Skip to main content

I am currently in the midst of testing the IFS Cloud IFS Connect Reader using SFTP. While I have conducted several successful tests with the known host file, I have encountered an issue when using the private key-public key pair. I am unsure whether this is a bug in the application or if someone has successfully used the private key to read an SFTP location via the IFSCloud Connect Reader. I would greatly appreciate any insights or comments on this matter.

Hi @maheshmuz 

 

We have successfully created SFTP reader with private key-public key in IFS Cloud. Have you managed to create the knownhost file properly? what’s the error you are getting?

 

Cheers!

Damith


Thank you for the prompt response. I can successfully connect to SFTP using the known host file from the application. However, when I attempt to use the private key-public key pair, it fails to connect to the SFTP location. Do I need to configure both the known host and the private key in the application?


Here’s a sample SFTP reader configured with key file authentication. Key steps you need to follow are

  • Set the Authentication method to Identity file
  • Upload the private key file, and knownhost file
  • Enter the passpharase for the private key file

 

 

Hope it helps!

Damith


This implies that the SFTP reader requires both the known host file and the private key to be uploaded to the SFTP reader configuration to ensure its proper functionality.


This implies that the SFTP reader requires both the known host file and the private key to be uploaded to the SFTP reader configuration to ensure its proper functionality.

 

Yes it is :)


Have you enabled both password authentication and public key authentication on the SFTP server?


Have you enabled both password authentication and public key authentication on the SFTP server?

 

Only the public key authentication is enabled in the SFTP server


how did you generate the known host file using the below query if you disabled password authentication on the SFTP server?

java -cp \ifs-fnd-connect.jar;\jsch-0.1.55.jar ifs.fnd.connect.ftp.SftpClient -CreateKnownHosts=KNOWNHOSTS -hostname=SFTPHOST -username=USERNAME -password=PASSWORD


how did you generate the known host file using the below query if you disabled password authentication on the SFTP server?

java -cp \ifs-fnd-connect.jar;\jsch-0.1.55.jar ifs.fnd.connect.ftp.SftpClient -CreateKnownHosts=KNOWNHOSTS -hostname=SFTPHOST -username=USERNAME -password=PASSWORD

 

No, For public key enabled sftp servers, you can’t use this method to generate the knownhost file

It took some time for me to find a way, but found out it can be simply done by using the ssh-keyscan tool in windows.

On the application server, or any server which is whitelisted to access SFTP, use below command to generate the knownhost file. ssh-keyscan is included with windows 10 and above or or any OS with openssh installed.

 

ssh-keyscan SFTP_HOST > known_hosts.txt

 

I have added an idea to autogenerate the knownhost file automatically since it is hard with ip restricted SFTP servers to create the knownhost file from outside and it’s been a real pain in IFS managed cloud instances since we don’t have access to IFS infrastructure.

Please upvote the idea to get IFS attention :)

Auto generate knownhost file for SFTP | IFS Community


I have investigated the issue with the SFTP server and determined that we need to add the "PubkeyAcceptedAlgorithms" in the sshd_config file to establish a connection with the SFTP server from the IFS Cloud application using the private key. By doing this, we won't need to enable known host authentication.


PubkeyAcceptedAlgorithms ssh-rsa,rsa-sha2-512
 


I have investigated the issue with the SFTP server and determined that we need to add the "PubkeyAcceptedAlgorithms" in the sshd_config file to establish a connection with the SFTP server from the IFS Cloud application using the private key. By doing this, we won't need to enable known host authentication.


PubkeyAcceptedAlgorithms ssh-rsa,rsa-sha2-512
 

 

Glad that it worked. One thing to note that is, ssh-rsa is deprecated and that’s why the most probable cause for the failing before you change the sshd_config.

Instead of changing the sshd_config, my suggestion is to use SSH2 RSA key pair which is more secure and compatible with later versions of openssh.

 

Cheers!

Damith


I appreciate your suggestion, and I will take that into consideration. Thank you for your valuable support.


Reply