAP-PI server".

      Why should we upload the private key into SAP-PI-Server? It's already done by creating the keystore view in PI NWA (following your script).

      If we have to upload anyway, where should it be uploaded?

      For generating the public key, could we use puttygen instead of using the commands in the script (which I don't know where to use)?

      Thank you very much for help!

      Regards

      Jürg

       

       

      Author's profile photo Dilip Kumar Krishnadev Pandey
      Dilip Kumar Krishnadev Pandey
      Blog Post Author

      Hi Jurg Aebersold,

      For more clarity, I have updated the blog with summarized steps, which may help you, please have a look once.

       

      Thanks & Regards

      Dilip

      Author's profile photo Victor Orozco
      Victor Orozco

      I don't think this question has been addressed yet.  I think the confusion is that you are using the words "SAP-PI server" for both the viewstore server and the location where you upload the key.  Are these the same?  if you have already created the key in the viewstore, why would you import it back again?

      [Step-3] In SAP-PI: Upload ‘Private SSH key‘ file

      • Now upload ‘Private SSH key‘ file ‘PItoSFTP_Key.key‘ in to SAP-PI server
      Author's profile photo Dilip Kumar Krishnadev Pandey
      Dilip Kumar Krishnadev Pandey
      Blog Post Author

      Hi Victor,

      Let me again summarize for you:

      1. In PI: Create a ‘KeyStore View’ and ‘Keystore Entry’ and export it in PKCS#12 '.p12' format
      2. In any Windows system:
        • Using OPENSSL tool -> convert '.p12' file in to '.PEM' file
        • then convert '.PEM' file in to '.key' file (i.e. private SSH Key)
      3. In PI: upload '.key' file in to directory /home/sid/
      4. In PI: Using SSH-key-Generator, create public SSH key ('.pub' file) from '.key' file
      5. Share this '.pub' file to SFTP-Server team

      I hope its clear now...

      Thanks & regards,

      Dilip

       

      Author's profile photo Manoj K
      Manoj K

      There is no need to maintain Private key /home/sid/, the key should be present in the NWA Keystore view that should be sufficient.

      Author's profile photo Dilip Kumar Krishnadev Pandey
      Dilip Kumar Krishnadev Pandey
      Blog Post Author

      Dear Manoj,

      As in blog (i.e. in our case), we had managed creation of SSH keys from different system (windows OS system) using tool ‘OpenSSL’, then we had imported into SAP-PI/PO (AEX) server.

      Yes, its true, if we can manage creation of SSH keys in SAP-PI/PO itself, then there is no need for such import from external source into /home/sid/ of SAP-PI/PO.

      Thanks & Regards,

      Dilip Pandey

      Author's profile photo Manoj K
      Manoj K

      Dilip ,

      Keys can be generated in PI/PO or any external tool, but the query is where do we need to maintain those keys in PI/PO for connection? As you have mentioned (step-3) it should be maintained in PO level folder which is really not required, as SFTP check Keystore view for the keys during connection and not at any OS-level folder. ( Irrespective of how the keys have generated the keys just needs to be present in Keystore view and not any folders)

      Thanks,

      Manoj

      Author's profile photo Dilip Kumar Krishnadev Pandey
      Dilip Kumar Krishnadev Pandey
      Blog Post Author

      Dear Manoj,

      If you see the steps followed by us, it is like:
      [1] In SAP-PI: Create ‘KeyStore View’ and ‘Keystore Entry’ and export it with ‘PKCS#12 Key Pair’ file format having extension ‘.p12’ (e.g. PItoSFTP_Key.p12 )
      [2] In any ‘Windows’ system, create ‘Private SSH key’ from exported SAP-PI’s ‘.p12’ file
      [2.1] Using tool ‘OpenSSL’, create ‘.pem’ key from ‘.p12’ file
      [2.2] Create ‘SSH Private Key’ (e.g. PItoSFTP_Key.key ) from ‘.pem’ key
      [3] In SAP-PI: Upload ‘Private SSH key’ file (PItoSFTP_Key.key file) ‘ into directory path ‘ /home/<sid>/’ 
      [4] In SAP-PI: Generate ‘Public SSH key’ (e.g. PItoSFTP_Key.pub) using ‘ssh-keygen’ from upload key itself

      And, w.r.t. your query, for connection (with SFTP), in NWA, in ‘Certificates and Keys: Key Storage‘, we have private key entry (1st step only). This is a working scenario in our premises, so I do not have any reason to doubt.

