Skip to Content
avatar image
Former Member

SFTP connection failure using Private key authentication

Hi Folks,

We are trying to connect the SFTP server of the vendor using the Private key authentication method from SAP PI 7.3 EHP0. We have created Private key and certificate in NWA key storage and has shared the public key with the vendor. They have deployed the same and have provided us the UserID.

When we connect to them using Putty client by loading the public key and then connect using Filezilla client, we are able to connect to the vendor and all their folder structures are getting displayed.

But when we are doing the same using SFTP communication channel, we are getting “auth cancel” error. Attached is the error log screenshot and the receiver SFTP channel screenshot:

Please suggest.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

5 Answers

  • Best Answer
    avatar image
    Former Member
    May 19, 2015 at 02:02 PM

    Hi Guys,

    The issue is now resolved. We have removed the passphrase while generating the SSH key i.e we have generated a new SSH key without using passphrase.

    Thanks for your suggestions.

    Add comment
    10|10000 characters needed characters exceeded

  • May 18, 2015 at 07:59 AM

    If you are able to reach the SFTP server using Username and keys in putty , that means username is valid and third party has placed the keys at right place.

    Ideally in this case it should not throw authentication error.Please check for typo in channel for username or keys.

    Also avoid manually writing the key names in channel and use drop-down, upon which channel will fetch the keys from NWA.

    Add comment
    10|10000 characters needed characters exceeded

    • Hi Monica,

      1) Since you are getting "auth cancel".It means problem is with authentication, means Mismatch of keys.Also since, you are able to test connection from backend PI server using key.Means key uploaded in NWA might be wrong

      2)I have worked with many SFTP channels with key auth.There could not be problem with port or firewall , since it gives "connection refused errror" when that is the case.Also only once the  FW and ports are open the SFTP server will allow you have authenticate on their server.

      3) There are two methods of creating keys.1)By creating them in some tool and use it in PI by uploading them in NWA keystorage 2) By creating the keys in NWA itself and sharing them with third party..Which one did you use? If first method was used, I am afraid you might have uploaded wrong key in NWA and would suggest to upload them again.

      Generating SSH Keys for SFTP Adapters - Type 1 - Process Integration - SCN Wiki

      http://wiki.scn.sap.com/wiki/display/XI/Generating+SSH+Keys+for+SFTP+Adapters+-+Type+2

      These are the two methods using which keys can be created , there are other tools too using which we can give expiry date as well.

  • May 19, 2015 at 01:35 AM

    Hi Monika,

    Ask the SFTP vendor to check the logs when you try to connect using SAP PI. They might have to white-list few IPs.

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi Despande,

      Below are the logs provided to us by our SFTP vendor:

      May 18 05:51:01 cfdevinfa sshd[2269]: debug1: userauth-request for user ****** service ssh-connection method publickey

      May 18 05:51:01 cfdevinfa sshd[2268]: Failed publickey for ****** from 70.***.***.** port ***** ssh2

  • avatar image
    Former Member
    May 19, 2015 at 04:41 AM

    Hi Monika,

    Did you try connecting to the SFTP server from the OS level of your PI system using the keys and the username? If not, try to connect and check.


    Also, you'll need the help of your network infrastructure team to filter the traffic that is going towards the SFTP server and check what command is exactly sent to the SFTP Server.

    Regards

    Charan

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi Charan,

      Yes we had tried connecting using OS level and it gets connected. But we are facing the problem using SFTP adapter.

  • May 19, 2015 at 09:49 AM

    Hi Monika,

    I had the similiar Problem before.

    Please test Telnet the SFTP-Server.

    In my case the Basis guy forgot to release the port 22 in the Firewall.

    Hope it can help u.

    Regards

    Sara

    Add comment
    10|10000 characters needed characters exceeded