cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSH connection key pairs for SFTP adapters

Former Member

on ‎04-20-2016 8:47 AM

0 Kudos

Hi All,

We have integrated our PI application with third party system using SFTP adapter.

We have generated ssh key pairs in Dev environment and shared the public key with vendor.

We are able to connect successfully from our Dev environment.

Now we would like to establish the connection from Prd environment.

Is it required to generate the ssh key pairs again from PRD environment or else can use the already created ssh key pairs in PRD as well?

Kindly provide the inputs.

Regards,

Mahesh

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (6)

Answers (6)

Former Member
‎04-25-2016 10:41 AM
0 Kudos

Hi Umesh,

Yes, Username's are the same in both the cases.

Regards,

Mahesh

Show replies
Show replies
umesh_badveli
Participant
‎04-25-2016 10:48 AM
0 Kudos

Then first try with password authentication  method and then  private key method individually.

in one of these two case there might be a password/username wrong .

Regards

Umesh

Former Member
‎04-25-2016 10:16 AM
0 Kudos

Hi Umesh,

We are using "Dual authentication" method.

Both username/password and Key pairs.

Regards,

Mahesh

Show replies
Show replies
umesh_badveli
Participant
‎04-25-2016 10:26 AM
0 Kudos

Hi Mahesh

Let me know one thing , user name we are using to SFTP sever using FileZilla and for private key authentication User name are same ?

Regards

Umesh

Former Member
‎04-25-2016 9:57 AM
0 Kudos

Hi All,

We are able to connect to vendor SFTP site using filezilla tool with generated key and username/password.

But we are not able to connect from PI communication channel.

We are getting below error while connecting

"Exception received: com.jcraft.jsch.JSchException: Connection to SFTP server failed. The login credentials provided are incorrect".

Kindly provide the inputs.

Show replies
Show replies
umesh_badveli
Participant
‎04-25-2016 10:10 AM
0 Kudos

Hi Mahesh

What is your authentication method?

Regards

Umesh

former_member186851
Active Contributor
‎04-25-2016 10:17 AM
0 Kudos

Hello Mahesh,

check the password .might be a typo error.

Former Member
‎04-20-2016 9:45 AM
0 Kudos

Hi Vadim,

Thanks for the reply.

We are using different SFTP server for dev and PRD.

We have shared ssh dev public key with the vendor to maintain in their PRD environment.

They have maintained it. We are able to connect using DEV ssh key pairs in PRD environment uisng filezilla tool to the vendor SFTP site but we are not able to connect  from PI communication channel.

We are getting "Exception received: com.jcraft.jsch.JSchException: Connection to SFTP server failed. The login credentials provided are incorrect" error.

Regards,

Mahesh

Show replies
Show replies
umesh_badveli
Participant
‎04-20-2016 9:55 AM
0 Kudos

Hi Mahesh ,

Have you installed private key in key store of NWA ?

refer this blog

key generation refer this blog Generating SSH Keys for SFTP Adapters - Type 2 - Process Integration - SCN Wiki

Generating SSH Keys for SFTP Adapters - Type 1 - Process Integration - SCN Wiki

Regards

Umesh

apu_das2
Active Contributor
‎04-20-2016 9:57 AM
0 Kudos

Hi Mahesh,

As your server is different in PROD please create your SSH public key separately and share with SFTP vendor.

Thnaks,

Apu

umesh_badveli
Participant
‎04-20-2016 10:37 AM
0 Kudos

Mahesh,

from error "Exception received: com.jcraft.jsch.JSchException: Connection to SFTP server failed. The login credentials provided are incorrect" error."

might be you are given  incorrect login Credentials, which there are used that the time ssh pair installation ,Confirm with your SFTP vendor .

Regards

Umesh

umesh_badveli
Participant
‎04-20-2016 9:33 AM
0 Kudos

Hi Mahesh,

If you are using same SFTP server for both Dev and Prod ,then no need to generate ssh pair gain .

If you are using  different SFTP server then you need to generate ssh pair for Prod.

Refer vadim reply ,he explained in detailed .

Regards

Umesh

Show replies
Show replies
vadimklimov
Active Contributor
‎04-20-2016 9:11 AM
0 Kudos

Hi Mahesh,

If SFTP server used in integration scenario in Development and Production environments is the same, you can potentially re-use already generated SSH key pair. For example, this is a common case when the SFTP server is hosted by a 3rd party, which grants access per customer and does not differentiate between customer's PI environments.

On the other hand, this kind of configuration implies certain security risks: if the key is compromised in Development environment (where granted authorizations are commonly more extensive in comparison to Production), it can be re-used to perform attack on the scenario in Production. Having individual key pairs per environment helps to avoid this sort of problems.

Summarizing all written above, even though technical possibility of re-using same SSH key pair across PI environments can exist, a final decision shall take into account security considerations.

Regards,

Vadim

Show replies
Show replies
Ask a Question