      Please highlight if any query/part need to be enlighten that may help everyone who refer this blog.

      The reason behind, download and upload of the keys was like, we wanted public SSH key from the created Key (in NWA of step 1), and we found that, it can be done using OpenSSL and SSH-KeyGen command lines. OpenSSL requries .p12 format key, so we exported same from NWA and created private key with PItoSFTP_Key.key format which was required by SSH-KeyGen of SAP-PI/PO to generate .pub key (Public SSH Key). Hope this para clarifies the things.

       

      Thanks & Regards,

      Dilip

      Author's profile photo Philippe Addor
      Philippe Addor

      Hi, the confusion is clarified now I think.  See comments below.

      Author's profile photo Nitin Rao
      Nitin Rao

      Hi Dilip,

      First and Foremost - Excellent Blog! Nice way to illustrate with pictures.

       

      One question - Does the new SFTP adapter (SP05 Version) has listener services. Like any other middlewares out there which can get activated only when the third party pushes the data to it ?

      Author's profile photo Dilip Kumar Krishnadev Pandey
      Dilip Kumar Krishnadev Pandey
      Blog Post Author

      Hi Nitin,

      Thanks for the nice comments about blog!

      @Listener Services in SFTP Adapater: Please find below comments if it helps to throw some light in same regard:

      • To place files in a SFTP-Folder, the Receiver SFTP-Adapter channel gets activated when Sender side pushes data on it.
      • And to read files from a SFTP-folder, the Sender SFTP-Adapter channels works on fix Poll-Intervals to watch any SFTP-folder.

       

      Thanks & Regards,

      Dilip

      Author's profile photo Fressnapf GmbH
      Fressnapf GmbH

      Hi Dilip, thanks for your Blog,

       

      I've set up the interface like you have described, but my SFTp adapter (sender CCV) gives the error message "Nullpointerexception" when I try to read the target file with content conversion mode. When I change the adapter and do a SFTP file download and open it in lokal FTP server with same CCV settings than I can process it.

      I've made also some analysis with xpi_inspector and get the warnings like "The string "..." could not localized" or "Could not locate resource bundle entry" and "for resource bundle 'com.sap.aii.af.service.administration.impl.i18n.rb_AAM' and locale de"

      and at the the result is the mentioned error message.

      Do you know what the problem is?

       

      Regards,

      Ahmet

       

      Author's profile photo Dilip Kumar Krishnadev Pandey
      Dilip Kumar Krishnadev Pandey
      Blog Post Author

      Dear Fressnapf GmbH,

      Sorry for late reply..please find below input, hope it may help you if issue at your side still persists.

      First you try to identify whether this error is related connectivity issue or due to CCV settings, make use of SFTP sender to just pick up files, once its ok, then go for CCV settings. Try to use XPI_Inspector every time to get detail errors.

      Please let me know, if this issue is already resolved by you.

       

      Thanks & regards,

      Dilip

      Author's profile photo Shawn Tan
      Shawn Tan

      Hi @Dilip Kumar Krishnadev Pandey

      Thanks for the blog. At step "[Step-3] In SAP-PI: Upload ‘Private SSH key' file", may I know why do
      we need to upload it to the directory path ‘/home/<sid>/’ of SAP-PI server? I hope you can advise me. Thanks.
      Regards,
      Shawn
      Author's profile photo Dilip Kumar Krishnadev Pandey
      Dilip Kumar Krishnadev Pandey
      Blog Post Author

      Dear Shawn,

      In Blogs (i.e. in our case), we had managed creation of SSH keys in different system (windows OS system) using tool ‘OpenSSL’, then we had imported into SAP-PI/PO (AEX) server.

