SFTP

Password Authentication Versus Key Pair Based Authentication

All the SFTP components support both password-based and key pair-based authentication without password.

In conventional password authentication, you prove you are who you claim to be by proving that you know the correct password. The only way to prove you know the password is to tell the server what you think the password is. This means that if the server has been hacked, or spoofed, an attacker can learn your password.

Key Pair authentication solves this problem. You generate a key pair, consisting of a public key (which everybody is allowed to know) and a private key (which you keep secret and do not give to anybody). The private key is able to generate signatures. A signature created using your private key cannot be forged by anybody who does not have that key, but anybody who has your public key can verify that a particular signature is genuine.

So you generate a key pair on your own computer, and you copy the public key to the server under a certain name. Then, when the server asks you to prove who you are, WinSCP can generate a signature using your private key. The server can verify that signature (since it has your public key) and allow you to log in. Now if the server is hacked or spoofed, the attacker does not gain your private key or password. They only gain one signature. And signatures cannot be re-used, so they have gained nothing.

Note: While using key pair authentication, the private key file path has to be populated in the SFTP component that is invoked. If password based authentication is used, the password field has to be populated while the private key file is left blank. This applies for all SFTP components listed below.

Components Supported by iwsftp

This section lists components that are supported by iwsftp.

Listener of type SFTP. A listener that uses the SFTP protocol component and is continuously polling the specified folder on the SFTP server (machine that supports OpenSSH FTP).
Emitter of type SFTP. The SFTP Emitter will emit messages onto an SFTP server. It requires the credentials on the server and the directory to emit as input.
Agents.
Below are three types of SFTP Agents:
- com.ibi.agents.XDSFTPReadAgent. The SFTP Read agent is used to read files from an SFTP server (drive on UNIX or Windows). It can also be used in tandem with a file listener to embed file contents (the file picked up by the listener) into the xml file read from the SFTP drive by specifying the tag.
- com.ibi.agents.XDSFTPEmitAgent. SFTP Emit Agent is used to write files to an output directory through SFTP (drive on UNIX or Windows). The output file name can be specified completely or using wildcard characters.
- com.ibi.agents.XDSFTPOpsAgent. The SFTP Ops Agent stands for SFTP operations. Emits using SSH protocol to a given host<:port> using various common SFTP commands. It can be used to perform operations, such as Copy, Prepend, Append, Size, Move, and so on.

Configuring the SFTP Listener

This section describes how to configure the SFTP listener.

The following table lists and describes the procedure for the SFTP Listener.

Property Name

Property Description

Host Name (required)

The name of host machine where listener contacts the service to obtain requests from.

Remote Port (required)

The port to connect to on the SFTP site, blank for default port 22

Input Path

The directory with optional pattern on SFTP host from which to retrieve files. A specific file name or DOS-style pattern) can be used. Do not use suffix in.

Include Symbolic Links (required)

If set to true, then the SFTP listener processes the symbolic links.

Include Hidden Files (required)

If set to true, then the SFTP listener processes the hidden files.

Destination Directory

The directory on SFTP host to return responses to.

Data, Signal or Streaming (required)

Determines how the input will be processed by the SFTP listener. Select one of the following options from the drop-down list:

Data. The data file will be retrieved from the SSH server and maintained in memory while processed by the listener.

Signal. The data file will be retrieved from the SSH server and stored locally. A signal document will be generated by the listener.
Note: If Signal is set, then a value for the Local Store Directory parameter must be provided.

Streaming. A connection will be opened with the SSH server and data from the file will be retrieved and processed by the listener as required.

Local Store Directory

The directory on the iWay server where files are saved. You must specify a directory path only if the Payload Type parameter is set to Signal.

Remove locally stored files

If set to true, the FTP listener deletes the file stored locally after it is processed. This parameter requires a directory path to be specified for the Local Store Directory parameter.

Pending Queue

The directory to hold documents which are to be retried later.

Suffix In Filter

This limits input files to those with these extensions. For example, enter "XML,in" to accept files with extensions "xml" and "in". Note that this is not case-sensitive. Do not use a period (.), use a dash (-) to mean no extension, or an asterisk (*) to mean any.

Duration

The maximum time that a document can remain in the retry pending queue.

Retry

The interval between retrying pending requests

Do not unzip ZIP files

This passes ZIP files as a single file for processing (requires ACCEPT FLAT turned on).

