Question

IFS Cloud Connect Sender using sftp

  • 17 April 2024
  • 2 replies
  • 86 views

Userlevel 5
Badge +11

Hello,

we are using connect sender using sftp. We have PassPhase thru which we are able to connect to bank using firezilla (bank host name/login).

But we are not able to create 

  1. Knownhost file. While creating knownhost file with following command
  2. ”java -cp C:\ifs\jars\ifs-fnd-connect.jar;C:\ifs\jars\jsch-0.1.55.jar ifs.fnd.connect.ftp.SftpClient -CreateKnownHosts=C:\ifs\xxx_knownhosts05042024.txt -hostname=ecom-sftp.xxx.com -username=xxxxx_28244 -password=xxxxxxpublic -port=10022, its going to bank but then gives us following error “
  3. com.jcraft.jsch.JSchException: Auth fail

            at com.jcraft.jsch.Session.connect(Session.java:519)

            at com.jcraft.jsch.Session.connect(Session.java:183)

            at ifs.fnd.connect.ftp.SftpClient.createKnownHostsFile(SftpClient.java:458)

            at ifs.fnd.connect.ftp.SftpClient.main(SftpClient.java:433)”

  4. On Configuring via PassPhase via application, while sending data were are getting following error message”ExecutionException from Sender thread Caused by: ifs.fnd.connect.senders.ConnectSender$TemporaryFailureException: Error during file sending Caused by: com.jcraft.jsch.SftpException: User XXXXXXXX_XXXX is not allowed to execute this SFTP command because of policy  XXXXX_SFTP_IBOB_CMD_LIMITING.

Can any one suggest on the same. also i guess its the put and get command which goes using SFTP.

 

regards

Pankaj

 


2 replies

Userlevel 4
Badge +9

Hi Pankaj,

How I understood IFS is that JSCH is SSH library IFS is using to connect to your SFTP server. 

Every SFTP server has a key which usually gets send over to the client and gets then stored onto your machine so if the sftp server changes that you will get a notice, “hey. the server you are connecting to is not having the same key anymore” 

 

So you can get the key also in other ways. 

For example on a mac or linux machine you can run a little script to get the key

ssh-keyscan -t ecdsa -p "$port" -H "$host" | sed "s/^.*ecdsa-sha2-nistp256 /\[${host}]:${port}\ ecdsa-sha2-nistp256 /" 

 

you do not even need the password for this as the server is just exchanging this key the first time you connect. 

Usually an application like winscp is showing you the key, the first time you connect to the server

https://winscp.net/eng/docs/ssh_verifying_the_host_key

You can copy this key into a simple text file and upload it to IFS 

 

Userlevel 7
Badge +21

Hi @paguin

 

Creating the knownhost file using the IFS utilities is not possible when the SFTP uses identity file authentication.

What contains in the knownhost file is the public key of the sftp server, so it’s not a must to use IFS tools to obtain that.

You can get the key any preferred way @kvbe mentioned, and save as the knownhost file.

One thing I’d like to add is that the ssk-keyscan utility is available in windows 10, windows server 2019 upwards😉

My lazy way of generating the knownhost file is using following command in windows command prompt

ssh-keyscan YOUR_SFTP_HOST -p SFTP_PORT > known_hosts.txt

 

Hope it helps!

Damith

Reply