      If you (either basis team) can manage creation of SSH keys in SAP-PI/PO (AEX) system itself, then there is no need for upload from external source into directory path ‘/home/<sid>/’.

      Thanks & Regards,

      Dilip Pandey

      Author's profile photo Philippe Addor
      Philippe Addor

      Hi Dilip,

      Me and several other comment writers regarding step 3 basically wonder why we need to save the created private SSH Key in a folder on PO. I assume the converted private SSH key is only required to create the public SSH key (both using the command line tools) in order to provide/store the public key to the SFTP server. But the private key eventually used by the SFTP adapter is the one created in the key store of PO (step 1), that’s why it’s configured in the communication channel under “private key view” and “private key entry”. (It wouldn’t make sense if the configured private key in the keystore would not be used and instead it used one that was uploaded to the /home/<sid> folder…)

      That’s where the confusion comes from. Maybe you have a possibility to test it and let us know if step 3 is really needed. I will try it out too as soon as I have a chance on a system. Besides that, you’re blog is very detailed and very helpful!

      Thanks,

      Philippe

      Author's profile photo Dilip Kumar Krishnadev Pandey
      Dilip Kumar Krishnadev Pandey
      Blog Post Author

      Dear Philippe,

      Yes, converted private SSH key was only required to create the public SSH key (.pub file) using command lines, which we had shared with SFTP-Server.

      In summary, below files were created to find publicSSHKey:

      1. PItoSFTP_Key.p12 (Downloaded from ‘Keystore-View/Entry’ of SAPPI/PO)
      2. PItoSFTP_Key.pem (In Windows using openssl from above file-1)
      3. PItoSFTP_Key.key (In Windows using openssl from above file-2)
      4. PItoSFTP_Key.pub (In SAP-PO using ssh-keygen from above file-3)

      If you see the steps followed by us, it is like:
      [1] In SAP-PI: Create ‘KeyStore View’ and ‘Keystore Entry’ and export it with ‘PKCS#12 Key Pair’ file format having extension ‘.p12’ (e.g. PItoSFTP_Key.p12 )
      [2] In any ‘Windows’ system, create ‘Private SSH key’ from exported SAP-PI’s ‘.p12’ file
      [2.1] Using tool ‘OpenSSL’, create ‘.pem’ key from ‘.p12’ file
      [2.2] Create ‘SSH Private Key’ (e.g. PItoSFTP_Key.key ) from ‘.pem’ key
      [3] In SAP-PI: Upload ‘Private SSH key’ file (PItoSFTP_Key.key file) ‘ into directory path ‘ /home/<sid>/’ 
      [4] In SAP-PI: Generate ‘Public SSH key’ (e.g. PItoSFTP_Key.pub) using ‘ssh-keygen’ from upload key itself

      Thanks & Regards,

      Dilip

      Author's profile photo Philippe Addor
      Philippe Addor

      Hi Dilip,

      Thanks for the feedback. Now I see where the confusion comes from! You write in step 3: “Upload ‘Private SSH key’ file (PItoSFTP_Key.key file) ‘ into directory path ‘ /home/<sid>/’”. I, and other readers probably too, assume that you upload the file to this directory so that PO can use it for the adapter, but that’s not the reason! You upload it there just to use the Linux command line tool “ssh-keygen” to convert that key into the public SSH key. So it’s temporary and has no further usage. That is not so clear in the blog, maybe you could clarify it.

      Furthermore, it’s not always necessary to upload it to the PO server, because basically every Linux , and by the way also Windows 10, system can be used to convert the key (I have “ssh-keygen” available on my Windows 10 PC and did it there). (It's also possible that PO runs on a Windows server, then it might not have ssh-keygen. ) 

      Thanks again for the otherwise helpful blog,

      Philippe

      Author's profile photo Dilip Kumar Krishnadev Pandey
      Dilip Kumar Krishnadev Pandey
      Blog Post Author

      Dear Philippe,

      Yes, the purpose to upload the key was to create public-key using SSH-Key gen tool in SAP-PO.