Bad File List

This maintains a list of files with errors, preventing them from being re-accessed. If set to true, the files will not be retried.

Delete After Read

This determines whether to delete the file after it is read. If set to true, the file is deleted by the listener. If set to false, the file will not be deleted by the listener.

File Protect

This emits a temporary name and then renames it to the desired name.

Security

User Name

The user ID on the SFTP server.

Password

The user password on the SFTP server.

Private Key

The path to the private key file for public-key authentication.

Passphrase

The passphrase used to protect the Private Key

Other

Whitespace Normalization

Specifies how the parser treats whitespace in element objects. Select preserve (default) to turn off all normalization as prescribed by the XML Specification. Select condense to remove extra whitespaces in pretty printed documents and for compatibility with earlier versions.

Accepts non-XML (flat) only

If set to true, the listener expects flat (non-XML). Automatic parsing is not performed.

Optimize Favoring

Use this when the selection of memory is useful for large input document

Multithreading

The number of documents that can be processed in parallel

Execution Time Limit

The time limit for document execution (in seconds) before it is cancellation is attempted. (Also see system property kill interval. This applies to agent stacks and sets a lower limit for process flows.)

Polling Interval

The interval at which to check for new input

Default Java File Encoding

The default encoding if incoming message is not self-declaring (that is, XML)

Agent Precedence

This changes the order by which the engine selects agents. Normally the document overrides the listener. This is used to manage iWay documents

Always reply to listener default

If set to true, the default reply definition is used in addition to the defined replies

Error Documents treated normally

If set to true, the error documents will get processed by any configured pre-emitters

Listener is Transaction Manager

If set to true, the agents run within a local transaction managed by the listener

Record in Activity Log(s)

If set to true, the activity on this channel will be recorded in the activity logs. If set to false, the activity will not be recorded.

Property Name	Property Description
Host Name (required)	The name of host machine where listener contacts the service to obtain requests from.
Remote Port (required)	The port to connect to on the SFTP site, blank for default port 22
Input Path	The directory with optional pattern on SFTP host from which to retrieve files. A specific file name or DOS-style pattern) can be used. Do not use suffix in.
Include Symbolic Links (required)	If set to true, then the SFTP listener processes the symbolic links.
Include Hidden Files (required)	If set to true, then the SFTP listener processes the hidden files.
Destination Directory	The directory on SFTP host to return responses to.
Data, Signal or Streaming (required)	Determines how the input will be processed by the SFTP listener. Select one of the following options from the drop-down list: Data. The data file will be retrieved from the SSH server and maintained in memory while processed by the listener. Signal. The data file will be retrieved from the SSH server and stored locally. A signal document will be generated by the listener. Note: If Signal is set, then a value for the Local Store Directory parameter must be provided. Streaming. A connection will be opened with the SSH server and data from the file will be retrieved and processed by the listener as required.
Local Store Directory	The directory on the iWay server where files are saved. You must specify a directory path only if the Payload Type parameter is set to Signal.
Remove locally stored files	If set to true, the FTP listener deletes the file stored locally after it is processed. This parameter requires a directory path to be specified for the Local Store Directory parameter.
Pending Queue	The directory to hold documents which are to be retried later.
Suffix In Filter	This limits input files to those with these extensions. For example, enter "XML,in" to accept files with extensions "xml" and "in". Note that this is not case-sensitive. Do not use a period (.), use a dash (-) to mean no extension, or an asterisk (*) to mean any.
Duration	The maximum time that a document can remain in the retry pending queue.
Retry	The interval between retrying pending requests
Do not unzip ZIP files	This passes ZIP files as a single file for processing (requires ACCEPT FLAT turned on).
Bad File List	This maintains a list of files with errors, preventing them from being re-accessed. If set to true, the files will not be retried.
Delete After Read	This determines whether to delete the file after it is read. If set to true, the file is deleted by the listener. If set to false, the file will not be deleted by the listener.
File Protect	This emits a temporary name and then renames it to the desired name.
Security
User Name	The user ID on the SFTP server.
Password	The user password on the SFTP server.
Private Key	The path to the private key file for public-key authentication.
Passphrase	The passphrase used to protect the Private Key
Other
Whitespace Normalization	Specifies how the parser treats whitespace in element objects. Select preserve (default) to turn off all normalization as prescribed by the XML Specification. Select condense to remove extra whitespaces in pretty printed documents and for compatibility with earlier versions.
Accepts non-XML (flat) only	If set to true, the listener expects flat (non-XML). Automatic parsing is not performed.
Optimize Favoring	Use this when the selection of memory is useful for large input document
Multithreading	The number of documents that can be processed in parallel
Execution Time Limit	The time limit for document execution (in seconds) before it is cancellation is attempted. (Also see system property kill interval. This applies to agent stacks and sets a lower limit for process flows.)
Polling Interval	The interval at which to check for new input
Default Java File Encoding	The default encoding if incoming message is not self-declaring (that is, XML)
Agent Precedence	This changes the order by which the engine selects agents. Normally the document overrides the listener. This is used to manage iWay documents
Always reply to listener default	If set to true, the default reply definition is used in addition to the defined replies
Error Documents treated normally	If set to true, the error documents will get processed by any configured pre-emitters
Listener is Transaction Manager	If set to true, the agents run within a local transaction managed by the listener
Record in Activity Log(s)	If set to true, the activity on this channel will be recorded in the activity logs. If set to false, the activity will not be recorded.

