SFTP Sending - “Parameters” -> “Source”

In this section, the parameters to set the server files to be collected and the connection and transfer data of the SFTP server are defined.

“File Access Parameters”

These parameters define the location and name of the files that the channel must collect from the SFTP server in the different polls.

Source directory: Defines the path where the channel will try to read the files. Full paths (starting with “/”) or relative paths in relation to the configured home for the SFTP server user (starting with “.”) can be defined. (Without placeholders)

File Name: Placeholders (? I *) can be used. The file name can only contain the following characters [“.”,”_”,”-”,”[A-Z][a-z]”,”0-9”,”,”,”ñÑ”].

Advanced Source File Selection: Advanced file selection can be activated with the following parameters:

• Exclusion Mask: The files that complies with the “File Name” mask and the “Exclusion Mask” will not be read by the adapter.

• Table to define multiple source directories: More files from other directories can be selected, following the same casuistry previously explained (“File Name” and “Exclusion Mask” masks).

  • Directory: Path where the channel will query the files (without placeholders).

  • File Name Mask: Mask to define the file names to be read by the channel. Placeholders are allowed (* i ?).

  • Exclusion Mask: Mask to define the file names to be excluded from the file list of files complying with the “File Name Mask”. Placeholders are allowed (* i ?).

In the adapter, can be defined a digital signature and a checksum file (hash) for the file to be processed. This functionality can be defined with the followings parameters.

Signature file: When this check is activated it is possible to select the file containing the XML Signature (digital signature) of the processed file. The signature file must exist so the file can be processed. If the signature file does not exist, the file processing will not take place, showing an error in the channel. The default value is “not selected”.

• Signature file name scheme: File name scheme of the XML Signature associated to the file. The special characters allowed are:

  • %f: File name

  • %fwoe: File name without extension

  • Verify Signature file: This check indicates that when the file is processed, the signature file must be validated. If the signature is invalid, the file processing will not take place. The default value is “selected”.

Checksum file: When this check is activated it is possible to select the file containing the checksum of the processed file. The checksum file must exist so the file can be processed. If the checksum file does not exist, the file processing will not take place, showing an error in the channel. The default value is “not selected”.

• Checksum file name scheme: File name scheme of the checksum file associated to the file. The special characters allowed are:

  • %f: File name

  • %fwoe: File name without extension

• Verify Checksum file: This check indicates that when the file is processed, the checksum file must be validated. If the hash is invalid, the file processing will not take place. The default value is “selected”.

  • Checksum Algorithm: Reports the used algorithm to generate the checksum. Supported algorithms are:

    • MD5

    • RIPEMD160

    • SHA1

    • SHA256

    • SHA384

    • SHA512

“SFTP Connection Parameters”

Parameter list, to be report in the channel, to configure the server access and the file transfer.

The following configurable options can be defined:

• SFTP server data (machine and port)

• “Timeout” for the connections, meaning the inactivity time of these connections.

• Proxy data, if the SFTP server connects through it. The proxy types supported by the adapter are HTTP, SOCKS4 and SOCKS5. Basic authentication data (user/password) for these proxies can be defined.

• If the SFTP server fingerprint should be validate or not. Validation consist of checking if the public key send by the SFTP server is accepted for the server machine in SAP NW PI. To do that, the Avvale SFTP adapter check if the file “<user_home_<SID>adm_user>/known_hosts_PI_SFTP” of SAP NW PI contains an entry for the SFTP server machine with the public key encoded in base64. The line structure of the file is:

•  

  • <Host del SFTP server>,<IP host del SFTP server>

  • type of public key (ssh-rsa or ssh-dss) depending on if it is RSA or DSA

  • public key encoded in base64 (is the file body with the SSH.com type public key).

