on 04-20-2016 8:47 AM
Hi All,
We have integrated our PI application with third party system using SFTP adapter.
We have generated ssh key pairs in Dev environment and shared the public key with vendor.
We are able to connect successfully from our Dev environment.
Now we would like to establish the connection from Prd environment.
Is it required to generate the ssh key pairs again from PRD environment or else can use the already created ssh key pairs in PRD as well?
Kindly provide the inputs.
Regards,
Mahesh
Hi Umesh,
Yes, Username's are the same in both the cases.
Regards,
Mahesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Umesh,
We are using "Dual authentication" method.
Both username/password and Key pairs.
Regards,
Mahesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi All,
We are able to connect to vendor SFTP site using filezilla tool with generated key and username/password.
But we are not able to connect from PI communication channel.
We are getting below error while connecting
"Exception received: com.jcraft.jsch.JSchException: Connection to SFTP server failed. The login credentials provided are incorrect".
Kindly provide the inputs.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Vadim,
Thanks for the reply.
We are using different SFTP server for dev and PRD.
We have shared ssh dev public key with the vendor to maintain in their PRD environment.
They have maintained it. We are able to connect using DEV ssh key pairs in PRD environment uisng filezilla tool to the vendor SFTP site but we are not able to connect from PI communication channel.
We are getting "Exception received: com.jcraft.jsch.JSchException: Connection to SFTP server failed. The login credentials provided are incorrect" error.
Regards,
Mahesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Mahesh ,
Have you installed private key in key store of NWA ?
key generation refer this blog Generating SSH Keys for SFTP Adapters - Type 2 - Process Integration - SCN Wiki
Generating SSH Keys for SFTP Adapters - Type 1 - Process Integration - SCN Wiki
Regards
Umesh
Mahesh,
from error "Exception received: com.jcraft.jsch.JSchException: Connection to SFTP server failed. The login credentials provided are incorrect" error."
might be you are given incorrect login Credentials, which there are used that the time ssh pair installation ,Confirm with your SFTP vendor .
Regards
Umesh
Hi Mahesh,
If you are using same SFTP server for both Dev and Prod ,then no need to generate ssh pair gain .
If you are using different SFTP server then you need to generate ssh pair for Prod.
Refer vadim reply ,he explained in detailed .
Regards
Umesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Mahesh,
If SFTP server used in integration scenario in Development and Production environments is the same, you can potentially re-use already generated SSH key pair. For example, this is a common case when the SFTP server is hosted by a 3rd party, which grants access per customer and does not differentiate between customer's PI environments.
On the other hand, this kind of configuration implies certain security risks: if the key is compromised in Development environment (where granted authorizations are commonly more extensive in comparison to Production), it can be re-used to perform attack on the scenario in Production. Having individual key pairs per environment helps to avoid this sort of problems.
Summarizing all written above, even though technical possibility of re-using same SSH key pair across PI environments can exist, a final decision shall take into account security considerations.
Regards,
Vadim
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
88 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.