      If it can be done using windows10, thats ok, we need publicSSH key finally. I will surly check utility of Windows10, as its a new and interesting information for me.

      Thanks & Regards,

      Dilip

      Author's profile photo Philippe Addor
      Philippe Addor

      Hi, the confusion is clarified now I think.  See my other comments. Upload of the private key to PO folder is not necessary except to use the tool ssh-keygen there, if not present anywhere else on an available system.

      Author's profile photo Dilip Kumar Krishnadev Pandey
      Dilip Kumar Krishnadev Pandey
      Blog Post Author

      Dear Philippe,

      Yes, you are right, we had ssh-keygen in SAP-PO server only, so we had uploaded the key into respective dir and created public key.

      Thanks & Regards,

      Dilip

      Author's profile photo Philippe Addor
      Philippe Addor

      One more hint for readers: step 4 can also be done by the freeware tool puttygen (PuTTY Key Generator). Just load the .key file (private SSH key) from step 2 into the tool by choosing "Conversions - import key". The private SSH string required to put into the SFTP server (into the file "authorized_keys") is then displayed in the text box at the top of the tool (copy it from there, don't use "Save public key" as this generates another format).

      Author's profile photo Dilip Kumar Krishnadev Pandey
      Dilip Kumar Krishnadev Pandey
      Blog Post Author

      thanks for the valuable input Philippe..

      Author's profile photo Nagesh Chepuri
      Nagesh Chepuri

      Dear Dilip,

      In blog showing SSF key assignment. Can you please help me out how to create public key and private key for PI?

      Regards,

      Nagesh.

      Author's profile photo Dilip Kumar Krishnadev Pandey
      Dilip Kumar Krishnadev Pandey
      Blog Post Author

      Hi Nagesh,

      Creation and maintenance of SSH private/public key is been given in blog, please go through it.

      There may be many ways for same, blog details are one of the alternative which I had followed.

      Thanks & Regards,

      Dilip

      Author's profile photo Nagesh Chepuri
      Nagesh Chepuri

      Hi Dilip,

      Thanks provided information. Created SSH private key successfully. with online link.

       

      Regards,

      Nagesh.

      Author's profile photo Deb Niladri
      Deb Niladri

      Hi Dilip,

        I want to test an existing interface using filezilla for which i need .ppk file. My i know how i can achieve this?

      Thanks

      Deb

       

      Author's profile photo Deb Niladri
      Deb Niladri

      Hi Philippe,

        i would like to test an existing interface working in production using filezilla. I have the private key entry maintained in NWA as shown below:

      certificate%20store

      certificate store

      To access the SFTP box from filezilla is need .ppk file.

      FileZilla

      FileZilla

      May i know how i can get the .ppk file?

      Regards

      Deb

       

      Author's profile photo Dilip Kumar Krishnadev Pandey
      Dilip Kumar Krishnadev Pandey
      Blog Post Author

      Hi Deb,

      sorry for late reply, I hope, by now, you may have already addressed the issue.

      However, my comments are as: I think you are adopting "Key based Authentication", and for same, you need public SSH-Key (*.pub) file, which can be imported into SFTP-server. Respective steps are given in blog, plz refer, we have used openssl tool to generate keys.

      thanks & Regards.

      Dilip

      Author's profile photo Ajay Somani
      Ajay Somani

      Hi Dilip,

      As I am running into a SFTP session being timed out. Is there a setting in adapter that can enable detail log behind the FTP session?

       

      Currently we are tweaking with increasing the timeout and poll interval parameters to see if this timeout error goes away.

       

      Regards,

      Ajay

      Author's profile photo Dilip Kumar Krishnadev Pandey
      Dilip Kumar Krishnadev Pandey
      Blog Post Author

      Hi Ajay,

      Sorry for very late reply, till now, you may have already addressed the requirement

      XPI_Inspector on channels always helps for detailed logs.