Note: The SFTP listener supports streaming. Streaming is used for large documents or documents for which the application needs to split the input into sections under the same transaction. For more information on streaming and configuring streaming preparsers, see the iWay Service Manager Component and Functional Language Reference Guide.

Name	Level	Type	Description
iwayconfig	System	String	The current active configuration name.
msgsize	Document	Integer	The physical length of the message payload.
name	System	String	The assigned name of the master (listener).
protocol	System	String	The protocol on which the message was received.
source	Document	String	The full name of the input file.
tid	Document	String	Unique transaction ID.

Property Name	Property Description
Destination	The absolute path of the file which is being emitted at the name of the SFTP server. For instance, if the file needs to be emitted to a machine sftpsrv on the directory /home/org and the file is to be saved as out[1..9].xml then the value of this field would be /home/org/out*.xml@sftpsrv as shown above.
User Name	The user name on the SFTP server that has read and write access to the directory entered in the Input Path field.
Password	The password for user account to use when connecting to protocol host.
Private Key	The SSH private Key file used for server authentication (required is password is omitted).
Pass Phrase	The SSH Passphrase used when Private Key was generated (optional).
Move To	The directory to which the file is to be moved after it is emitted.
File Protect	Emits a temporary name and then renames it to the desired name.

Property Name	Property Description
File Name	The special register namespace into which protocol headers from the incoming request will be saved.
File Name not a Document Tag	The special register namespace from which protocol headers for the outbound response will be taken.
Enclose Tag	The name of the tag in which to enclose data read. If omitted, no entagging. If used, output is XML.
Base Path	The optional directory to be used if incoming name is not absolute.
Input Data Format	The format of the input data, default is flat.
Transfer Type	For non-XML, this parameter sets the transfer type.
Host Name	The name of the SFTP server to connect.
Remote Port	The port to connect to on the SFTP site, blank for default port 22.
User Name	The username on the SFTP server through which files are emitted.
Password	The password for user account to use when connecting to protocol host.
Private Key	The SSH Private Key file used for server authentication (required is password is omitted).
Pass Phrase	The SSH Passphrase used when Private Key was generated (optional).
Encoding	The character set encoding to be performed on the input.
Delete After Read	The flag to show whether to delete the file after the read.

Property Name	Property Description
Host Name	The DNS name (or IP address) of the SFTP server that you want to connect to.
Remote Port	The port number used to connect to the SFTP site, blank for default port 22.
User Name	The user ID on the SFTP server.
Password	The user password on the SFTP server.
Private Key	The path to the private key file for public-key authentication.
Pass Phrase	The pass phrase used to protect the private key.
Remote Site Folder	The folder or directory on the SFTP site that you want to use as a starting location when you connect. A blank value defaults to the login directory.
File Protect	This emits a temporary name and then renames it to the desired name.
File Pattern	This specifies the output file pattern to be used.
Retry Interval	The retry interval in seconds (allows for xxhxxmxxs format). Omit or use 0 for no retry.
Return	Select one of the following values: Status. The status document will be the output document. Input. The input document will be the output document.