Skip to Content
0

HCI --> SFTP connectivity steps in SAP HCI

Jun 14, 2017 at 07:18 AM

996

avatar image

Hi Experts,

In case of SAP HCI --> SFTP & SFTP --> SAP HCI connectivity, if the SFTP server supports User Name/Password based authentication then credentials & directory alone are enough to connect to SFTP server or do we need known_hosts file to deployed in HCI? Kindly help.

Thanks,

Ramu.

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

3 Answers

Best Answer
Sriprasad Shivaram Bhat Jun 14, 2017 at 10:10 AM
0

Hello Ramu,

Agree with Apu.

You can navigate to Deployed Artifacts in Eclipse Tooling ( Tab next to Message Monitoring ) and locate the known_host file,if it is already avaialbe download it and append your required keys.

If not available create a new file and save it to your desktop and follow the below to create the same.

Below will show you sample known_host entry.

how to get entry for known_host file:

Follow the below post it will guide how to generate keys using open SSH( make sure your firewall is not preventing you to access the target server)

https://answers.sap.com/questions/28265/hci-know-hosts-file.html?childToView=43251#answer-43251

Regards,

Sriprasad Shivaram Bhat


Show 3 Share
10 |10000 characters needed characters left characters exceeded

Hi Shivaram,

Thank you for your detailed explanation with snippets :)

But I could not see known_hosts file in the Deployed artifacts as well as Web UI also i.e, I mean known_hosts file is not present by default. Kindly guide me on the steps to create it like the file type[extension of the file] & the tools/softwares required to add the contents to that file?

Thanks,

Ramu

0

Hi Shivaram,

Can I get the RSA public key from SFTP server team & copy it to the contents of known_hosts file instead?

In the contents of known_hosts file which host name should be added to that file either SFTP server host name or HCI runtmie URL?

Thanks,

Ramu.

0

Yes you can add the SFTP server name and manually edit the known_hosts file.

To deploy the same you must have below role to your suser.

Either you must have adminstrator role or Node manager.deploysecuritycontent role.

To know more about roles and how to assign it to your user please refer sap hci help(clearly given in the help document)

Regards,

Sriprasad Shivaram Bhat

0
Sriprasad Shivaram Bhat Jun 14, 2017 at 07:45 AM
0

Hello Ramu,

Although you are using UserName/Password based authentication it is required to update known_hosts file in sap hci with Public Keys of SFTP server.

Regards,

Sriprasad Shivaram Bhat

Show 2 Share
10 |10000 characters needed characters left characters exceeded
Former Member

HI Shivaram,

Once generated the SSH-RSA key and while deploying that key into HCI (WEB-UI), I am getting error message like as below.

Deploy artifact failed with error:

Deployment of content not possible Artifact Artifact[id=747f113d-8b2c-43a7-9ff9-e7f5961464b8, type=SSH_KNOWN_HOSTS, contentSize=372, description=null, tags=[]] of type SSH_KNOWN_HOSTS is not valid. Invalid Known Host entry. Not enough segments in line 1

Please help me on this.

Thanks.

0

Hello Former Member , Have you been able to solve this problem? I get same error :

Invalid Known Host entry. Not enough segments in line 1

thanks

0
Ramu G Jun 14, 2017 at 09:09 AM
0

Hi Shivaram,

I did not to update known_hosts file in SAP HCI with Public Keys of SFTP server. I tried "Test Outbound Connection" after I have given host name & credentials and it throws below error:

Kindly let me know where to locate this "known_hosts" file in HCI. I should request for RSA public key right? after I get that I need to edit the known_hosts file with below format I hope " <SFTP host name> <Algorithm of key> < Public key> " . Please correct me If I am wrong.

Thanks,

Ramu.


sftp-error.png (20.8 kB)
Show 6 Share
10 |10000 characters needed characters left characters exceeded
Former Member

Hi Ramu,

Yes, check security section in WEB UI for deployed artifacts. There you should have one file called Known_hosts. You need to export this from there, need to maintain internal IP and public key of the known_host using key explorer.

Sometimes, known_hosts file might not be there if it is not a trial version of HCI. On that case, you need to create a new one and deploy in your tenant.

Thanks,

Apu

0

Hi Apu,

I checked the security section & came to know that known_hosts file do not exist.

Can you please guide me on how to create known_hosts file i.e., type of the file like .txt etc., & contents of the file would be like "<SFTP server host name> <Algorithm name of public key> <Public key of SFTP server> " and should the contents be edited with help of key store explorer?

Thanks,

Ramu.

hci.jpg (46.2 kB)
0
Former Member
Ramu G

Hi Ramu, Sriprasad has already provided detail explanation on this I guess. Anyway, you can follow Learning 4 section of this blog of Bhavesh to create the txt file using any key generator tool- https://blogs.sap.com/2016/03/31/hci-deciphering-hci-keystore/

please let me know if you still face issue.

Thanks,

Apu

0

Hi Apu,

SFTP server team is ready to provide us with the RSA public key. Can we edit the known_hosts file after I get that & deploy it in HCI ? Since it takes lot of approval to install Cygwin and all in our organization.

Thanks,

Ramu.

0

Hi Apu,

I am trying this in personal laptop & hence I installed Cygwin and executed the command

ssh-keyscan -t rsa <<IPAddress/HostName of SFTP Server>>

But got error as "-bash: ssh-keyscan: command not found.

Thanks,

Ramu.

0

Hi Apu,

Thank you for your reply.

I generated the known_hosts file but unable to deploy that file under "Deployed artifacts" & I get the below error.

Kindly help to get the required role to assign for the user to deploy it.

Thanks,

Ramu.

error.jpg (24.8 kB)
0