      Regards,

      Dilip

      Author's profile photo Tejas Bangera
      Tejas Bangera

      Hi Dilip,

       

      Thanks for the detailed information, can you tell me if there is a way in using the SFTP server SSH key in SAP PO?

      For example: When a external SFTP server Team provides a SSH-RSA .pub key? is there a way to implement that key in SAP PO?

       

      Thanks & Regards,

      Tejas

      Author's profile photo Dilip Kumar Krishnadev Pandey
      Dilip Kumar Krishnadev Pandey
      Blog Post Author

      Hi Tejas,

      Sorry for the late response.

      • If SAPPO is playing the role to pull/push files from/to SFTP, then we do not need to import external-SFTP's SSH.RSA.pub key into SAPPO.
      • Here, if External-SFTP supports key based authentication, then SAPPO's PublicSSH_Key (.pub) file need to be imported in SFTP server.
      • In SAPPO's SFTP Comm.Channel, we need to select Authentication Method as "Private Key" and user-id of SFTP along with SAPPO's PrivateKey_View

      Thanks & Regards,

      Dilip P.

      Author's profile photo Jonathan Ma
      Jonathan Ma

      Thanks for the blog. I read thru the threads and don't think this question has been asked:

      When running command "openssl pkcs12 -in PItoSFTP_Key.p12 -out PItoSFTP_Key.pem" on Unix/Linux, I got the error "unable to load private key
      140482051856192:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: ANY PRIVATE KEY"

      I think the problem is that NWA exports the P12 private key in RSA format.

      Author's profile photo Dilip Kumar Krishnadev Pandey
      Dilip Kumar Krishnadev Pandey
      Blog Post Author

      Hi Jonathan,

      Yes we had exported private key in PKCS#12 Key Pair format having extension ‘.p12’.

      But same openssl cmd syntax had worked at our side. At your side, just re-try to export the key and run the cmd.

       

      Thanks & Regards,

      Dilip

      Author's profile photo Krish Gopalan
      Krish Gopalan

      We recently patched our SFTP adapter and we get the following error (keyboard interactive)

       

       

      Catching java.lang.UnsupportedOperationException: received authentication request from server which could not be processed

      name=Password authentication; instruction=prompt=

      at com.sap.aii.adapter.sftp.ra.rar.integration.sftp.SSHConnection$MyUserInfo.promptKeyboardInteractive(SSHConnection.java:783)
      at com.jcraft.jsch.UserAuthKeyboardInteractive.start(UserAuthKeyboardInteractive.java:141)
      at com.jcraft.jsch.Session.connect(Session.java:468)
      at com.sap.aii.adapter.sftp.ra.rar.integration.sftp.SSHConnection.<init>(SSHConnection.java:195)
      at com.sap.aii.adapter.sftp.ra.rar.jca.SFTP2XI.getConnection(SFTP2XI.java:1559)
      at com.sap.aii.adapter.sftp.ra.rar.jca.SFTP2XI.sftpConnection(SFTP2XI.java:326)
      at com.sap.aii.adapter.sftp.ra.rar.jca.SFTP2XI.invoke(SFTP2XI.java:250)
      at com.sap.aii.af.lib.scheduler.JobBroker$Worker.run(JobBroker.java:529)
      at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
      at java.security.AccessController.doPrivileged(Native Method)
      at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:185)
      at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:302)

       

      Our patch level is 1000.1.0.5.43.20210728095300. We were on SP5 previously as well, and it worked.. Only it is broken with the new patch. Do we know if SAP changed something?

       

      Is note 1945020 (the only option)? 

      1. Switch off the Keyboard-interactive authentication on the SFTP server. 
      Author's profile photo Bhanuchander Reddy Yandapally
      Bhanuchander Reddy Yandapally

      Hi Krish Gopalan,

      We are facing the same issue. How the issue got resolve ?

      Author's profile photo pujali nath
      pujali nath

      How to configure the ESR for SFTP ? or can we go for with out ESR ?