Query Regarding IFS Cloud IFSCloud Connect Reader

Hi @maheshmuz 

We have successfully created SFTP reader with private key-public key in IFS Cloud. Have you managed to create the knownhost file properly? what’s the error you are getting?

Cheers!

Damith

Thank you for the prompt response. I can successfully connect to SFTP using the known host file from the application. However, when I attempt to use the private key-public key pair, it fails to connect to the SFTP location. Do I need to configure both the known host and the private key in the application?

Here’s a sample SFTP reader configured with key file authentication. Key steps you need to follow are

• Set the Authentication method to Identity file
• Upload the private key file, and knownhost file
• Enter the passpharase for the private key file

Hope it helps!

Damith

This implies that the SFTP reader requires both the known host file and the private key to be uploaded to the SFTP reader configuration to ensure its proper functionality.

Yes it is :)

Have you enabled both password authentication and public key authentication on the SFTP server?

Only the public key authentication is enabled in the SFTP server

how did you generate the known host file using the below query if you disabled password authentication on the SFTP server?

java -cp \ifs-fnd-connect.jar;\jsch-0.1.55.jar ifs.fnd.connect.ftp.SftpClient -CreateKnownHosts=KNOWNHOSTS -hostname=SFTPHOST -username=USERNAME -password=PASSWORD

No, For public key enabled sftp servers, you can’t use this method to generate the knownhost file

It took some time for me to find a way, but found out it can be simply done by using the ssh-keyscan tool in windows.

On the application server, or any server which is whitelisted to access SFTP, use below command to generate the knownhost file. ssh-keyscan is included with windows 10 and above or or any OS with openssh installed.

ssh-keyscan SFTP_HOST > known_hosts.txt

I have added an idea to autogenerate the knownhost file automatically since it is hard with ip restricted SFTP servers to create the knownhost file from outside and it’s been a real pain in IFS managed cloud instances since we don’t have access to IFS infrastructure.

Please upvote the idea to get IFS attention :)

Auto generate knownhost file for SFTP | IFS Community

I have investigated the issue with the SFTP server and determined that we need to add the "PubkeyAcceptedAlgorithms" in the sshd_config file to establish a connection with the SFTP server from the IFS Cloud application using the private key. By doing this, we won't need to enable known host authentication.

PubkeyAcceptedAlgorithms ssh-rsa,rsa-sha2-512
 

Glad that it worked. One thing to note that is, ssh-rsa is deprecated and that’s why the most probable cause for the failing before you change the sshd_config.

Instead of changing the sshd_config, my suggestion is to use SSH2 RSA key pair which is more secure and compatible with later versions of openssh.

Cheers!

Damith

I appreciate your suggestion, and I will take that into consideration. Thank you for your valuable support.

​@dsj 

The IFSCloud application is sending an unmanageable number of SFTP reader requests to the external SFTP server. Is it possible to reduce the frequency of SFTP reads in the IFSCloud SFTP Connect Reader? If so, could you please advise on how to adjust the request frequency?

Thank you for your help and support!

Hi ​@maheshmuz

Poll time for connect readers is fixed for 30 seconds. as far as I know it’s not possible to configure.

Check more under IFS Connect reader architecture

Transport Connectors - Technical Documentation For IFS Cloud

BR,

Damith