    
    
    

An example of one line of the file to accept SFTP server connections which machine is “sftp-server-test” with IP “10.2.4.10” and a RSA type public key would be,

sftp-server-test,10.2.4.10 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAt60CtjBMxiOOqgqfFtKZHY3g99uZpuh5E143FTO4dw+EHWNKemoWq59FMFMIZfSLyUpWmsjVT3PP1bczOXP1OSn967kxLB/w7Xr84B1ZrTLwuR/ilq73HpgO7A8pdEJN7ybprzhs5CBEgaLQo2pOxfqRYyc8TO2ADnZ1WwtjW48=

• Authentication data against the SFTP server. The adapter supports password authentication (user/password), private key authentication, and private key and password authentication. To use an authentication mechanism based on private key, this key must be stored in the file system of SAP NW PI. The private key must be a RSA or DSA key reported in a private key file with one of the following formats:

  • OpenSSH → Private key file beginning with:

    • -----BEGIN DSA PRIVATE KEY-----

• SSH.com → Private key file beginning with:

  • ---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----

• PuTTY → Private key file beginning with:

  • PuTTY-User-Key-File-2:

This file may or may not be protected by “passphrase”.

• Connection mode used by the adapter. It defines by configuration if the SFTP connections for the channel are permanently set (there is always an open connection for the channel and all files are transfer through this connection) or they are individually set for each file transfer (a connection is opened for each file transfer).

• Transfer mode of the files. The transfer mode can be binary or ASCII.

• Activate the throttling to control the network bandwidth in file transfers. If the files to be transferred by the channel can cause congestion of the network or for security in environments with limited bandwidth networks, the bandwidth to be used by the channel can be limited by activating this option and defining the bandwidth limit.

• Activate the information compression. There are SFTP servers that allow to receive compressed files to be transferred, which are compressed using the algorithm zlib. If the server connected to the channel has this option enabled, the Avvale SFTP adapter allows to activate the option in the channel so the contents of the files could be sent compressed.

The parameters to define these functional aspects are:

Server: Name or IP address of the SFTP server.

Port: Port for the SFTP connection (22 by default).

Timeout(secs): Number of seconds that an established connection can remain inactive before closing. By default, the adapter sets a timeout of 1 minute.

View Proxy: If this flag is activated, the connection against the SFTP server will be done through a proxy. Therefore, it shows the parameters to configure this connection. If the flag is not activated, the connection against the SFTP server will be direct.

Proxy Type: Allow to define the proxy type against it is connected. Supported proxy types are:

• HTTP

• SOCKS v.4

• SOCKS v.5

Proxy Host: Name or IP address of the proxy.

Proxy Port: Proxy port.

View Proxy User Authentication: If this flag is activated, “Proxy User” and “Proxy Password” fields are obligatory. If this flag is not activated, the connection with the proxy will be done without authentication.

Proxy User: Proxy connection user.

Proxy Password: Password of the user above for the proxy connection.

Activate Server Fingerprint Validation: If this flag is activated, the adapter will verify that the SFTP server public key is in the “known hosts” file of SAP NW PI. If it is found, the connection will be established; if not, it will throw an error. If this flag is not activated, the adapter will not verify the SFTP server footprint, it will acept it and the connection will be established.

Authentication Mode: Authentication mode with the following options:

• By Password: User and password.

• By Public Key: User and private key.

• By Public Key and Password: User, password and private key.

User Name: SFTP username.

Password: SFTP user password. (For authentication “By Password” or “By Public Key and Password”).

Private Key File Directory: Directory of the SAP NW PI server where the file with the user private key is. (Para autenticación “By Public Key” o “By Public Key and Password”).

Private Key File Name: File name with the user private key. (For authentication “By Public Key” or “By Public Key and Password”).

Passphrase: Private key password if it is encrypted. (For authentication “By Public Key” or “By Public Key and Password”).

Connect Mode: Represents how to connect to the SFTP server. Possible modes are:

• Permanently: (By default) A permanent connection is established with the channel. All transfers will use this connection.

• Per File Transfer Mode: A new connection is established for each file transfer.

Transfer Mode: File transfer mode. Possible values are:

• Binary: (By default) Binary transfer.

• Text: ASCII mode transfer.

Use Throttling: If this flag is activated, the bandwidth will be limited according to the value defined in the “Bandwidth to Limit (Kbps)” parameter.

Bandwidth to Limit (Kbps): Bandwidth limit to be used in data transfer. It is measured in Kbps (kilobits per second) and it is an obligatory field if throttling was activated.

Use Data Compression (with zlib alg.): If this flag is activated, the transferred content will be compressed in the adapter using the zlib compression algorithm.